> On Nov 14, 2019, at 3:01 PM, Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Thu, Nov 14, 2019 at 10:55:37PM +0000, Song Liu wrote:
>>
>>
>>> On Nov 14, 2019, at 10:57 AM, Alexei Starovoitov <ast@xxxxxxxxxx> wrote:
>>>
>>> Annotate BPF program context types with program-side type and kernel-side type.
>>> This type information is used by the verifier. btf_get_prog_ctx_type() is
>>> used in the later patches to verify that BTF type of ctx in BPF program matches to
>>> kernel expected ctx type. For example, the XDP program type is:
>>> BPF_PROG_TYPE(BPF_PROG_TYPE_XDP, xdp, struct xdp_md, struct xdp_buff)
>>> That means that XDP program should be written as:
>>> int xdp_prog(struct xdp_md *ctx) { ... }
>>>
>>> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
>>>
>>
>> [...]
>>
>>> + /* only compare that prog's ctx type name is the same as
>>> + * kernel expects. No need to compare field by field.
>>> + * It's ok for bpf prog to do:
>>> + * struct __sk_buff {};
>>> + * int socket_filter_bpf_prog(struct __sk_buff *skb)
>>> + * { // no fields of skb are ever used }
>>> + */
>>> + if (strcmp(ctx_tname, tname))
>>> + return NULL;
>>
>> Do we need to check size of the two struct? I guess we should not
>> allow something like
>>
>> struct __sk_buff {
>> char data[REALLY_BIG_NUM];
>> };
>> int socket_filter_bpf_prog(struct __sk_buff *skb)
>> { /* access end of skb */ }
>
> I don't think we should check sizes either. Same comment above applies. The
> prog's __sk_buff can be different from kernel's view into __sk_buff. Either
> bigger or larger doesn't matter. If it's accessed by the prog the verifier will
> check that all accessed fields are correct. Extra unused fields (like char
> data[REALLY_BIG_NUM];) don't affect safety.
> When bpf-tracing is attaching to bpf-skb it doesn't use bpf-skb's
> __sk_buff with giant fake data[BIG_NUM];. It's using kernel's __sk_buff.
> That is what btf_translate_to_vmlinux() in patch 17 is doing.
I see. Thanks for the pointer.
Song
