Re: Packet pointer invalidation and subprograms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 6, 2024 at 9:42 AM Andrii Nakryiko
<andrii.nakryiko@xxxxxxxxx> wrote:
>
>
> Or, *importantly*, if user anticipates that "freplace-ment" BPF
> program for such subprog might need to invalidate packet pointers, but
> the default subprog implementation doesn't actually call any of those
> special helpers, user can just explicitly say that "yes, this subprog
> should be treated as such that invalidates pkt pointers". With your
> approach there is no way to even express this, unless you hack default
> subprog implementation to intentionally have reachable
> pkt-invalidating helper, but not really call it at runtime.

Exactly.
This artificial issue can be easily solved without tags.
The nop subprog can have an empty call to bpf_skb_pull_data(skb, 0).
And it will be much more obvious to anyone reading the C code
instead of a magic tag.

> No, it's not. It's conceptually absolutely the same. Verifier can
> derive that global subprog arg has to be a trusted pointer. It's just
> that with pkt invalidation it's trivial enough to detect (crudely and
> eagerly, but still) in check_cfg(), while for trusted pointers you
> can't take this shortcut.

Not really. We only introduced the following tags:
__arg_ctx
__arg_trusted
__arg_arena
because the verifier cannot infer them.
We are _not_ going to introduce __arg_dynptr as we argued in the past.
Anything that can be expressed via normal C should stay in C.





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux