On 8/18/20 2:33 PM, Andrii Nakryiko wrote:
Add BPF program code sanitization pass, replacing calls to BPF
bpf_probe_read_{kernel,user}[_str]() helpers with bpf_probe_read[_str](), if
libbpf detects that kernel doesn't support new variants.
I know this has been merged. The whole patch set looks good to me.
A few nit or questions below.
Signed-off-by: Andrii Nakryiko <andriin@xxxxxx>
---
tools/lib/bpf/libbpf.c | 80 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 80 insertions(+)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index ab0c3a409eea..bdc08f89a5c0 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -180,6 +180,8 @@ enum kern_feature_id {
FEAT_ARRAY_MMAP,
/* kernel support for expected_attach_type in BPF_PROG_LOAD */
FEAT_EXP_ATTACH_TYPE,
+ /* bpf_probe_read_{kernel,user}[_str] helpers */
+ FEAT_PROBE_READ_KERN,
__FEAT_CNT,
};
@@ -3591,6 +3593,27 @@ static int probe_kern_exp_attach_type(void)
return probe_fd(bpf_load_program_xattr(&attr, NULL, 0));
}
[...]
+static bool insn_is_helper_call(struct bpf_insn *insn, enum bpf_func_id *func_id)
+{
+ __u8 class = BPF_CLASS(insn->code);
+
+ if ((class == BPF_JMP || class == BPF_JMP32) &&
Do we support BPF_JMP32 + BPF_CALL ... as a helper call?
I am not aware of this.
+ BPF_OP(insn->code) == BPF_CALL &&
+ BPF_SRC(insn->code) == BPF_K &&
+ insn->src_reg == 0 && insn->dst_reg == 0) {
+ if (func_id)
+ *func_id = insn->imm;
looks like func_id is always non-NULL. Unless this is to support future
usage where func_id may be NULL, the above condition probably not needed.
+ return true;
+ }
+ return false;
+}
+
[...]
