On Thu, 3 Sep 2020 at 21:08, Martin KaFai Lau <kafai@xxxxxx> wrote: > > On Tue, Sep 01, 2020 at 11:32:06AM +0100, Lorenz Bauer wrote: > > * Can we teach the verifier that PTR_TO_BTF_ID can be the same as PTR_TO_SOCKET? > I am working on a patch to teach the verifier to allow PTR_TO_SOCK* being used > in the bpf_skc_to_*_sock() helper. > > The use case is, for example, use bpf_skc_to_tcp_sock() to cast the > tc's __sk_buff->sk to a kernel "struct tcp_sock" (PTR_TO_BTF_ID) such > that the bpf prog won't be limited by the fields in "struct bpf_tcp_sock" > if the user has perfmon cap. Thus, in general, should be doable. > Hopefully I have something sharable next week. That's great! I got carried away with refactoring check_func_arg with the same goal, it'll be interesting to see what you've come up with. I've decided to make a smaller change for the sake of landing this series, and then I'll follow up with my refactoring. Hopefully we won't be stepping on each others toes too much. > > For the sockmap iter (which is tracing), I think it is better > to begin with PTR_TO_BTF_ID_OR_NULL such that the bpf iter prog > can access the tcp_sock (or udp_sock) without another casting or > bpf_probe_read_kernel(). Yes, that's what I'm going with as well. -- Lorenz Bauer | Systems Engineer 6th Floor, County Hall/The Riverside Building, SE1 7PB, UK www.cloudflare.com
