On 12/6/22 8:52 PM, Stanislav Fomichev wrote:
On Tue, Dec 6, 2022 at 8:29 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
On Mon, Dec 05, 2022 at 06:45:45PM -0800, Stanislav Fomichev wrote:
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index fc4e313a4d2e..00951a59ee26 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -15323,6 +15323,24 @@ static int fixup_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
return -EINVAL;
}
+ *cnt = 0;
+
+ if (resolve_prog_type(env->prog) == BPF_PROG_TYPE_XDP) {
+ if (bpf_prog_is_offloaded(env->prog->aux)) {
+ verbose(env, "no metadata kfuncs offload\n");
+ return -EINVAL;
+ }
If I'm reading this correctly than this error will trigger
for any XDP prog trying to use a kfunc?
bpf_prog_is_offloaded() should return true only when the program is
fully offloaded to the device (like nfp). So here the intent is to
reject kfunc programs because nft should somehow implement them first.
Unless I'm not setting offload_requested somewhere, not sure I see the
problem. LMK if I missed something.
It errors out for all kfunc here though. or it meant to error out for the
XDP_METADATA_KFUNC_* only?