On 12/20/22 2:20 PM, Stanislav Fomichev wrote:
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index bafcb7a3ae6f..6d81b14361e3 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2097,6 +2097,14 @@ bool bpf_prog_map_compatible(struct bpf_map *map,
if (fp->kprobe_override)
return false;
+ /* XDP programs inserted into maps are not guaranteed to run on
+ * a particular netdev (and can run outside driver context entirely
+ * in the case of devmap and cpumap). Until device checks
+ * are implemented, prohibit adding dev-bound programs to program maps.
+ */
+ if (bpf_prog_is_dev_bound(fp->aux))
+ return false;
+
There is a recent change in the same function in the bpf tree, commit
1c123c567fb1. fyi.
[ ... ]
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index fdfdcab4a59d..320451a0be3e 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2081,6 +2081,22 @@ static struct btf *find_kfunc_desc_btf(struct bpf_verifier_env *env, s16 offset)
return btf_vmlinux ?: ERR_PTR(-ENOENT);
}
+int bpf_dev_bound_kfunc_check(struct bpf_verifier_env *env,
+ struct bpf_prog_aux *prog_aux)
nit. Move the dev bound related function to offload.c. &env->log can be passed
instead of env and then use bpf_log().
Others lgtm.
