On Thu, Jan 19, 2023 at 11:50:47PM -0600, David Vernet wrote:
> On Thu, Jan 19, 2023 at 09:48:23PM -0800, Alexei Starovoitov wrote:
> > On Thu, Jan 19, 2023 at 05:58:29PM -0600, David Vernet wrote:
> > > silently check for and ignore these cases at runtime. When we have e.g.
> > > per-argument kfunc flags, it might be helpful to add another KF_CPU-type
> > > flag that specifies that the verifier should validate that it's a valid
> > > CPU.
> >
> > ...
> >
> > > +void bpf_cpumask_set_cpu(u32 cpu, struct bpf_cpumask *cpumask)
> > > +{
> > > + if (!cpu_valid(cpu))
> > > + return;
> > > +
> > > + cpumask_set_cpu(cpu, (struct cpumask *)cpumask);
> > > +}
> >
> > ...
> >
> > > +void bpf_cpumask_clear_cpu(u32 cpu, struct bpf_cpumask *cpumask)
> > > +{
> > > + if (!cpu_valid(cpu))
> > > + return;
> >
> > I don't think we'll be able to get rid of this with KF_CPU or special suffix.
> > The argument might be a variable and not a constant at the verification time.
> > We would have to allow passing unknown vars otherwise the UX will be too restrictive,
> > so this run-time check would have to stay.
>
> Makes sense. We'll just leave it as is then and document that passing in
> cpu >= nr_cpus is silently ignored for any kfunc taking a cpu argument.
Eventually we can clean it up with bpf_assert infra.
