On 05/14/2017 09:19 AM, Vetoshkin Nikita wrote:
As I understand from a C compiler point of view ->data and ->data_end are just arbitrary pointers embedded in a struct. Where does this semantics arises from? I.e. how does eBPF verifier knows that data ends where data_end points to?
The verifier only needs to match on data/data_end and makes sure the program code making use of this is within their bounds. It doesn't need to know the actual address at verification time. We do this, so that read/write access to the packet can happen efficiently without needing to call a helper function to perform the same (and without having to perform a check on every single access), adding data/data_end into the context also allows to do all this without changing BPF JIT compilers. The actual address for data/data_end is filled into the xdp_buff context structure shortly before the BPF program gets executed in the driver. Best, Daniel
|