From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: Alignment in BPF verifier Date: Fri, 19 May 2017 16:39:57 -0400 (EDT) Message-ID: <20170519.163957.1950740987459934279.davem@davemloft.net> References: Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: ast@fb.com, daniel@iogearbox.net, alexei.starovoitov@gmail.com, netdev@vger.kernel.org To: ecree@solarflare.com Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:57388 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755623AbdESUkB (ORCPT ); Fri, 19 May 2017 16:40:01 -0400 In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: From: Edward Cree Date: Fri, 19 May 2017 21:00:13 +0100 > Well, I've managed to get somewhat confused by reg->id. > In particular, I'm unsure which bpf_reg_types can have an id, and what > exactly it means. There seems to be some code that checks around map value > pointers, which seems strange as maps have fixed sizes (and the comments in > enum bpf_reg_type make it seem like id is a PTR_TO_PACKET thing) - is this > maybe because of map-of-maps support, can the contained maps have differing > element sizes? Or do we allow *(map_value + var + imm), if map_value + var > was appropriately bounds-checked? > > Does the 'id' identify the variable that was added to an object pointer, or > the object itself? Or does it blur these and identify (what the comment in > enum bpf_reg_type calls) "skb->data + (u16) var"? The reg->id value changes any time a variable gets added to a packet pointer. You will also notice right now that only packet pointers have their alignment tracked. I have changes pending that will do that for MAP pointers too, but it needs more work.