[net-next,0/4] bpf: move context info out of the verifier

Message ID	20171016234056.1964-1-jakub.kicinski@netronome.com
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Jakub Kicinski <jakub.kicinski@netronome.com> To: netdev@vger.kernel.org Cc: oss-drivers@netronome.com, alexei.starovoitov@gmail.com, daniel@iogearbox.net, Jakub Kicinski <jakub.kicinski@netronome.com> Subject: [PATCH net-next 0/4] bpf: move context info out of the verifier Date: Mon, 16 Oct 2017 16:40:52 -0700 Message-Id: <20171016234056.1964-1-jakub.kicinski@netronome.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	bpf: move context info out of the verifier \| expand [net-next,0/4] bpf: move context info out of the verifier [net-next,1/4] bpf: split verifier and program ops [net-next,2/4] bpf: remove the verifier ops from program structure [net-next,3/4] bpf: move knowledge about post-translation offsets out of verifier [net-next,4/4] bpf: allow access to skb->len from offloads

Message ID

20171016234056.1964-1-jakub.kicinski@netronome.com

Headers

From: Jakub Kicinski <jakub.kicinski@netronome.com>
To: netdev@vger.kernel.org
Cc: oss-drivers@netronome.com, alexei.starovoitov@gmail.com,
	daniel@iogearbox.net, Jakub Kicinski <jakub.kicinski@netronome.com>
Subject: [PATCH net-next 0/4] bpf: move context info out of the verifier
Date: Mon, 16 Oct 2017 16:40:52 -0700
Message-Id: <20171016234056.1964-1-jakub.kicinski@netronome.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

bpf: move context info out of the verifier | expand

Message

Jakub Kicinski Oct. 16, 2017, 11:40 p.m. UTC

Hi!

Daniel pointed out during the review of my previous patchset that
the knowledge about context doesn't really belong directly in the
verifier.  This patch set takes a bit of a drastic approach to
move the info out of there.  I want to be able to use different
set of verifier_ops for program analysis.  To do that, I have
to first move the test_run callback to a separate structure.  Then
verifier ops can be declared in the verifier directly and
different sets can be picked for verification vs analysis.

Jakub Kicinski (4):
  bpf: split verifier and program ops
  bpf: remove the verifier ops from program structure
  bpf: move knowledge about post-translation offsets out of verifier
  bpf: allow access to skb->len from offloads

 include/linux/bpf.h          | 17 ++++++---
 include/linux/bpf_types.h    | 28 +++++++-------
 include/linux/bpf_verifier.h |  1 +
 kernel/bpf/syscall.c         |  6 +--
 kernel/bpf/verifier.c        | 70 +++++++++++++++--------------------
 kernel/trace/bpf_trace.c     | 15 ++++++--
 net/core/filter.c            | 87 +++++++++++++++++++++++++++++++++++++++-----
 7 files changed, 149 insertions(+), 75 deletions(-)

Comments

Daniel Borkmann Oct. 17, 2017, 9:39 a.m. UTC | #1

On 10/17/2017 01:40 AM, Jakub Kicinski wrote:
> Hi!
>
> Daniel pointed out during the review of my previous patchset that
> the knowledge about context doesn't really belong directly in the
> verifier.  This patch set takes a bit of a drastic approach to
> move the info out of there.  I want to be able to use different
> set of verifier_ops for program analysis.  To do that, I have
> to first move the test_run callback to a separate structure.  Then
> verifier ops can be declared in the verifier directly and
> different sets can be picked for verification vs analysis.

Looks great, thanks for following up on this!

David Miller Oct. 18, 2017, 1:17 p.m. UTC | #2

From: Jakub Kicinski <jakub.kicinski@netronome.com>
Date: Mon, 16 Oct 2017 16:40:52 -0700

> Daniel pointed out during the review of my previous patchset that
> the knowledge about context doesn't really belong directly in the
> verifier.  This patch set takes a bit of a drastic approach to
> move the info out of there.  I want to be able to use different
> set of verifier_ops for program analysis.  To do that, I have
> to first move the test_run callback to a separate structure.  Then
> verifier ops can be declared in the verifier directly and
> different sets can be picked for verification vs analysis.

Series applied, thanks.