Maicake
Reputation: 1136
bounded loops in ebpf. Does now the verifier check if the program is a DAG?
Since bounded loop are now allowed in ebpf programs https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=2589726d12a1b12eaaa93c7f1ea64287e383c7a5 does the verifier still check in the first pass if the program control flow is a Direct Acyclic Graph?
Upvotes: 5
Views: 951
Answers (1)
pchaigno
Reputation: 13133
Yes, it still does, and rejects programs with back-edges in two cases:
- If the program is loaded by an unprivileged user. The
env->allow_ptr_leaksboolean indicates a privileged user. - If the back-edge is performed using a call. Only normal jumps can make bounded loops (which doesn't mean you can't do a bpf-to-bpf call inside a bounded loop).
Upvotes: 5
Related Questions
- What is not allowed in restricted C for eBPF?
- Are loops allowed in Linux's BPF programs?
- BPF verifier says program exceeds 1M instruction
- ebpf: where verifier prints its messages?
- Can eBPF modify the return value or parameters of a syscall?
- Dafny Loop Invariant Not Maintained By The Loop
- Does BPF_PROG_RUN implements the fallback ebpf interpreter?
- net/core/filter.c and linux/bpf/verifier.c
- Why ebpf program inside samples/bpf doesn't work?
- eBPF: understand two macros in verifier code