lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAADnVQJpCe9e2Qrnsaj4+ab47z00-bEYyHhN_mmpCh4+9i17vQ@mail.gmail.com> Date: Fri, 29 Sep 2023 14:06:10 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Matt Bobrowski <mattbobrowski@...gle.com> Cc: Toke Høiland-Jørgensen <toke@...hat.com>, Daniel Borkmann <daniel@...earbox.net>, Alexei Starovoitov <ast@...nel.org>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, Marek Majkowski <marek@...udflare.com>, Lorenz Bauer <lmb@...udflare.com>, Alan Maguire <alan.maguire@...cle.com>, Jesper Dangaard Brouer <brouer@...hat.com>, David Miller <davem@...emloft.net>, Network Development <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org> Subject: Re: bpf indirect calls On Wed, Sep 27, 2023 at 6:27 AM Matt Bobrowski <mattbobrowski@...gle.com> wrote: > > > static void testing(void) { > bpf_printk("testing"); > } > > struct iter_ctx { > void (*f) (void); > }; > static u64 iter_callback(struct bpf_map *map, u32 *key, > u64 *value, struct iter_ctx *ctx) { > if (ctx->f) { > ctx->f(); > } > return 0; > } > > SEC("lsm.s/file_open") > int BPF_PROG(file_open, struct file *file) > { > struct iter_ctx iter_ctx = { > .f = testing, > }; > bpf_for_each_map_elem(&map, iter_callback, &iter_ctx, 0); > return 0; > } > ``` ... > The fundamental difference between the two call instructions if I'm > not mistaken is that one attempts to perform a call using an immediate > value as its source operand, whereas the other attempts to perform a > call using a source register as its source operand. AFAIU, the latter > is not currently permitted by the BPF verifier. Is that right? Correct. Indirect calls via 'callx' instruction are not supported yet. Please use bpf_tail_call() as a workaround for now. Over the years the verifier became progressively smarter and maybe now is a good time to support true indirect calls. For certain cases like your example above it's relatively easy to add such support, but before we do that please describe the full use case that you wanted to implement with indirect calls.
Powered by blists - more mailing lists