Re: [PATCH v6 net-next 1/6] net: filter: add "load 64-bit immediate" eBPF instruction

From: Andy Lutomirski
Date: Mon Aug 25 2014 - 21:38:54 EST

On Mon, Aug 25, 2014 at 6:35 PM, Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:
> On Mon, Aug 25, 2014 at 6:06 PM, David Miller <davem@xxxxxxxxxxxxx> wrote:
>> From: Alexei Starovoitov <ast@xxxxxxxxxxxx>
>> Date: Mon, 25 Aug 2014 18:00:53 -0700
>>> add BPF_LD_IMM64 instruction to load 64-bit immediate value into a register.
>> I think you need to rethink this.
>> I understand that you want to be able to compile arbitrary C code into
>> eBPF, but you have to restrict strongly what data the eBPF code can get
>> to.
> I believe verifier already does restrict it. I don't see any holes in
> the architecture. I'm probably not explaining it clearly though :(
>> Arbitrary pointer loads is asking for trouble.
> Of course.
> There is no arbitrary pointer from user space.
> Verifier checks all pointers.
> I guess this commit log description is confusing.
> It says:
> BPF_LD_IMM64(R1, const_imm_map_ptr)
> that's what appears in the program _after_ it goes through verifier.
> User space cannot pass a pointer into the kernel.

If you don't intend for userspace to load a program that contains this
instruction, then why does it need to be an instruction that the
verifier rewrites? Why not have an instruction "load immediate
relocated pointer" that contains a reference to a relocation table and
have the JIT do it? That might be easier to understand than having
the verifier do it, and it'll avoid committing to ABIs before we need

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at