Re: [PATCH net-next v2 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto
From: Martin KaFai Lau
Date: Thu Jun 23 2016 - 12:55:51 EST
On Thu, Jun 23, 2016 at 11:53:50AM +0200, Daniel Borkmann wrote:
> >diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> >index 668e079..68753e0 100644
> >--- a/kernel/bpf/verifier.c
> >+++ b/kernel/bpf/verifier.c
> >@@ -1062,6 +1062,10 @@ static int check_map_func_compatibility(struct bpf_map *map, int func_id)
> > if (func_id != BPF_FUNC_get_stackid)
> > goto error;
> > break;
> >+ case BPF_MAP_TYPE_CGROUP_ARRAY:
> >+ if (func_id != BPF_FUNC_skb_in_cgroup)
> >+ goto error;
> >+ break;
>
> I think the BPF_MAP_TYPE_CGROUP_ARRAY case should have been fist here in
> patch 2/4, but with unconditional goto error. And this one only adds the
> 'func_id != BPF_FUNC_skb_in_cgroup' test.
I am not sure I understand. Can you elaborate? I am probably missing
something here.
>
> > default:
> > break;
> > }
> >@@ -1081,6 +1085,10 @@ static int check_map_func_compatibility(struct bpf_map *map, int func_id)
> > if (map->map_type != BPF_MAP_TYPE_STACK_TRACE)
> > goto error;
> > break;
> >+ case BPF_FUNC_skb_in_cgroup:
> >+ if (map->map_type != BPF_MAP_TYPE_CGROUP_ARRAY)
> >+ goto error;
> >+ break;
> > default:
> > break;
> > }