From: Daniel Borkmann <dan...@iogearbox.net> Date: Fri, 19 May 2017 19:13:29 +0200
> The problem is that once you add bits markers to bpf_prog like we > used to do in the past, then as you do in patch 4/5 with the > xdp_rxhash_needed bit, they will need to be turned /on/ > unconditionally when a prog has tail calls. Yeah that's the problem with feature checks, once you have tail calls involved we have to say "entire universe" of features is possible because it is (intentionally) not possible to track all paths reachable via tail calls, and in fact these paths can dynamically and arbitrarily change after the program using tail calls have been loaded and verified completely. For example, let's assume we have eBPF program A that uses tail calls via slots in bpf MAP "M". At verification time, sure, we could see the MAP "M" points to programs B and C, which don't use tail calls and look at what features they use. But after loading "A", anyone with access to bpf MAP "M" can change the tail call slots to point to bpf programs other than "B" and "C". And maybe those new programs use features outside of the set we tested for when "A" was verified. So it is impossible to test feature "sets" with eBPF like this.
