On Thu, 12 Oct 2017 23:33:21 +0200, Daniel Borkmann wrote: > On 10/12/2017 10:56 PM, Jakub Kicinski wrote: > > On Thu, 12 Oct 2017 22:43:10 +0200, Daniel Borkmann wrote: > [...] > >> It would be nice to keep the reg_type setting in one place, meaning > >> the callbacks themselves, so we wouldn't need to maintain this in > >> multiple places. > > > > Hm.. I though this was the smallest and simplest change. I could > > translate the offsets but that seems wobbly. Or try to consolidate the > > call into the same if () branch? Not sure.. > > Different callbacks for post-verification would be good at min as it > would allow to keep all the context access info in one place for a > given type at least.
Sorry to be clear - you're suggesting adding a new callback to struct bpf_verifier_ops, or swapping the struct bpf_verifier_ops for a special post-verification one? > > As a bonus info I discovered there is a bug in -net with how things are > > converted. We allow arithmetic on context pointers but then only > > look at the insn.off in the converter... I'm working on a fix. > > Ohh well, good catch, indeed! :( Can you also add coverage to the > bpf selftests for this? Will do!
