On 5/19/17 4:16 PM, David Miller wrote:
From: Alexei Starovoitov <a...@fb.com>
Date: Fri, 19 May 2017 14:37:56 -0700
On 5/19/17 1:41 PM, David Miller wrote:
From: Edward Cree <ec...@solarflare.com>
Date: Fri, 19 May 2017 18:17:42 +0100
One question: is there a way to build the verifier as userland code
(or at least as a module), or will I have to reboot every time I
want to test a change?
There currently is no such machanism, you will have to reboot every
time.
I have considered working on making the code buildable outside of the
kernel. It shouldn't be too hard.
it's not hard.
We did it twice and both times abandoned.
First time to have 'user space verifier' to check programs before
loading and second time for fuzzing via llvm.
Abandoned since it diverges very quickly from kernel.
Well, my idea was the create an environment in which kernel verifier.c
could be built as-is.
Maybe there would be some small compromises in verifier.c such as an
ifdef test or two, but that should be it.
that's exactly what we did the first time. Added few ifdef to verifier.c
Second time we went even further by compiling kernel/bpf/verifier.c
as-is and linking everything magically via user space hooks
all the way that test_verifier.c runs as-is but calling
bpf_check() function that was compiled for user space via clang.
That code is here:
https://github.com/iovisor/bpf-fuzzer
It's definitely possible to refresh it and make it work again.
My point that unless we put such 'lets build verifier.c for user space'
as part of tools/testing/selftests/ or something, such project is
destined to bit rot.
