On Tue, Sep 17, 2013 at 1:40 AM, David Laight <david.lai...@aculab.com> wrote: > > > Patch 1/2: generic BPF extension > > Original A and X 32-bit BPF registers are replaced with ten 64-bit > > registers. > > bpf opcode encoding kept the same. load/store were generalized to access > > stack, > > bpf_tables and bpf_context. > > BPF program interfaces to outside world via tables that it can read and > > write, > > and via bpf_context which is in/out blob of data. > > Other kernel components can provide callbacks to tailor BPF to specific > > needs. > > As has been recently pointed out on some of the NetBSD lists > one of the points about BPF is that the filters are deterministic > and easily proven to both terminate and have no unwanted side effects. > > The functionality you are proposing breaks both of these assumptions.
Proposed BPF extensions keep both of these assumptions. See bpf_check.c It guarantees that BPF program terminates, all memory/register accesses are valid, function arguments are verified, no unknown insns, register/stack is initialized before read, aligned, etc BPF checker algorithm is not as trivial as it was before, but still straightforward and simple. It helped us catch some interesting bugs in BPF GCC backend. In one case we miscalculated branch target by one insn and since register read came before it was written, BPF checker caught it. In another case we improperly coded branch conditions in cbranchdi4 (see gcc/config/bpf/bpf.md on github). Again it caught it. Using compiler is not mandatory. One can code BPF in assembler in the same way it was done before, but doing it in C is easier to understand. Thanks Alexei _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
