On Fri, Aug 26, 2016 at 07:06:06PM +0100, Jakub Kicinski wrote: > Advanced JIT compilers and translators may want to use > eBPF verifier as a base for parsers or to perform custom > checks and validations. > > Add ability for external users to invoke the verifier > and provide callbacks to be invoked for every intruction > checked. For now only add most basic callback for > per-instruction pre-interpretation checks is added. More > advanced users may also like to have per-instruction post > callback and state comparison callback. > > Signed-off-by: Jakub Kicinski <jakub.kicin...@netronome.com>
I like the apporach. Making verifier into 'bytecode parser' that JITs can reuse is a good design choice. The only thing I would suggest is to tweak the verifier to avoid in-place state recording. Then I think patch 8 for clone/unclone of the program won't be needed, since verifier will be read-only from bytecode point of view and patch 9 also will be slightly cleaner. I think there are very few places in verifier that do this state keeping inside insn. It was bugging me for some time. Good time to clean that up. Unless I misunderstand the patches 7,8,9... There is also small concern for patches 5 and 6 that add more register state information. Potentially that extra state can prevent states_equal() to recognize equivalent states. Only patch 9 uses that info, right? Another question is do you need all state walking that verifier does or single linear pass through insns would have worked? Looks like you're only using CONST_IMM and PTR_TO_CTX state, right? The rest looks very good. Thanks a lot!
