From: John Fastabend <john.fastab...@gmail.com> Date: Mon, 12 Mar 2018 12:23:39 -0700
> In the case where we need a specific number of bytes before a > verdict can be assigned, even if the data spans multiple sendmsg > or sendfile calls. The BPF program may use msg_cork_bytes(). > > The extreme case is a user can call sendmsg repeatedly with > 1-byte msg segments. Obviously, this is bad for performance but > is still valid. If the BPF program needs N bytes to validate > a header it can use msg_cork_bytes to specify N bytes and the > BPF program will not be called again until N bytes have been > accumulated. The infrastructure will attempt to coalesce data > if possible so in many cases (most my use cases at least) the > data will be in a single scatterlist element with data pointers > pointing to start/end of the element. However, this is dependent > on available memory so is not guaranteed. So BPF programs must > validate data pointer ranges, but this is the case anyways to > convince the verifier the accesses are valid. > > Signed-off-by: John Fastabend <john.fastab...@gmail.com> Acked-by: David S. Miller <da...@davemloft.net>
