• Andrii Nakryiko's avatar
    veristat: guess and substitue underlying program type for freplace (EXT) progs · fa7cc906
    Andrii Nakryiko authored
    SEC("freplace") (i.e., BPF_PROG_TYPE_EXT) programs are not loadable as
    is through veristat, as kernel expects actual program's FD during
    BPF_PROG_LOAD time, which veristat has no way of knowing.
    
    Unfortunately, freplace programs are a pretty important class of
    programs, especially when dealing with XDP chaining solutions, which
    rely on EXT programs.
    
    So let's do our best and teach veristat to try to guess the original
    program type, based on program's context argument type. And if guessing
    process succeeds, we manually override freplace/EXT with guessed program
    type using bpf_program__set_type() setter to increase chances of proper
    BPF verification.
    
    We rely on BTF and maintain a simple lookup table. This process is
    obviously not 100% bulletproof, as valid program might not use context
    and thus wouldn't have to specify correct type. Also, __sk_buff is very
    ambiguous and is the context type across many different program types.
    We pick BPF_PROG_TYPE_CGROUP_SKB for now, which seems to work fine in
    practice so far. Similarly, some program types require specifying attach
    type, and so we pick one out of possible few variants.
    
    Best effort at its best. But this makes veristat even more widely
    applicable.
    Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
    Tested-by: default avatarEduard Zingerman <eddyz87@gmail.com>
    Link: https://lore.kernel.org/r/20230327185202.1929145-4-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    fa7cc906
veristat.c 51.4 KB