Speaker
Anton Protopopov
(Isovalent)
Description
Previous work on implementing the Static Keys for BPF [1], [2] led to the introduction of an "instruction set" map. This map contains pointers to xlated BPF instructions and is relocated accordingly during load and verification.
The instructions set map can be further used to verify indirect jump instructions in BPF, which wasn't approachable before. Namely, a goto Rx instruction can be linked to such a map, which lets the verifier check every possible branch taken.
The goal of this talk is to discuss the design and implementation of the BPF indirect jumps API and to list existing problems and restrictions of its usage.
[1] https://lpc.events/event/17/contributions/1608/
[2] http://vger.kernel.org/bpfconf2024_material/bpf_static_keys.pdf
Primary author
Anton Protopopov
(Isovalent)