On Wed, 2 May 2018 10:54:56 -0700, William Tu wrote:

On Wed, May 2, 2018 at 1:29 AM, Daniel Borkmann [off-list ref] wrote:

quoted

On 05/02/2018 06:52 AM, Alexei Starovoitov wrote:  

quoted

On Tue, May 01, 2018 at 09:35:29PM -0700, William Tu wrote:  
Please test it with real program and you'll see crashes and garbage returned.  

+1, *convert_ctx_access() use bpf_insn's off to determine what to rewrite,
so this is definitely buggy, and wasn't properly tested as it should have
been. The test case is also way too simple, just the LDX and then doing a
return 0 will get you past verifier, but won't give you anything in terms
of runtime testing that test_verifier is doing. A single test case for a
non trivial verifier change like this is also _completely insufficient_,
this really needs to test all sort of weird corner cases (involving out of
bounds accesses, overflows, etc).  

Thanks, now I understand.
It's much more complicated than I thought.

FWIW NFP JIT would also have to be updated, similarly to
*convert_ctx_access() in mem_ldx_skb()/mem_ldx_xdp() we are currently
looking at insn.off.  In case you find a way to solve this.. :)