On Wed, 2025-07-02 at 20:20 -0700, Alexei Starovoitov wrote:
> On Wed, Jul 2, 2025 at 3:42 PM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
> >
> > Allow specifying __arg_untrusted for void */char */int */long *
> > parameters. Treat such parameters as
> > PTR_TO_MEM|MEM_RDONLY|PTR_UNTRUSTED of size zero.
> > Intended usage is as follows:
> >
> > int memcmp(char *a __arg_untrusted, char *b __arg_untrusted, size_t n) {
> > bpf_for(i, 0, n) {
> > if (a[i] - b[i]) // load at any offset is allowed
> > return a[i] - b[i];
> > }
> > return 0;
> > }
>
> ...
>
> > +bool btf_type_is_primitive(const struct btf_type *t)
> > +{
> > + return (btf_type_is_int(t) && btf_type_int_is_regular(t)) ||
> > + btf_is_any_enum(t);
> > +}
>
> Should array of primitive types be allowed as well ?
> Since in C
> int memcmp(char a[] __arg_untrusted, char b[] __arg_untrusted, size_t n) {
> bpf_for(i, 0, n) {
> if (a[i] - b[i]) // load at any offset is allowed
> return a[i] - b[i];
>
> will work just like 'char *'.
I agree in general, but compiler converts arrays to pointers for
function parameters, e.g.:
[~/tmp]
$ cat test-array-btf.c
int foo(int a[], char b[3]) {
return 0;
}
[~/tmp]
$ clang --target=bpf -c -g -O2 test-array-btf.c -o test-array-btf.o
[~/tmp]
$ bpftool btf dump file test-array-btf.o
[1] PTR '(anon)' type_id=2
[2] INT 'int' size=4 bits_offset=0 nr_bits=32 encoding=SIGNED
[3] PTR '(anon)' type_id=4
[4] INT 'char' size=1 bits_offset=0 nr_bits=8 encoding=SIGNED
[5] FUNC_PROTO '(anon)' ret_type_id=2 vlen=2
'a' type_id=1
'b' type_id=3
[6] FUNC 'foo' type_id=5 linkage=global
So, I'm inclined to skip this for now.
