On Thu, Jul 3, 2025 at 2:49 PM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
>
> On Wed, 2025-07-02 at 20:20 -0700, Alexei Starovoitov wrote:
> > On Wed, Jul 2, 2025 at 3:42 PM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
> > >
> > > Allow specifying __arg_untrusted for void */char */int */long *
> > > parameters. Treat such parameters as
> > > PTR_TO_MEM|MEM_RDONLY|PTR_UNTRUSTED of size zero.
> > > Intended usage is as follows:
> > >
> > > int memcmp(char *a __arg_untrusted, char *b __arg_untrusted, size_t n) {
> > > bpf_for(i, 0, n) {
> > > if (a[i] - b[i]) // load at any offset is allowed
> > > return a[i] - b[i];
> > > }
> > > return 0;
> > > }
> >
> > ...
> >
> > > +bool btf_type_is_primitive(const struct btf_type *t)
> > > +{
> > > + return (btf_type_is_int(t) && btf_type_int_is_regular(t)) ||
> > > + btf_is_any_enum(t);
> > > +}
> >
> > Should array of primitive types be allowed as well ?
> > Since in C
> > int memcmp(char a[] __arg_untrusted, char b[] __arg_untrusted, size_t n) {
> > bpf_for(i, 0, n) {
> > if (a[i] - b[i]) // load at any offset is allowed
> > return a[i] - b[i];
> >
> > will work just like 'char *'.
>
> I agree in general, but compiler converts arrays to pointers for
> function parameters, e.g.:
>
> [~/tmp]
> $ cat test-array-btf.c
> int foo(int a[], char b[3]) {
> return 0;
> }
> [~/tmp]
> $ clang --target=bpf -c -g -O2 test-array-btf.c -o test-array-btf.o
> [~/tmp]
> $ bpftool btf dump file test-array-btf.o
> [1] PTR '(anon)' type_id=2
> [2] INT 'int' size=4 bits_offset=0 nr_bits=32 encoding=SIGNED
> [3] PTR '(anon)' type_id=4
> [4] INT 'char' size=1 bits_offset=0 nr_bits=8 encoding=SIGNED
> [5] FUNC_PROTO '(anon)' ret_type_id=2 vlen=2
> 'a' type_id=1
> 'b' type_id=3
> [6] FUNC 'foo' type_id=5 linkage=global
>
> So, I'm inclined to skip this for now.
I see. Makes sense then.
