ebpf在受限C中不允许什么? [英] What is not allowed in restricted C for ebpf?

问题描述

从bpf手册页:

eBPF程序可以用编译后的受限C语言编写(使用clang编译器)转换为eBPF字节码.各种功能是从此受限的C中省略，例如循环，全局变量，可变参数函数，浮点数和传递结构为函数参数.

eBPF programs can be written in a restricted C that is compiled (using the clang compiler) into eBPF bytecode. Various features are omitted from this restricted C, such as loops, global variables, variadic functions, floating-point numbers, and passing structures as function arguments.

AFAIK手册页未更新.我想知道在使用受限C编写eBPF程序时到底被禁止什么?手册页上说的仍然正确吗?

AFAIK the man page it's not updated. I'd like to know what is exactly forbidden when using restricted C to write an eBPF program? Is what the man page says still true?

推荐答案

这实际上与ELF文件本身允许"的内容无关.这句话意味着，一旦编译为eBPF指令，您的C代码可能会生成将被验证程序拒绝的代码.例如，BPF程序中的循环早已被BPF程序拒绝，因为没有保证它们会终止(唯一的解决方法是在编译时将其展开).

It is not really a matter of what is "allowed" in the ELF file itself. This sentence means that once compiled into eBPF instructions, your C code may produce code that would be rejected by the verifier. For example, loops in BPF programs have long been rejected in BPF programs, because there was no guaranty that they would terminate (the only workaround was to unroll them at compile time).

因此，您基本上可以在C中使用几乎所需的任何东西，并成功生成ELF目标文件.但是，然后您希望它通过验证程序.哪些组件肯定会导致验证者抱怨?让我们看一下手册页中的列表:

So you can basically use pretty much whatever you want in C and produce successfully an ELF object file. But then you want it to pass the verifier. What components will surely result in the verifier complaining? Let's have a look at the list from man page:

• 循环:Linux 5.3版引入了对有界循环的支持，因此循环在某种程度上可以正常工作.有界循环"是指验证者有办法告诉他们最终将要完成的循环:通常，用于(i = 0; i< CONSTANT; i ++)的 类循环应该起作用(假设 i 在代码块中未修改).

• Loops: Linux version 5.3 introduces support for bounded loops, so loops now work to some extent. "Bounded loops" means loops for which the verifier has a way to tell they will eventually finish: typically, a for (i = 0; i < CONSTANT; i++) kind loop should work (assuming i is not modified in the block).

全局变量:最近有一些支持全局变量的工作，但是它们是以特定方式处理的(如单项输入图)，我还没有真正尝试过，所以我不知道这是多么透明，以及是否可以在程序中简单地定义全局变量.随时尝试:).

Global variables: There has been some work recently to support global variables, but they are processed in a specific way (as single-entry maps) and I have not really experimented with them, so I don't know how transparent this is and if you can simply have global variables defined in your program. Feel free to experiment :).

可变函数:可以肯定的是不支持此功能，目前我还不知道它将如何在eBPF中转换.

Variadic functions: Pretty sure this is not supported, I don't see how that would translate in eBPF at the moment.

浮点数:仍不支持.

将结构作为函数参数传递:不支持，尽管我认为传递指向结构的指针应该可以.

Passing structure as function arguments: Not supported, although passing pointers to structs should work I think.

如果您对此详细信息感兴趣，请查看 Cilium的文档在BPF上.它不是完全最新的(仅缺少非常新的功能)，但是比手册页更加完整和准确.特别是，"LLVM"部分列出了应该或应该使用的项目列表在编译为eBPF的C程序中不起作用.除了上述提到的内容外，他们还引用:

If you are interested in this level of details, you should really have a look at Cilium's documentation on BPF. It is not completely up-to-date (only the very new features are missing), but much more complete and accurate than the man page. In particular, the LLVM section has a list of items that should or should not work in C programs compiled to eBPF. In addition to the aforedmentioned items, they cite:

• (所有函数都需要内联，没有函数调用)->此函数已过时，BPF具有函数调用.

• (All function needing to be inlined, no function calls) -> This one is outdated, BPF has function calls.

没有共享库调用:这是正确的.您不能从标准库或其他BPF程序中定义的函数调用函数.您只能调用在相同的BPF程序中定义的函数，或在内核中实现的BPF帮助器，或执行尾部调用".

No shared library calls: This is true. You cannot call functions from standard libraries, or functions defined in other BPF programs. You can only call into functions defined in the same BPF programs, or BPF helpers implemented in the kernel, or perform "tail calls".

异常: memset()/ memcpy()/ memmove()/的LLVM内置函数memcmp()可用(我认为它们是您可以调用的唯一函数，除了BPF帮助器和其他BPF函数之外).

Exception: LLVM built-in functions for memset()/memcpy()/memmove()/memcmp() are available (I think they're pretty much the only functions you can call, other than BPF helpers and your other BPF functions).

不允许使用const字符串或数组(因为它们在ELF文件中的处理方式):我认为今天仍然有效吗?

No const string or arrays allowed (because of how they are handled in the ELF file): I think this is still valid today?

BPF程序堆栈限制为512个字节，因此您的C程序一定不能导致尝试使用更多内容的可执行文件.

BPF program stack is limited to 512 bytes, so your C program must not result in an executable that attempts to use more.

列出了其他允许的或知名的项目.我只能鼓励您潜入其中！

Additional allowed or good-to-know items are listed. I can only encourage you to dive into it!

这篇关于ebpf在受限C中不允许什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！