ebpf-verifier
ebpf-verifier copied to clipboard
vbpf
Consider supporting map definitions in a section that names the map
At the moment the read_elf function contains the following:
50 vector<raw_program> read_elf(const std::string& path, const std::string& desired_section, const ebpf_verifier_options_t* options, const ebpf_platform_t* platform) {
...
64 ELFIO::section* maps_section = reader.sections["maps"];
65 if (maps_section) {
66 platform->parse_maps_section(info.map_descriptors, maps_section->get_data(), maps_section->get_size(), platform, *options);
67 }
...
124 if (symbol_section_index != maps_section->get_index()) {
125 throw std::runtime_error(string("Unresolved external symbol " + symbol_name +
126 " at location " + std::to_string(offset / sizeof(ebpf_inst))));
127 }
If the provided ELF does not have a maps section then line 124 causes a segfault on NULL pointer in maps_section (I've created PR #230 to turn this into a more user-friendly runtime error for now).
While a lot of the examples out there use sections called maps to define maps, there is another approach which names the maps sections maps/BLA where BLAis the name of the map. This allows for a user-space loader to assign the FD that results from creating each particular map in the kernel to a particular userspace variable.
As an example, the gobpf loader allows for this. We also have a large application that creates 10s of eBPF maps using the cilium eBPF library and uses the same naming convention to distinguish them from each other in user-space.
Looking at the read_elf code this doesn't seem like it would be a huge amount of effort to support, but I figured I would create an issue first to open a discussion in case I have missed any complexity, or in case anyone doesn't like the feature at all =)
