Chapter 6. The eBPF Verifier
I’ve mentioned the verification step a few times, so you already know that when you load an eBPF program into the kernel, this verification process ensures that the program is safe. In this chapter we’ll dive into how the verifier works to achieve this goal.
Verification involves checking every possible execution path through the program and ensuring that every instruction is safe. The verifier also makes some updates to the bytecode to ready it for execution. In this chapter I’ll show some examples of verification failures, by starting from an example that works and making modifications that render that code invalid to the verifier.
Note
The example code for this chapter is in the chapter6 directory of the repository at github.com/lizrice/learning-ebpf.
This chapter doesn’t attempt to cover every possible check the verifier makes. It’s intended to be an overview, with illustrative examples that will help you deal with verification errors that you might run into when writing your own eBPF code.
One thing to bear in mind is that the verifier works on eBPF bytecode, not directly on the source. That bytecode depends on the output from the compiler. Because of things like compiler optimization, a change in the source code might not always result in exactly what you expect in the bytecode, so correspondingly it might not give you the result you expect in the verifier’s verdict. For example, the verifier will reject unreachable instructions, but the compiler ...
Get Learning eBPF now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.