Skip to content

Instantly share code, notes, and snippets.

@fntlnz
Created July 7, 2021 23:47
Show Gist options
  • Save fntlnz/3d3b1ed6429a82203cdff675c1b963d4 to your computer and use it in GitHub Desktop.
Save fntlnz/3d3b1ed6429a82203cdff675c1b963d4 to your computer and use it in GitHub Desktop.
The eBPF verifier - by Github Copilot

The eBPF verifier

Important: This article was written by Github Copilot, while it's not entirely accurate, it's quite good to see what it ended up with.

The bpf verifier is a tool that can be used to check the correctness of eBPF programs. It is implemented in C and is used by the kernel. When the kernel is built with CONFIG_BPF_JIT, it does further optimization on the BPF programs.

To write a valid eBPF program you need to follow a few rules:

  • The program must not have any side-effects.
  • The program must not call any system calls.
  • The program must not call any functions that are not part of the eBPF API.

If you are interested in writing eBPF programs, you should read the eBPF programmer's guide.

If the verifier does not work, you can try to run the verifier manually:

$ ebpf_verifier <program.o>

If that does not work, you can try to run the verifier with the -v option:

$ ebpf_verifier -v <program.o>

You can also dump assembler code for the program:

$ ebpf_verifier -a <program.o>

Human-readable error messages are also available:

$ ebpf_verifier -v -H <program.o>

Said that, the verifier is not perfect.

It will report errors when it finds something that is not allowed.

Thanks for reading!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment