[FEATURE] Enable userspace verifier by default
yunwei37 opened this issue · 5 comments
Is your feature request related to a problem? Please describe.
The PREVAIL should be enable by default, and:
- Add runtime option to bypass the userspace verifier
- Add prompt to let user using kernel verifier when the userspace verifer is not pass
Describe the solution you'd like
Note that ebpf-verifier lacks a lot of features, enabling it may cause a lot of confusion
Yes. So when there is error occur in userspace verifier, we should treat it as a warning.
If the error is due to unsupport features, there should be a warning and default operation is just continue, and tell user how to use kernel verifier if they want.
If the error sounds like a realy bug, it should block it but also tell user how to bypass it or use the kernel verifier.
We maybe can have 3 mode:
- BPFTIME_VERIFY_STRICT: all verifier wanring are errors, you should pass either kernel or userspace verifier.
- BPFTIME_VERIFY_WARNING: userspace verifier are warning, kernel verifier are error.
- BPFTIME_NO_VERIFY: no verify.
Yes. So when there is error occur in userspace verifier, we should treat it as a warning.
If the error is due to unsupport features, there should be a warning and default operation is just continue, and tell user how to use kernel verifier if they want. If the error sounds like a realy bug, it should block it but also tell user how to bypass it or use the kernel verifier.
We maybe can have 3 mode:
- BPFTIME_VERIFY_STRICT: all verifier wanring are errors, you should pass either kernel or userspace verifier.
- BPFTIME_VERIFY_WARNING: userspace verifier are warning, kernel verifier are error.
- BPFTIME_NO_VERIFY: no verify.
But we even don't know which features are supported by ebpf-verifier, making it hard to distinguish whether it's a lack of feature or bug
Ok, so maybe just 3 levels? The default level is verify warning
Ok, so maybe just 3 levels? The default level is verify warning
Agree