From 8983aa3530b82edd6142d1e55cf374a9a986fe09 Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Fri, 1 Mar 2024 03:27:20 +0100
Subject: TODO: fix libbpf program validation

---
 contributing.mdwn | 1 +
 1 file changed, 1 insertion(+)

(limited to 'contributing.mdwn')

diff --git a/contributing.mdwn b/contributing.mdwn
index 7055e4ed..78458548 100644
--- a/contributing.mdwn
+++ b/contributing.mdwn
@@ -122,6 +122,7 @@ part:1:file:/home/samy/tmp/foo`). This would be libnetfs-based.
 * Add `VSTATUS` support to `term`. Essentially in `term/munge.c`, `input_character`, just like the `VINTR`, `VQUIT`, `VSUSP`, collect a few stats from the system, and put them into the output queue.
 * Make mig use the `access` function attribute to properly express accesses in arrays, e.g. for `device_read/write_inband`.
 * Add a limitation in the number of a process that a given uid can run. That would be in the `proc` translator. That will allow to avoid crashes when an application goes crazy with forking. Setting a hardcoded limitation would thus already be useful.
+* Complete BPF program validation in `libbpf`. For instance, for now if `BPF_MOD` or `BPF_XOR` are used in a filter, it is accepted, but the matching always fails. We should pre-refuse any unknown instruction (and of course then implement `BPF_MOD` and `BPF_XOR`)
 
 <a name="porting"></a>
 ## Porting Packages
-- 
cgit v1.2.3