Re: [PATCH bpf-next v4 01/12] bpf: factor out visit_func_call_insn() in check_cfg()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Feb 25, 2021 at 9:17 PM Yonghong Song <yhs@xxxxxx> wrote:
>
> During verifier check_cfg(), all instructions are
> visited to ensure verifier can handle program control flows.
> This patch factored out function visit_func_call_insn()
> so it can be reused in later patch to visit callback function
> calls. There is no functionality change for this patch.
>
> Signed-off-by: Yonghong Song <yhs@xxxxxx>
> ---

Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>

>  kernel/bpf/verifier.c | 35 +++++++++++++++++++++++------------
>  1 file changed, 23 insertions(+), 12 deletions(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 1dda9d81f12c..9cb182e91162 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -8592,6 +8592,27 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env,
>         return DONE_EXPLORING;
>  }
>
> +static int visit_func_call_insn(int t, int insn_cnt,
> +                               struct bpf_insn *insns,
> +                               struct bpf_verifier_env *env,
> +                               bool visit_callee)
> +{
> +       int ret;
> +
> +       ret = push_insn(t, t + 1, FALLTHROUGH, env, false);
> +       if (ret)
> +               return ret;
> +
> +       if (t + 1 < insn_cnt)
> +               init_explored_state(env, t + 1);
> +       if (visit_callee) {
> +               init_explored_state(env, t);
> +               ret = push_insn(t, t + insns[t].imm + 1, BRANCH,
> +                               env, false);
> +       }
> +       return ret;
> +}
> +
>  /* Visits the instruction at index t and returns one of the following:
>   *  < 0 - an error occurred
>   *  DONE_EXPLORING - the instruction was fully explored
> @@ -8612,18 +8633,8 @@ static int visit_insn(int t, int insn_cnt, struct bpf_verifier_env *env)
>                 return DONE_EXPLORING;
>
>         case BPF_CALL:
> -               ret = push_insn(t, t + 1, FALLTHROUGH, env, false);
> -               if (ret)
> -                       return ret;
> -
> -               if (t + 1 < insn_cnt)
> -                       init_explored_state(env, t + 1);
> -               if (insns[t].src_reg == BPF_PSEUDO_CALL) {
> -                       init_explored_state(env, t);
> -                       ret = push_insn(t, t + insns[t].imm + 1, BRANCH,
> -                                       env, false);
> -               }
> -               return ret;
> +               return visit_func_call_insn(t, insn_cnt, insns, env,
> +                                           insns[t].src_reg == BPF_PSEUDO_CALL);
>
>         case BPF_JA:
>                 if (BPF_SRC(insns[t].code) != BPF_K)
> --
> 2.24.1
>
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux