On Mon, Dec 6, 2021 at 3:22 PM Hao Luo <haoluo@xxxxxxxxxx> wrote:
>
> We have introduced a new type to make bpf_ret composable, by
> reserving high bits to represent flags.
>
> One of the flag is PTR_MAYBE_NULL, which indicates a pointer
> may be NULL. When applying this flag to ret_types, it means
> the returned value could be a NULL pointer. This patch
> switches the qualified arg_types to use this flag.
> The ret_types changed in this patch include:
>
> 1. RET_PTR_TO_MAP_VALUE_OR_NULL
> 2. RET_PTR_TO_SOCKET_OR_NULL
> 3. RET_PTR_TO_TCP_SOCK_OR_NULL
> 4. RET_PTR_TO_SOCK_COMMON_OR_NULL
> 5. RET_PTR_TO_ALLOC_MEM_OR_NULL
> 6. RET_PTR_TO_MEM_OR_BTF_ID_OR_NULL
> 7. RET_PTR_TO_BTF_ID_OR_NULL
>
> This patch doesn't eliminate the use of these names, instead
> it makes them aliases to 'RET_PTR_TO_XXX | PTR_MAYBE_NULL'.
>
> Signed-off-by: Hao Luo <haoluo@xxxxxxxxxx>
> ---
> include/linux/bpf.h | 19 ++++++++++------
> kernel/bpf/helpers.c | 2 +-
> kernel/bpf/verifier.c | 52 +++++++++++++++++++++----------------------
> 3 files changed, 39 insertions(+), 34 deletions(-)
>
[...]
> @@ -6570,28 +6570,28 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
> return -EINVAL;
> }
> regs[BPF_REG_0].type =
> - fn->ret_type == RET_PTR_TO_MEM_OR_BTF_ID ?
> - PTR_TO_MEM : PTR_TO_MEM_OR_NULL;
> + (ret_type & PTR_MAYBE_NULL) ?
> + PTR_TO_MEM_OR_NULL : PTR_TO_MEM;
nit: I expected something like (let's use the fact that those flags
are the same across different enums):
regs[BPF_REG_0].type = PTR_TO_MEM | (ret_type & PTR_MAYBE_NULL);
> regs[BPF_REG_0].mem_size = tsize;
> } else {
> regs[BPF_REG_0].type =
> - fn->ret_type == RET_PTR_TO_MEM_OR_BTF_ID ?
> - PTR_TO_BTF_ID : PTR_TO_BTF_ID_OR_NULL;
> + (ret_type & PTR_MAYBE_NULL) ?
> + PTR_TO_BTF_ID_OR_NULL : PTR_TO_BTF_ID;
same as above
> regs[BPF_REG_0].btf = meta.ret_btf;
> regs[BPF_REG_0].btf_id = meta.ret_btf_id;
> }
> - } else if (fn->ret_type == RET_PTR_TO_BTF_ID_OR_NULL ||
> - fn->ret_type == RET_PTR_TO_BTF_ID) {
> + } else if (base_type(ret_type) == RET_PTR_TO_BTF_ID) {
> int ret_btf_id;
>
> mark_reg_known_zero(env, regs, BPF_REG_0);
> - regs[BPF_REG_0].type = fn->ret_type == RET_PTR_TO_BTF_ID ?
> - PTR_TO_BTF_ID :
> - PTR_TO_BTF_ID_OR_NULL;
> + regs[BPF_REG_0].type = (ret_type & PTR_MAYBE_NULL) ?
> + PTR_TO_BTF_ID_OR_NULL :
> + PTR_TO_BTF_ID;
and here
> ret_btf_id = *fn->ret_btf_id;
> if (ret_btf_id == 0) {
> - verbose(env, "invalid return type %d of func %s#%d\n",
> - fn->ret_type, func_id_name(func_id), func_id);
> + verbose(env, "invalid return type %lu of func %s#%d\n",
> + base_type(ret_type), func_id_name(func_id),
base type returns u32, shouldn't it be %u then?
> + func_id);
> return -EINVAL;
> }
> /* current BPF helper definitions are only coming from
> @@ -6600,8 +6600,8 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
> regs[BPF_REG_0].btf = btf_vmlinux;
> regs[BPF_REG_0].btf_id = ret_btf_id;
> } else {
> - verbose(env, "unknown return type %d of func %s#%d\n",
> - fn->ret_type, func_id_name(func_id), func_id);
> + verbose(env, "unknown return type %lu of func %s#%d\n",
> + base_type(ret_type), func_id_name(func_id), func_id);
same %u
> return -EINVAL;
> }
>
> --
> 2.34.1.400.ga245620fadb-goog
>
