Scan BPF bytecode to detect if a program calls any functions requiring
a program ID. So far, bpf_get_attach_cookie() is the only function
that needs a program ID.
Signed-off-by: Kui-Feng Lee <kuifeng@xxxxxx>
---
include/linux/filter.h | 3 ++-
kernel/bpf/trampoline.c | 7 ++++---
kernel/bpf/verifier.c | 3 +++
3 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index d23e999dc032..4433c5d1bc19 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -572,7 +572,8 @@ struct bpf_prog {
has_callchain_buf:1, /* callchain buffer allocated? */
enforce_expected_attach_type:1, /* Enforce expected_attach_type checking at attach time */
call_get_stack:1, /* Do we call bpf_get_stack() or bpf_get_stackid() */
- call_get_func_ip:1; /* Do we call get_func_ip() */
+ call_get_func_ip:1, /* Do we call get_func_ip() */
+ need_prog_id:1; /* Do we need program ID? */
enum bpf_prog_type type; /* Type of BPF program */
enum bpf_attach_type expected_attach_type; /* For some prog types */
u32 len; /* Number of filter blocks */
diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
index 4b6974a195c1..c65622e4216c 100644
--- a/kernel/bpf/trampoline.c
+++ b/kernel/bpf/trampoline.c
@@ -181,7 +181,7 @@ static int register_fentry(struct bpf_trampoline *tr, void *new_addr)
}
static struct bpf_tramp_progs *
-bpf_trampoline_get_progs(const struct bpf_trampoline *tr, int *total, bool *ip_arg)
+bpf_trampoline_get_progs(const struct bpf_trampoline *tr, int *total, bool *ip_arg, bool *prog_id)
{
const struct bpf_prog_aux *aux;
struct bpf_tramp_progs *tprogs;
@@ -200,6 +200,7 @@ bpf_trampoline_get_progs(const struct bpf_trampoline *tr, int *total, bool *ip_a
hlist_for_each_entry(aux, &tr->progs_hlist[kind], tramp_hlist) {
*ip_arg |= aux->prog->call_get_func_ip;
+ *prog_id |= aux->prog->need_prog_id;
*progs++ = aux->prog;
}
}
@@ -344,10 +345,10 @@ static int bpf_trampoline_update(struct bpf_trampoline *tr)
struct bpf_tramp_image *im;
struct bpf_tramp_progs *tprogs;
u32 flags = BPF_TRAMP_F_RESTORE_REGS;
- bool ip_arg = false;
+ bool ip_arg = false, prog_id = false;
int err, total;
- tprogs = bpf_trampoline_get_progs(tr, &total, &ip_arg);
+ tprogs = bpf_trampoline_get_progs(tr, &total, &ip_arg, &prog_id);
if (IS_ERR(tprogs))
return PTR_ERR(tprogs);
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index ff91f5038010..0359242e2a81 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6812,6 +6812,9 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
env->prog->call_get_func_ip = true;
}
+ if (func_id == BPF_FUNC_get_attach_cookie)
+ env->prog->need_prog_id = true;
+
if (changes_data)
clear_all_pkt_pointers(env);
return 0;
--
2.30.2
