On 09/08, Dave Marchevsky wrote:
Verifier logic to confirm that a callback function returns 0 or 1 was
added in commit 69c087ba6225b ("bpf: Add bpf_for_each_map_elem() helper").
At the time, callback return value was only used to continue or stop
iteration.
In order to support callbacks with a broader return value range, such as
those added in rbtree series[0] and others, add a callback_ret_range to
bpf_func_state. Verifier's helpers which set in_callback_fn will also
set the new field, which the verifier will later use to check return
value bounds.
Default to tnum_range(0, 0) instead of using tnum_unknown as a sentinel
value as the latter would prevent the valid range (0, U64_MAX) being
used. Previous global default tnum_range(0, 1) is explicitly set for
extant callback helpers. The change to global default was made after
discussion around this patch in rbtree series [1], goal here is to make
it more obvious that callback_ret_range should be explicitly set.
[0]: lore.kernel.org/bpf/20220830172759.4069786-1-davemarchevsky@xxxxxx/
[1]: lore.kernel.org/bpf/20220830172759.4069786-2-davemarchevsky@xxxxxx/
Signed-off-by: Dave Marchevsky <davemarchevsky@xxxxxx>
---
Sending this separately from rbtree patchset as Joanne also needs this
change for her usecase.
Not sure you need that given everybody's happy about it in the separate
thread, but for the sake of completion:
Reviewed-by: Stanislav Fomichev <sdf@xxxxxxxxxx>
