This patch set fixes, improves, and refactors parts of BPF verifier's state
equivalence checks.
Patch #1 fixes refsafe(), making it take into account ID map when comparing
reference IDs. See patch for details.
Patches #2-#7 refactor regsafe() function which compares two register states
across old and current states. regsafe() is critical piece of logic, so to
make it easier to review and validate refactorings and logic fixes and
improvements, each patch makes a small change, explaining why the change is
correct and makes sense. Please see individual patches for details.
This patch set is one of the preliminaries required for upcoming BPF
open-coded iterators, as with open-coded iterators verifier's loop safety and
completion proof is critically dependent on correct state equivalence logic.
Andrii Nakryiko (7):
bpf: teach refsafe() to take into account ID remapping
bpf: reorganize struct bpf_reg_state fields
bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule
bpf: reject non-exact register type matches in regsafe()
bpf: perform byte-by-byte comparison only when necessary in regsafe()
bpf: fix regs_exact() logic in regsafe() to remap IDs correctly
bpf: unify PTR_TO_MAP_{KEY,VALUE} with default case in regsafe()
include/linux/bpf_verifier.h | 40 +++++-----
kernel/bpf/verifier.c | 151 +++++++++++++++++++----------------
2 files changed, 101 insertions(+), 90 deletions(-)
--
2.30.2
