KF_CHANGES_PKT indicates that the kfunc call may change packet data. This is analogous to bpf_helper_changes_pkt_data(). Signed-off-by: Daniel Xu <dxu@xxxxxxxxx> --- Documentation/bpf/kfuncs.rst | 7 +++++++ include/linux/btf.h | 1 + kernel/bpf/verifier.c | 8 ++++++++ 3 files changed, 16 insertions(+) diff --git a/Documentation/bpf/kfuncs.rst b/Documentation/bpf/kfuncs.rst index 9fd7fb539f85..061ab392a02f 100644 --- a/Documentation/bpf/kfuncs.rst +++ b/Documentation/bpf/kfuncs.rst @@ -200,6 +200,13 @@ single argument which must be a trusted argument or a MEM_RCU pointer. The argument may have reference count of 0 and the kfunc must take this into consideration. +2.4.9 KF_CHANGES_PKT flag +----------------- + +The KF_CHANGES_PKT is used for kfuncs that may change packet data. +After calls to such kfuncs, existing packet pointers will be invalidated +and must be revalidated before the prog can access packet data. + 2.5 Registering the kfuncs -------------------------- diff --git a/include/linux/btf.h b/include/linux/btf.h index 5f628f323442..0575f530e40b 100644 --- a/include/linux/btf.h +++ b/include/linux/btf.h @@ -71,6 +71,7 @@ #define KF_SLEEPABLE (1 << 5) /* kfunc may sleep */ #define KF_DESTRUCTIVE (1 << 6) /* kfunc performs destructive actions */ #define KF_RCU (1 << 7) /* kfunc only takes rcu pointer arguments */ +#define KF_CHANGES_PKT (1 << 8) /* kfunc may change packet data */ /* * Return the name of the passed struct, if exists, or halt the build if for diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a5255a0dcbb6..0ac505cbd6ba 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -8213,6 +8213,11 @@ static bool is_kfunc_rcu(struct bpf_kfunc_call_arg_meta *meta) return meta->kfunc_flags & KF_RCU; } +static bool is_kfunc_changes_pkt(struct bpf_kfunc_call_arg_meta *meta) +{ + return meta->kfunc_flags & KF_CHANGES_PKT; +} + static bool is_kfunc_arg_kptr_get(struct bpf_kfunc_call_arg_meta *meta, int arg) { return arg == 0 && (meta->kfunc_flags & KF_KPTR_GET); @@ -9313,6 +9318,9 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn, mark_btf_func_reg_size(env, regno, t->size); } + if (is_kfunc_changes_pkt(&meta)) + clear_all_pkt_pointers(env); + return 0; } -- 2.39.0