summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexei Starovoitov <ast@kernel.org>2019-05-21 20:17:06 -0700
committerDaniel Borkmann <daniel@iogearbox.net>2019-05-24 01:46:22 +0200
commita8f500af0ccffc3d2aaf9018537981cb173865a1 (patch)
tree1b5ec7951b918ddb8dd5391bec198fe1d77da5d3
parent5d839021675a2e1b76653189cc6a90cfd8e30a69 (diff)
downloadlwn-a8f500af0ccffc3d2aaf9018537981cb173865a1.tar.gz
lwn-a8f500af0ccffc3d2aaf9018537981cb173865a1.zip
bpf: split explored_states
split explored_states into prune_point boolean mark and link list of explored states. This removes STATE_LIST_MARK hack and allows marks to be separate from states. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-rw-r--r--include/linux/bpf_verifier.h1
-rw-r--r--kernel/bpf/verifier.c31
2 files changed, 14 insertions, 18 deletions
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 1305ccbd8fe6..02bba09a0ea1 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -233,6 +233,7 @@ struct bpf_insn_aux_data {
int sanitize_stack_off; /* stack slot to be cleared */
bool seen; /* this insn was processed by the verifier */
u8 alu_state; /* used in combination with alu_limit */
+ bool prune_point;
unsigned int orig_idx; /* original instruction index */
};
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 736b5a0d4848..6a3e69ba891e 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5436,7 +5436,6 @@ enum {
BRANCH = 2,
};
-#define STATE_LIST_MARK ((struct bpf_verifier_state_list *) -1L)
static struct bpf_verifier_state_list **explored_state(
struct bpf_verifier_env *env,
int idx)
@@ -5446,7 +5445,7 @@ static struct bpf_verifier_state_list **explored_state(
static void init_explored_state(struct bpf_verifier_env *env, int idx)
{
- env->explored_states[idx] = STATE_LIST_MARK;
+ env->insn_aux_data[idx].prune_point = true;
}
/* t, w, e - match pseudo-code above:
@@ -6018,10 +6017,7 @@ static void clean_live_states(struct bpf_verifier_env *env, int insn,
int i;
sl = *explored_state(env, insn);
- if (!sl)
- return;
-
- while (sl != STATE_LIST_MARK) {
+ while (sl) {
if (sl->state.curframe != cur->curframe)
goto next;
for (i = 0; i <= cur->curframe; i++)
@@ -6376,18 +6372,18 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
struct bpf_verifier_state *cur = env->cur_state, *new;
int i, j, err, states_cnt = 0;
- pprev = explored_state(env, insn_idx);
- sl = *pprev;
-
- if (!sl)
+ if (!env->insn_aux_data[insn_idx].prune_point)
/* this 'insn_idx' instruction wasn't marked, so we will not
* be doing state search here
*/
return 0;
+ pprev = explored_state(env, insn_idx);
+ sl = *pprev;
+
clean_live_states(env, insn_idx, cur);
- while (sl != STATE_LIST_MARK) {
+ while (sl) {
if (states_equal(env, &sl->state, cur)) {
sl->hit_cnt++;
/* reached equivalent register/stack state,
@@ -8145,13 +8141,12 @@ static void free_states(struct bpf_verifier_env *env)
for (i = 0; i < env->prog->len; i++) {
sl = env->explored_states[i];
- if (sl)
- while (sl != STATE_LIST_MARK) {
- sln = sl->next;
- free_verifier_state(&sl->state, false);
- kfree(sl);
- sl = sln;
- }
+ while (sl) {
+ sln = sl->next;
+ free_verifier_state(&sl->state, false);
+ kfree(sl);
+ sl = sln;
+ }
}
kvfree(env->explored_states);