Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3e6a4b3e authored Aug 02, 2018 by Roman Gushchin Committed by Daniel Borkmann Aug 03, 2018

bpf/verifier: introduce BPF_PTR_TO_MAP_VALUE



BPF_MAP_TYPE_CGROUP_STORAGE maps are special in a way
that the access from the bpf program side is lookup-free.
That means the result is guaranteed to be a valid
pointer to the cgroup storage; no NULL-check is required.

This patch introduces BPF_PTR_TO_MAP_VALUE return type,
which is required to cause the verifier accept programs,
which are not checking the map value pointer for being NULL.

Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

parent 394e40a2

include/linux/bpf.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -155,6 +155,7 @@ enum bpf_arg_type {
		enum bpf_return_type {
		RET_INTEGER, /* function returns integer */
		RET_VOID, /* function doesn't return anything */
		RET_PTR_TO_MAP_VALUE, /* returns a pointer to map elem value */
		RET_PTR_TO_MAP_VALUE_OR_NULL, /* returns a pointer to map elem value or NULL */
		};

kernel/bpf/verifier.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -2545,7 +2545,11 @@ static int check_helper_call(struct bpf_verifier_env *env, int func_id, int insn
		mark_reg_unknown(env, regs, BPF_REG_0);
		} else if (fn->ret_type == RET_VOID) {
		regs[BPF_REG_0].type = NOT_INIT;
		} else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL) {
		} else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL \|\|
		fn->ret_type == RET_PTR_TO_MAP_VALUE) {
		if (fn->ret_type == RET_PTR_TO_MAP_VALUE)
		regs[BPF_REG_0].type = PTR_TO_MAP_VALUE;
		else
		regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL;
		/* There is no offset yet applied, variable or fixed */
		mark_reg_known_zero(env, regs, BPF_REG_0);