Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a8f500af authored by Alexei Starovoitov's avatar Alexei Starovoitov Committed by Daniel Borkmann
Browse files

bpf: split explored_states 



split explored_states into prune_point boolean mark
and link list of explored states.
This removes STATE_LIST_MARK hack and allows marks to be separate from states.

Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent 5d839021

include/linux/bpf_verifier.h

+1 −0
Original line number Diff line number Diff line
@@ -233,6 +233,7 @@ struct bpf_insn_aux_data { 
	int sanitize_stack_off; /* stack slot to be cleared */

	bool seen; /* this insn was processed by the verifier */

	u8 alu_state; /* used in combination with alu_limit */

	bool prune_point;

	unsigned int orig_idx; /* original instruction index */

};

kernel/bpf/verifier.c

+13 −18
Original line number Diff line number Diff line
@@ -5436,7 +5436,6 @@ enum { 
	BRANCH = 2,

};



#define STATE_LIST_MARK ((struct bpf_verifier_state_list *) -1L)

static struct bpf_verifier_state_list **explored_state(

					struct bpf_verifier_env *env,

					int idx)
@@ -5446,7 +5445,7 @@ static struct bpf_verifier_state_list **explored_state( 


static void init_explored_state(struct bpf_verifier_env *env, int idx)

{

	env->explored_states[idx] = STATE_LIST_MARK;

	env->insn_aux_data[idx].prune_point = true;

}



/* t, w, e - match pseudo-code above:
@@ -6018,10 +6017,7 @@ static void clean_live_states(struct bpf_verifier_env *env, int insn, 
	int i;



	sl = *explored_state(env, insn);

	if (!sl)

		return;



	while (sl != STATE_LIST_MARK) {

	while (sl) {

		if (sl->state.curframe != cur->curframe)

			goto next;

		for (i = 0; i <= cur->curframe; i++)
@@ -6376,18 +6372,18 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx) 
	struct bpf_verifier_state *cur = env->cur_state, *new;

	int i, j, err, states_cnt = 0;



	pprev = explored_state(env, insn_idx);

	sl = *pprev;



	if (!sl)

	if (!env->insn_aux_data[insn_idx].prune_point)

		/* this 'insn_idx' instruction wasn't marked, so we will not

		 * be doing state search here

		 */

		return 0;



	pprev = explored_state(env, insn_idx);

	sl = *pprev;



	clean_live_states(env, insn_idx, cur);



	while (sl != STATE_LIST_MARK) {

	while (sl) {

		if (states_equal(env, &sl->state, cur)) {

			sl->hit_cnt++;

			/* reached equivalent register/stack state,
@@ -8145,8 +8141,7 @@ static void free_states(struct bpf_verifier_env *env) 
	for (i = 0; i < env->prog->len; i++) {

		sl = env->explored_states[i];



		if (sl)

			while (sl != STATE_LIST_MARK) {

		while (sl) {

			sln = sl->next;

			free_verifier_state(&sl->state, false);

			kfree(sl);