Skip to content

Commit 660e7b3

Browse files
ameryhungKernel Patches Daemon
ameryhung
authored and
Kernel Patches Daemon
committed
bpf: Clear packet pointers after changing packet data in kfuncs
bpf_xdp_pull_data() may change packet data and therefore packet pointers need to be invalidated. Add bpf_xdp_pull_data() to the special kfunc list instead of introducing a new KF_ flag until there are more kfuncs changing packet data. Signed-off-by: Amery Hung <[email protected]>
1 parent 5f05e25 commit 660e7b3

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

kernel/bpf/verifier.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12254,6 +12254,7 @@ enum special_kfunc_type {
1225412254
KF_bpf_dynptr_from_skb,
1225512255
KF_bpf_dynptr_from_xdp,
1225612256
KF_bpf_dynptr_from_skb_meta,
12257+
KF_bpf_xdp_pull_data,
1225712258
KF_bpf_dynptr_slice,
1225812259
KF_bpf_dynptr_slice_rdwr,
1225912260
KF_bpf_dynptr_clone,
@@ -12304,10 +12305,12 @@ BTF_ID(func, bpf_rbtree_right)
1230412305
BTF_ID(func, bpf_dynptr_from_skb)
1230512306
BTF_ID(func, bpf_dynptr_from_xdp)
1230612307
BTF_ID(func, bpf_dynptr_from_skb_meta)
12308+
BTF_ID(func, bpf_xdp_pull_data)
1230712309
#else
1230812310
BTF_ID_UNUSED
1230912311
BTF_ID_UNUSED
1231012312
BTF_ID_UNUSED
12313+
BTF_ID_UNUSED
1231112314
#endif
1231212315
BTF_ID(func, bpf_dynptr_slice)
1231312316
BTF_ID(func, bpf_dynptr_slice_rdwr)
@@ -12377,6 +12380,11 @@ static bool is_kfunc_bpf_preempt_enable(struct bpf_kfunc_call_arg_meta *meta)
1237712380
return meta->func_id == special_kfunc_list[KF_bpf_preempt_enable];
1237812381
}
1237912382

12383+
static bool is_kfunc_pkt_changing(struct bpf_kfunc_call_arg_meta *meta)
12384+
{
12385+
return meta->func_id == special_kfunc_list[KF_bpf_xdp_pull_data];
12386+
}
12387+
1238012388
static enum kfunc_ptr_arg_type
1238112389
get_kfunc_ptr_arg_type(struct bpf_verifier_env *env,
1238212390
struct bpf_kfunc_call_arg_meta *meta,
@@ -14096,6 +14104,9 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
1409614104
}
1409714105
}
1409814106

14107+
if (is_kfunc_pkt_changing(&meta))
14108+
clear_all_pkt_pointers(env);
14109+
1409914110
nargs = btf_type_vlen(meta.func_proto);
1410014111
args = (const struct btf_param *)(meta.func_proto + 1);
1410114112
for (i = 0; i < nargs; i++) {
@@ -17817,6 +17828,8 @@ static int visit_insn(int t, struct bpf_verifier_env *env)
1781717828
*/
1781817829
if (ret == 0 && is_kfunc_sleepable(&meta))
1781917830
mark_subprog_might_sleep(env, t);
17831+
if (ret == 0 && is_kfunc_pkt_changing(&meta))
17832+
mark_subprog_changes_pkt_data(env, t);
1782017833
}
1782117834
return visit_func_call_insn(t, insns, env, insn->src_reg == BPF_PSEUDO_CALL);
1782217835

0 commit comments

Comments
 (0)