Skip to content

Commit aa96def

Browse files
ameryhungKernel Patches Daemon
ameryhung
authored and
Kernel Patches Daemon
committed
bpf: Clear packet pointers after changing packet data in kfuncs
bpf_xdp_pull_data() may change packet data and therefore packet pointers need to be invalidated. Add bpf_xdp_pull_data() to the special kfunc list instead of introducing a new KF_ flag until there are more kfuncs changing packet data. Signed-off-by: Amery Hung <[email protected]>
1 parent 117de17 commit aa96def

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

kernel/bpf/verifier.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12239,6 +12239,7 @@ enum special_kfunc_type {
1223912239
KF_bpf_dynptr_from_skb,
1224012240
KF_bpf_dynptr_from_xdp,
1224112241
KF_bpf_dynptr_from_skb_meta,
12242+
KF_bpf_xdp_pull_data,
1224212243
KF_bpf_dynptr_slice,
1224312244
KF_bpf_dynptr_slice_rdwr,
1224412245
KF_bpf_dynptr_clone,
@@ -12289,10 +12290,12 @@ BTF_ID(func, bpf_rbtree_right)
1228912290
BTF_ID(func, bpf_dynptr_from_skb)
1229012291
BTF_ID(func, bpf_dynptr_from_xdp)
1229112292
BTF_ID(func, bpf_dynptr_from_skb_meta)
12293+
BTF_ID(func, bpf_xdp_pull_data)
1229212294
#else
1229312295
BTF_ID_UNUSED
1229412296
BTF_ID_UNUSED
1229512297
BTF_ID_UNUSED
12298+
BTF_ID_UNUSED
1229612299
#endif
1229712300
BTF_ID(func, bpf_dynptr_slice)
1229812301
BTF_ID(func, bpf_dynptr_slice_rdwr)
@@ -12362,6 +12365,11 @@ static bool is_kfunc_bpf_preempt_enable(struct bpf_kfunc_call_arg_meta *meta)
1236212365
return meta->func_id == special_kfunc_list[KF_bpf_preempt_enable];
1236312366
}
1236412367

12368+
static bool is_kfunc_pkt_changing(struct bpf_kfunc_call_arg_meta *meta)
12369+
{
12370+
return meta->func_id == special_kfunc_list[KF_bpf_xdp_pull_data];
12371+
}
12372+
1236512373
static enum kfunc_ptr_arg_type
1236612374
get_kfunc_ptr_arg_type(struct bpf_verifier_env *env,
1236712375
struct bpf_kfunc_call_arg_meta *meta,
@@ -14081,6 +14089,9 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
1408114089
}
1408214090
}
1408314091

14092+
if (is_kfunc_pkt_changing(&meta))
14093+
clear_all_pkt_pointers(env);
14094+
1408414095
nargs = btf_type_vlen(meta.func_proto);
1408514096
args = (const struct btf_param *)(meta.func_proto + 1);
1408614097
for (i = 0; i < nargs; i++) {
@@ -17802,6 +17813,8 @@ static int visit_insn(int t, struct bpf_verifier_env *env)
1780217813
*/
1780317814
if (ret == 0 && is_kfunc_sleepable(&meta))
1780417815
mark_subprog_might_sleep(env, t);
17816+
if (ret == 0 && is_kfunc_pkt_changing(&meta))
17817+
mark_subprog_changes_pkt_data(env, t);
1780517818
}
1780617819
return visit_func_call_insn(t, insns, env, insn->src_reg == BPF_PSEUDO_CALL);
1780717820

0 commit comments

Comments
 (0)