Skip to content

Commit 291ab45

Browse files
ameryhungameryhung
committed
bpf: Clear packet pointers after changing packet data in kfuncs
bpf_xdp_pull_data() may change packet data and therefore packet pointers need to be invalidated. Add bpf_xdp_pull_data() to the special kfunc list instead of introducing a new KF_ flag until there are more kfuncs changing packet data. Signed-off-by: Amery Hung <[email protected]>
1 parent 4c7b9cc commit 291ab45

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

kernel/bpf/verifier.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12235,6 +12235,7 @@ enum special_kfunc_type {
1223512235
KF_bpf_dynptr_from_skb,
1223612236
KF_bpf_dynptr_from_xdp,
1223712237
KF_bpf_dynptr_from_skb_meta,
12238+
KF_bpf_xdp_pull_data,
1223812239
KF_bpf_dynptr_slice,
1223912240
KF_bpf_dynptr_slice_rdwr,
1224012241
KF_bpf_dynptr_clone,
@@ -12285,10 +12286,12 @@ BTF_ID(func, bpf_rbtree_right)
1228512286
BTF_ID(func, bpf_dynptr_from_skb)
1228612287
BTF_ID(func, bpf_dynptr_from_xdp)
1228712288
BTF_ID(func, bpf_dynptr_from_skb_meta)
12289+
BTF_ID(func, bpf_xdp_pull_data)
1228812290
#else
1228912291
BTF_ID_UNUSED
1229012292
BTF_ID_UNUSED
1229112293
BTF_ID_UNUSED
12294+
BTF_ID_UNUSED
1229212295
#endif
1229312296
BTF_ID(func, bpf_dynptr_slice)
1229412297
BTF_ID(func, bpf_dynptr_slice_rdwr)
@@ -12358,6 +12361,11 @@ static bool is_kfunc_bpf_preempt_enable(struct bpf_kfunc_call_arg_meta *meta)
1235812361
return meta->func_id == special_kfunc_list[KF_bpf_preempt_enable];
1235912362
}
1236012363

12364+
static bool is_kfunc_pkt_changing(struct bpf_kfunc_call_arg_meta *meta)
12365+
{
12366+
return meta->func_id == special_kfunc_list[KF_bpf_xdp_pull_data];
12367+
}
12368+
1236112369
static enum kfunc_ptr_arg_type
1236212370
get_kfunc_ptr_arg_type(struct bpf_verifier_env *env,
1236312371
struct bpf_kfunc_call_arg_meta *meta,
@@ -14077,6 +14085,9 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
1407714085
}
1407814086
}
1407914087

14088+
if (is_kfunc_pkt_changing(&meta))
14089+
clear_all_pkt_pointers(env);
14090+
1408014091
nargs = btf_type_vlen(meta.func_proto);
1408114092
args = (const struct btf_param *)(meta.func_proto + 1);
1408214093
for (i = 0; i < nargs; i++) {
@@ -17794,6 +17805,8 @@ static int visit_insn(int t, struct bpf_verifier_env *env)
1779417805
*/
1779517806
if (ret == 0 && is_kfunc_sleepable(&meta))
1779617807
mark_subprog_might_sleep(env, t);
17808+
if (ret == 0 && is_kfunc_pkt_changing(&meta))
17809+
mark_subprog_changes_pkt_data(env, t);
1779717810
}
1779817811
return visit_func_call_insn(t, insns, env, insn->src_reg == BPF_PSEUDO_CALL);
1779917812

0 commit comments

Comments
 (0)