Skip to content

Commit d5c4771

Browse files
Martin KaFai LauAlexei Starovoitov
Martin KaFai Lau
authored and
Alexei Starovoitov
committed
bpf: Adjust BPF_JMP that jumps to the 1st insn of the prologue
The next patch will add a ctx ptr saving instruction "(r1 = *(u64 *)(r10 -8)" at the beginning for the main prog when there is an epilogue patch (by the .gen_epilogue() verifier ops added in the next patch). There is one corner case if the bpf prog has a BPF_JMP that jumps to the 1st instruction. It needs an adjustment such that those BPF_JMP instructions won't jump to the newly added ctx saving instruction. The commit 5337ac4 ("bpf: Fix the corner case with may_goto and jump to the 1st insn.") has the details on this case. Note that the jump back to 1st instruction is not limited to the ctx ptr saving instruction. The same also applies to the prologue. A later test, pro_epilogue_goto_start.c, has a test for the prologue only case. Thus, this patch does one adjustment after gen_prologue and the future ctx ptr saving. It is done by adjust_jmp_off(env->prog, 0, delta) where delta has the total number of instructions in the prologue and the future ctx ptr saving instruction. The adjust_jmp_off(env->prog, 0, delta) assumes that the prologue does not have a goto 1st instruction itself. To accommodate the prologue might have a goto 1st insn itself, this patch changes the adjust_jmp_off() to skip considering the instructions between [tgt_idx, tgt_idx + delta). Signed-off-by: Martin KaFai Lau <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Alexei Starovoitov <[email protected]>
1 parent 6f606ff commit d5c4771

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

kernel/bpf/verifier.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19286,6 +19286,9 @@ static int adjust_jmp_off(struct bpf_prog *prog, u32 tgt_idx, u32 delta)
1928619286
for (i = 0; i < insn_cnt; i++, insn++) {
1928719287
u8 code = insn->code;
1928819288

19289+
if (tgt_idx <= i && i < tgt_idx + delta)
19290+
continue;
19291+
1928919292
if ((BPF_CLASS(code) != BPF_JMP && BPF_CLASS(code) != BPF_JMP32) ||
1929019293
BPF_OP(code) == BPF_CALL || BPF_OP(code) == BPF_EXIT)
1929119294
continue;
@@ -19704,6 +19707,9 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
1970419707
}
1970519708
}
1970619709

19710+
if (delta)
19711+
WARN_ON(adjust_jmp_off(env->prog, 0, delta));
19712+
1970719713
if (bpf_prog_is_offloaded(env->prog->aux))
1970819714
return 0;
1970919715

0 commit comments

Comments
 (0)