Convert seen_direct_write from a boolean to a bitmap (seen_packet_access) in preparation for tracking additional packet access patterns. No functional change. Signed-off-by: Jakub Sitnicki --- include/linux/bpf_verifier.h | 6 +++++- kernel/bpf/verifier.c | 11 ++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index 4c497e839526..42ce94ce96ba 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -637,6 +637,10 @@ enum priv_stack_mode { PRIV_STACK_ADAPTIVE, }; +enum packet_access_flags { + PA_F_DIRECT_WRITE = BIT(0), +}; + struct bpf_subprog_info { /* 'start' has to be the first field otherwise find_subprog() won't work */ u32 start; /* insn idx of function entry point */ @@ -760,7 +764,7 @@ struct bpf_verifier_env { bool bpf_capable; bool bypass_spec_v1; bool bypass_spec_v4; - bool seen_direct_write; + u8 seen_packet_access; /* combination of enum packet_access_flags */ bool seen_exception; struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */ const struct bpf_line_info *prev_linfo; diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 64a04b7dd500..4c84b0cd399e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7625,7 +7625,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn value_regno); return -EACCES; } - env->seen_direct_write = true; + env->seen_packet_access |= PA_F_DIRECT_WRITE; } err = check_packet_access(env, regno, off, size, false); if (!err && t == BPF_READ && value_regno >= 0) @@ -13768,7 +13768,7 @@ static int check_special_kfunc(struct bpf_verifier_env *env, struct bpf_kfunc_ca verbose(env, "the prog does not allow writes to packet data\n"); return -EINVAL; } - env->seen_direct_write = true; + env->seen_packet_access |= PA_F_DIRECT_WRITE; } if (!meta->initialized_dynptr.id) { @@ -21200,6 +21200,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) struct bpf_prog *new_prog; enum bpf_access_type type; bool is_narrower_load; + bool seen_direct_write; int epilogue_idx = 0; if (ops->gen_epilogue) { @@ -21227,13 +21228,13 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) } } - if (ops->gen_prologue || env->seen_direct_write) { + seen_direct_write = env->seen_packet_access & PA_F_DIRECT_WRITE; + if (ops->gen_prologue || seen_direct_write) { if (!ops->gen_prologue) { verifier_bug(env, "gen_prologue is null"); return -EFAULT; } - cnt = ops->gen_prologue(insn_buf, env->seen_direct_write, - env->prog); + cnt = ops->gen_prologue(insn_buf, seen_direct_write, env->prog); if (cnt >= INSN_BUF_SIZE) { verifier_bug(env, "prologue is too long"); return -EFAULT; -- 2.43.0