Convert seen_direct_write from a boolean to a bitmap (seen_packet_access) in preparation for tracking additional packet access patterns. No functional change. Signed-off-by: Jakub Sitnicki --- include/linux/bpf_verifier.h | 6 +++++- kernel/bpf/verifier.c | 11 ++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index 130bcbd66f60..c8397ae51880 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -647,6 +647,10 @@ enum priv_stack_mode { PRIV_STACK_ADAPTIVE, }; +enum packet_access_flags { + PA_F_DIRECT_WRITE = BIT(0), +}; + struct bpf_subprog_info { /* 'start' has to be the first field otherwise find_subprog() won't work */ u32 start; /* insn idx of function entry point */ @@ -773,7 +777,7 @@ struct bpf_verifier_env { bool bpf_capable; bool bypass_spec_v1; bool bypass_spec_v4; - bool seen_direct_write; + u8 seen_packet_access; /* combination of enum packet_access_flags */ bool seen_exception; struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */ const struct bpf_line_info *prev_linfo; diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 52d76a848f65..f6094fd3fd94 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7714,7 +7714,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn value_regno); return -EACCES; } - env->seen_direct_write = true; + env->seen_packet_access |= PA_F_DIRECT_WRITE; } err = check_packet_access(env, regno, off, size, false); if (!err && t == BPF_READ && value_regno >= 0) @@ -13885,7 +13885,7 @@ static int check_special_kfunc(struct bpf_verifier_env *env, struct bpf_kfunc_ca verbose(env, "the prog does not allow writes to packet data\n"); return -EINVAL; } - env->seen_direct_write = true; + env->seen_packet_access |= PA_F_DIRECT_WRITE; } if (!meta->initialized_dynptr.id) { @@ -21758,6 +21758,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) struct bpf_prog *new_prog; enum bpf_access_type type; bool is_narrower_load; + bool seen_direct_write; int epilogue_idx = 0; if (ops->gen_epilogue) { @@ -21785,13 +21786,13 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) } } - if (ops->gen_prologue || env->seen_direct_write) { + seen_direct_write = env->seen_packet_access & PA_F_DIRECT_WRITE; + if (ops->gen_prologue || seen_direct_write) { if (!ops->gen_prologue) { verifier_bug(env, "gen_prologue is null"); return -EFAULT; } - cnt = ops->gen_prologue(insn_buf, env->seen_direct_write, - env->prog); + cnt = ops->gen_prologue(insn_buf, seen_direct_write, env->prog); if (cnt >= INSN_BUF_SIZE) { verifier_bug(env, "prologue is too long"); return -EFAULT; -- 2.43.0