superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bpf: compute instructions postorder per subprogram 

The next patch would require doing postorder traversal of individual
subprograms. Facilitate this by moving env->cfg.insn_postorder
computation from check_cfg() to a separate pass, as check_cfg()
descends into called subprograms (and it needs to, because of
merge_callee_effects() logic).

env->cfg.insn_postorder is used only by compute_live_registers(),
this function does not track cross subprogram dependencies,
thus the change does not affect it's operation.

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250918-callchain-sensitive-liveness-v3-5-c3cd27bacc60@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
pull/1354/merge
Eduard Zingerman 2025-09-18 19:18:38 -07:00 committed by Alexei Starovoitov
parent 3b20d3c120
commit efcda22aa5
2 changed files with 60 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/linux/bpf_verifier.h
View File

@ -665,6 +665,7 @@ struct bpf_subprog_info {
/* 'start' has to be the first field otherwise find_subprog() won't work */ /* 'start' has to be the first field otherwise find_subprog() won't work */
u32 start; /* insn idx of function entry point */ u32 start; /* insn idx of function entry point */
u32 linfo_idx; /* The idx to the main_prog->aux->linfo */ u32 linfo_idx; /* The idx to the main_prog->aux->linfo */
u32 postorder_start; /* The idx to the env->cfg.insn_postorder */
u16 stack_depth; /* max. stack depth used by this function */ u16 stack_depth; /* max. stack depth used by this function */
u16 stack_extra; u16 stack_extra;
/* offsets in range [stack_depth .. fastcall_stack_off) /* offsets in range [stack_depth .. fastcall_stack_off)
@ -794,7 +795,10 @@ struct bpf_verifier_env {
struct { struct {
int *insn_state; int *insn_state;
int *insn_stack; int *insn_stack;
/* vector of instruction indexes sorted in post-order */ /*
* vector of instruction indexes sorted in post-order, grouped by subprogram,
* see bpf_subprog_info->postorder_start.
*/
int *insn_postorder; int *insn_postorder;
int cur_stack; int cur_stack;
/* current position in the insn_postorder vector */ /* current position in the insn_postorder vector */

68
kernel/bpf/verifier.c
View File

@ -17863,7 +17863,7 @@ static int visit_insn(int t, struct bpf_verifier_env *env)
static int check_cfg(struct bpf_verifier_env *env) static int check_cfg(struct bpf_verifier_env *env)
{ {
int insn_cnt = env->prog->len; int insn_cnt = env->prog->len;
int *insn_stack, *insn_state, *insn_postorder; int *insn_stack, *insn_state;
int ex_insn_beg, i, ret = 0; int ex_insn_beg, i, ret = 0;
insn_state = env->cfg.insn_state = kvcalloc(insn_cnt, sizeof(int), GFP_KERNEL_ACCOUNT); insn_state = env->cfg.insn_state = kvcalloc(insn_cnt, sizeof(int), GFP_KERNEL_ACCOUNT);
@ -17876,14 +17876,6 @@ static int check_cfg(struct bpf_verifier_env *env)
return -ENOMEM; return -ENOMEM;
} }
insn_postorder = env->cfg.insn_postorder =
kvcalloc(insn_cnt, sizeof(int), GFP_KERNEL_ACCOUNT);
if (!insn_postorder) {
kvfree(insn_state);
kvfree(insn_stack);
return -ENOMEM;
}
ex_insn_beg = env->exception_callback_subprog ex_insn_beg = env->exception_callback_subprog
? env->subprog_info[env->exception_callback_subprog].start ? env->subprog_info[env->exception_callback_subprog].start
: 0; : 0;
@ -17901,7 +17893,6 @@ walk_cfg:
case DONE_EXPLORING: case DONE_EXPLORING:
insn_state[t] = EXPLORED; insn_state[t] = EXPLORED;
env->cfg.cur_stack--; env->cfg.cur_stack--;
insn_postorder[env->cfg.cur_postorder++] = t;
break; break;
case KEEP_EXPLORING: case KEEP_EXPLORING:
break; break;
@ -17955,6 +17946,56 @@ err_free:
return ret; return ret;
} }
/*
* For each subprogram 'i' fill array env->cfg.insn_subprogram sub-range
* [env->subprog_info[i].postorder_start, env->subprog_info[i+1].postorder_start)
* with indices of 'i' instructions in postorder.
*/
static int compute_postorder(struct bpf_verifier_env *env)
{
u32 cur_postorder, i, top, stack_sz, s, succ_cnt, succ[2];
int *stack = NULL, *postorder = NULL, *state = NULL;
postorder = kvcalloc(env->prog->len, sizeof(int), GFP_KERNEL_ACCOUNT);
state = kvcalloc(env->prog->len, sizeof(int), GFP_KERNEL_ACCOUNT);
stack = kvcalloc(env->prog->len, sizeof(int), GFP_KERNEL_ACCOUNT);
if (!postorder || !state || !stack) {
kvfree(postorder);
kvfree(state);
kvfree(stack);
return -ENOMEM;
}
cur_postorder = 0;
for (i = 0; i < env->subprog_cnt; i++) {
env->subprog_info[i].postorder_start = cur_postorder;
stack[0] = env->subprog_info[i].start;
stack_sz = 1;
do {
top = stack[stack_sz - 1];
state[top] |= DISCOVERED;
if (state[top] & EXPLORED) {
postorder[cur_postorder++] = top;
stack_sz--;
continue;
}
succ_cnt = bpf_insn_successors(env->prog, top, succ);
for (s = 0; s < succ_cnt; ++s) {
if (!state[succ[s]]) {
stack[stack_sz++] = succ[s];
state[succ[s]] |= DISCOVERED;
}
}
state[top] |= EXPLORED;
} while (stack_sz);
}
env->subprog_info[i].postorder_start = cur_postorder;
env->cfg.insn_postorder = postorder;
env->cfg.cur_postorder = cur_postorder;
kvfree(stack);
kvfree(state);
return 0;
}
static int check_abnormal_return(struct bpf_verifier_env *env) static int check_abnormal_return(struct bpf_verifier_env *env)
{ {
int i; int i;
@ -24422,9 +24463,6 @@ static int compute_live_registers(struct bpf_verifier_env *env)
out: out:
kvfree(state); kvfree(state);
kvfree(env->cfg.insn_postorder);
env->cfg.insn_postorder = NULL;
env->cfg.cur_postorder = 0;
return err; return err;
} }
@ -24727,6 +24765,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3
if (ret < 0) if (ret < 0)
goto skip_full_check; goto skip_full_check;
ret = compute_postorder(env);
if (ret < 0)
goto skip_full_check;
ret = check_attach_btf_id(env); ret = check_attach_btf_id(env);
if (ret) if (ret)
goto skip_full_check; goto skip_full_check;