From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: davem@davemloft.net
Cc: daniel@iogearbox.net, andrii@kernel.org, netdev@vger.kernel.org,
bpf@vger.kernel.org, kernel-team@fb.com
Subject: [PATCH v6 bpf-next 09/11] bpf: Teach stack depth check about async callbacks.
Date: Tue, 13 Jul 2021 18:05:17 -0700 [thread overview]
Message-ID: <20210714010519.37922-10-alexei.starovoitov@gmail.com> (raw)
In-Reply-To: <20210714010519.37922-1-alexei.starovoitov@gmail.com>
From: Alexei Starovoitov <ast@kernel.org>
Teach max stack depth checking algorithm about async callbacks
that don't increase bpf program stack size.
Also add sanity check that bpf_tail_call didn't sneak into async cb.
It's impossible, since PTR_TO_CTX is not available in async cb,
hence the program cannot contain bpf_tail_call(ctx,...);
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
---
include/linux/bpf_verifier.h | 1 +
kernel/bpf/verifier.c | 18 +++++++++++++++---
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 242d0b1a0772..b847e1ccd10f 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -406,6 +406,7 @@ struct bpf_subprog_info {
bool has_tail_call;
bool tail_call_reachable;
bool has_ld_abs;
+ bool is_async_cb;
};
/* single container for all structs
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index ab6ce598a652..84f67580ab19 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3709,6 +3709,8 @@ static int check_max_stack_depth(struct bpf_verifier_env *env)
continue_func:
subprog_end = subprog[idx + 1].start;
for (; i < subprog_end; i++) {
+ int next_insn;
+
if (!bpf_pseudo_call(insn + i) && !bpf_pseudo_func(insn + i))
continue;
/* remember insn and function to return to */
@@ -3716,13 +3718,22 @@ static int check_max_stack_depth(struct bpf_verifier_env *env)
ret_prog[frame] = idx;
/* find the callee */
- i = i + insn[i].imm + 1;
- idx = find_subprog(env, i);
+ next_insn = i + insn[i].imm + 1;
+ idx = find_subprog(env, next_insn);
if (idx < 0) {
WARN_ONCE(1, "verifier bug. No program starts at insn %d\n",
- i);
+ next_insn);
return -EFAULT;
}
+ if (subprog[idx].is_async_cb) {
+ if (subprog[idx].has_tail_call) {
+ verbose(env, "verifier bug. subprog has tail_call and async cb\n");
+ return -EFAULT;
+ }
+ /* async callbacks don't increase bpf prog stack size */
+ continue;
+ }
+ i = next_insn;
if (subprog[idx].has_tail_call)
tail_call_reachable = true;
@@ -5761,6 +5772,7 @@ static int __check_func_call(struct bpf_verifier_env *env, struct bpf_insn *insn
struct bpf_verifier_state *async_cb;
/* there is no real recursion here. timer callbacks are async */
+ env->subprog_info[subprog].is_async_cb = true;
async_cb = push_async_cb(env, env->subprog_info[subprog].start,
*insn_idx, subprog);
if (!async_cb)
--
2.30.2
next prev parent reply other threads:[~2021-07-14 1:05 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-14 1:05 [PATCH v6 bpf-next 00/11] bpf: Introduce BPF timers Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 01/11] bpf: Prepare bpf_prog_put() to be called from irq context Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 02/11] bpf: Factor out bpf_spin_lock into helpers Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 03/11] bpf: Introduce bpf timers Alexei Starovoitov
2021-07-14 23:59 ` Andrii Nakryiko
2021-07-15 0:43 ` Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 04/11] bpf: Add map side support for " Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 05/11] bpf: Prevent pointer mismatch in bpf_timer_init Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 06/11] bpf: Remember BTF of inner maps Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 07/11] bpf: Relax verifier recursion check Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 08/11] bpf: Implement verifier support for validation of async callbacks Alexei Starovoitov
2021-07-14 1:05 ` Alexei Starovoitov [this message]
2021-07-14 1:05 ` [PATCH v6 bpf-next 10/11] selftests/bpf: Add bpf_timer test Alexei Starovoitov
2021-07-14 1:05 ` [PATCH v6 bpf-next 11/11] selftests/bpf: Add a test with bpf_timer in inner map Alexei Starovoitov
2021-07-14 23:59 ` [PATCH v6 bpf-next 00/11] bpf: Introduce BPF timers Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210714010519.37922-10-alexei.starovoitov@gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.