Skip to content

Commit 48946bd

Browse files
haoluo1022Alexei Starovoitov
authored and
Alexei Starovoitov
committed
bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL
We have introduced a new type to make bpf_arg composable, by reserving high bits of bpf_arg to represent flags of a type. One of the flags is PTR_MAYBE_NULL which indicates a pointer may be NULL. When applying this flag to an arg_type, it means the arg can take NULL pointer. This patch switches the qualified arg_types to use this flag. The arg_types changed in this patch include: 1. ARG_PTR_TO_MAP_VALUE_OR_NULL 2. ARG_PTR_TO_MEM_OR_NULL 3. ARG_PTR_TO_CTX_OR_NULL 4. ARG_PTR_TO_SOCKET_OR_NULL 5. ARG_PTR_TO_ALLOC_MEM_OR_NULL 6. ARG_PTR_TO_STACK_OR_NULL This patch does not eliminate the use of these arg_types, instead it makes them an alias to the 'ARG_XXX | PTR_MAYBE_NULL'. Signed-off-by: Hao Luo <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]
1 parent d639b9d commit 48946bd

File tree

2 files changed

+23
-31
lines changed

2 files changed

+23
-31
lines changed

include/linux/bpf.h

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -331,13 +331,11 @@ enum bpf_arg_type {
331331
ARG_PTR_TO_MAP_KEY, /* pointer to stack used as map key */
332332
ARG_PTR_TO_MAP_VALUE, /* pointer to stack used as map value */
333333
ARG_PTR_TO_UNINIT_MAP_VALUE, /* pointer to valid memory used to store a map value */
334-
ARG_PTR_TO_MAP_VALUE_OR_NULL, /* pointer to stack used as map value or NULL */
335334

336335
/* the following constraints used to prototype bpf_memcmp() and other
337336
* functions that access data on eBPF program stack
338337
*/
339338
ARG_PTR_TO_MEM, /* pointer to valid memory (stack, packet, map value) */
340-
ARG_PTR_TO_MEM_OR_NULL, /* pointer to valid memory or NULL */
341339
ARG_PTR_TO_UNINIT_MEM, /* pointer to memory does not need to be initialized,
342340
* helper function must fill all bytes or clear
343341
* them in error case.
@@ -347,26 +345,31 @@ enum bpf_arg_type {
347345
ARG_CONST_SIZE_OR_ZERO, /* number of bytes accessed from memory or 0 */
348346

349347
ARG_PTR_TO_CTX, /* pointer to context */
350-
ARG_PTR_TO_CTX_OR_NULL, /* pointer to context or NULL */
351348
ARG_ANYTHING, /* any (initialized) argument is ok */
352349
ARG_PTR_TO_SPIN_LOCK, /* pointer to bpf_spin_lock */
353350
ARG_PTR_TO_SOCK_COMMON, /* pointer to sock_common */
354351
ARG_PTR_TO_INT, /* pointer to int */
355352
ARG_PTR_TO_LONG, /* pointer to long */
356353
ARG_PTR_TO_SOCKET, /* pointer to bpf_sock (fullsock) */
357-
ARG_PTR_TO_SOCKET_OR_NULL, /* pointer to bpf_sock (fullsock) or NULL */
358354
ARG_PTR_TO_BTF_ID, /* pointer to in-kernel struct */
359355
ARG_PTR_TO_ALLOC_MEM, /* pointer to dynamically allocated memory */
360-
ARG_PTR_TO_ALLOC_MEM_OR_NULL, /* pointer to dynamically allocated memory or NULL */
361356
ARG_CONST_ALLOC_SIZE_OR_ZERO, /* number of allocated bytes requested */
362357
ARG_PTR_TO_BTF_ID_SOCK_COMMON, /* pointer to in-kernel sock_common or bpf-mirrored bpf_sock */
363358
ARG_PTR_TO_PERCPU_BTF_ID, /* pointer to in-kernel percpu type */
364359
ARG_PTR_TO_FUNC, /* pointer to a bpf program function */
365-
ARG_PTR_TO_STACK_OR_NULL, /* pointer to stack or NULL */
360+
ARG_PTR_TO_STACK, /* pointer to stack */
366361
ARG_PTR_TO_CONST_STR, /* pointer to a null terminated read-only string */
367362
ARG_PTR_TO_TIMER, /* pointer to bpf_timer */
368363
__BPF_ARG_TYPE_MAX,
369364

365+
/* Extended arg_types. */
366+
ARG_PTR_TO_MAP_VALUE_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_MAP_VALUE,
367+
ARG_PTR_TO_MEM_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_MEM,
368+
ARG_PTR_TO_CTX_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_CTX,
369+
ARG_PTR_TO_SOCKET_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_SOCKET,
370+
ARG_PTR_TO_ALLOC_MEM_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_ALLOC_MEM,
371+
ARG_PTR_TO_STACK_OR_NULL = PTR_MAYBE_NULL | ARG_PTR_TO_STACK,
372+
370373
/* This must be the last entry. Its purpose is to ensure the enum is
371374
* wide enough to hold the higher bits reserved for bpf_type_flag.
372375
*/

kernel/bpf/verifier.c

Lines changed: 14 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -475,14 +475,9 @@ static bool arg_type_may_be_refcounted(enum bpf_arg_type type)
475475
return type == ARG_PTR_TO_SOCK_COMMON;
476476
}
477477

478-
static bool arg_type_may_be_null(enum bpf_arg_type type)
478+
static bool type_may_be_null(u32 type)
479479
{
480-
return type == ARG_PTR_TO_MAP_VALUE_OR_NULL ||
481-
type == ARG_PTR_TO_MEM_OR_NULL ||
482-
type == ARG_PTR_TO_CTX_OR_NULL ||
483-
type == ARG_PTR_TO_SOCKET_OR_NULL ||
484-
type == ARG_PTR_TO_ALLOC_MEM_OR_NULL ||
485-
type == ARG_PTR_TO_STACK_OR_NULL;
480+
return type & PTR_MAYBE_NULL;
486481
}
487482

488483
/* Determine whether the function releases some resources allocated by another
@@ -5016,9 +5011,8 @@ static int process_timer_func(struct bpf_verifier_env *env, int regno,
50165011

50175012
static bool arg_type_is_mem_ptr(enum bpf_arg_type type)
50185013
{
5019-
return type == ARG_PTR_TO_MEM ||
5020-
type == ARG_PTR_TO_MEM_OR_NULL ||
5021-
type == ARG_PTR_TO_UNINIT_MEM;
5014+
return base_type(type) == ARG_PTR_TO_MEM ||
5015+
base_type(type) == ARG_PTR_TO_UNINIT_MEM;
50225016
}
50235017

50245018
static bool arg_type_is_mem_size(enum bpf_arg_type type)
@@ -5155,31 +5149,26 @@ static const struct bpf_reg_types *compatible_reg_types[__BPF_ARG_TYPE_MAX] = {
51555149
[ARG_PTR_TO_MAP_KEY] = &map_key_value_types,
51565150
[ARG_PTR_TO_MAP_VALUE] = &map_key_value_types,
51575151
[ARG_PTR_TO_UNINIT_MAP_VALUE] = &map_key_value_types,
5158-
[ARG_PTR_TO_MAP_VALUE_OR_NULL] = &map_key_value_types,
51595152
[ARG_CONST_SIZE] = &scalar_types,
51605153
[ARG_CONST_SIZE_OR_ZERO] = &scalar_types,
51615154
[ARG_CONST_ALLOC_SIZE_OR_ZERO] = &scalar_types,
51625155
[ARG_CONST_MAP_PTR] = &const_map_ptr_types,
51635156
[ARG_PTR_TO_CTX] = &context_types,
5164-
[ARG_PTR_TO_CTX_OR_NULL] = &context_types,
51655157
[ARG_PTR_TO_SOCK_COMMON] = &sock_types,
51665158
#ifdef CONFIG_NET
51675159
[ARG_PTR_TO_BTF_ID_SOCK_COMMON] = &btf_id_sock_common_types,
51685160
#endif
51695161
[ARG_PTR_TO_SOCKET] = &fullsock_types,
5170-
[ARG_PTR_TO_SOCKET_OR_NULL] = &fullsock_types,
51715162
[ARG_PTR_TO_BTF_ID] = &btf_ptr_types,
51725163
[ARG_PTR_TO_SPIN_LOCK] = &spin_lock_types,
51735164
[ARG_PTR_TO_MEM] = &mem_types,
5174-
[ARG_PTR_TO_MEM_OR_NULL] = &mem_types,
51755165
[ARG_PTR_TO_UNINIT_MEM] = &mem_types,
51765166
[ARG_PTR_TO_ALLOC_MEM] = &alloc_mem_types,
5177-
[ARG_PTR_TO_ALLOC_MEM_OR_NULL] = &alloc_mem_types,
51785167
[ARG_PTR_TO_INT] = &int_ptr_types,
51795168
[ARG_PTR_TO_LONG] = &int_ptr_types,
51805169
[ARG_PTR_TO_PERCPU_BTF_ID] = &percpu_btf_ptr_types,
51815170
[ARG_PTR_TO_FUNC] = &func_ptr_types,
5182-
[ARG_PTR_TO_STACK_OR_NULL] = &stack_ptr_types,
5171+
[ARG_PTR_TO_STACK] = &stack_ptr_types,
51835172
[ARG_PTR_TO_CONST_STR] = &const_str_ptr_types,
51845173
[ARG_PTR_TO_TIMER] = &timer_types,
51855174
};
@@ -5193,7 +5182,7 @@ static int check_reg_type(struct bpf_verifier_env *env, u32 regno,
51935182
const struct bpf_reg_types *compatible;
51945183
int i, j;
51955184

5196-
compatible = compatible_reg_types[arg_type];
5185+
compatible = compatible_reg_types[base_type(arg_type)];
51975186
if (!compatible) {
51985187
verbose(env, "verifier internal error: unsupported arg type %d\n", arg_type);
51995188
return -EFAULT;
@@ -5274,15 +5263,14 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
52745263
return -EACCES;
52755264
}
52765265

5277-
if (arg_type == ARG_PTR_TO_MAP_VALUE ||
5278-
arg_type == ARG_PTR_TO_UNINIT_MAP_VALUE ||
5279-
arg_type == ARG_PTR_TO_MAP_VALUE_OR_NULL) {
5266+
if (base_type(arg_type) == ARG_PTR_TO_MAP_VALUE ||
5267+
base_type(arg_type) == ARG_PTR_TO_UNINIT_MAP_VALUE) {
52805268
err = resolve_map_arg_type(env, meta, &arg_type);
52815269
if (err)
52825270
return err;
52835271
}
52845272

5285-
if (register_is_null(reg) && arg_type_may_be_null(arg_type))
5273+
if (register_is_null(reg) && type_may_be_null(arg_type))
52865274
/* A NULL register has a SCALAR_VALUE type, so skip
52875275
* type checking.
52885276
*/
@@ -5351,10 +5339,11 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
53515339
err = check_helper_mem_access(env, regno,
53525340
meta->map_ptr->key_size, false,
53535341
NULL);
5354-
} else if (arg_type == ARG_PTR_TO_MAP_VALUE ||
5355-
(arg_type == ARG_PTR_TO_MAP_VALUE_OR_NULL &&
5356-
!register_is_null(reg)) ||
5357-
arg_type == ARG_PTR_TO_UNINIT_MAP_VALUE) {
5342+
} else if (base_type(arg_type) == ARG_PTR_TO_MAP_VALUE ||
5343+
base_type(arg_type) == ARG_PTR_TO_UNINIT_MAP_VALUE) {
5344+
if (type_may_be_null(arg_type) && register_is_null(reg))
5345+
return 0;
5346+
53585347
/* bpf_map_xxx(..., map_ptr, ..., value) call:
53595348
* check [value, value + map->value_size) validity
53605349
*/

0 commit comments

Comments
 (0)