Skip to content

Commit a8f500a

Browse files
Alexei Starovoitovborkmann
Alexei Starovoitov
authored and
borkmann
committed
bpf: split explored_states
split explored_states into prune_point boolean mark and link list of explored states. This removes STATE_LIST_MARK hack and allows marks to be separate from states. Signed-off-by: Alexei Starovoitov <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
1 parent 5d83902 commit a8f500a

File tree

2 files changed

+14
-18
lines changed

2 files changed

+14
-18
lines changed

include/linux/bpf_verifier.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -233,6 +233,7 @@ struct bpf_insn_aux_data {
233233
int sanitize_stack_off; /* stack slot to be cleared */
234234
bool seen; /* this insn was processed by the verifier */
235235
u8 alu_state; /* used in combination with alu_limit */
236+
bool prune_point;
236237
unsigned int orig_idx; /* original instruction index */
237238
};
238239

kernel/bpf/verifier.c

Lines changed: 13 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -5436,7 +5436,6 @@ enum {
54365436
BRANCH = 2,
54375437
};
54385438

5439-
#define STATE_LIST_MARK ((struct bpf_verifier_state_list *) -1L)
54405439
static struct bpf_verifier_state_list **explored_state(
54415440
struct bpf_verifier_env *env,
54425441
int idx)
@@ -5446,7 +5445,7 @@ static struct bpf_verifier_state_list **explored_state(
54465445

54475446
static void init_explored_state(struct bpf_verifier_env *env, int idx)
54485447
{
5449-
env->explored_states[idx] = STATE_LIST_MARK;
5448+
env->insn_aux_data[idx].prune_point = true;
54505449
}
54515450

54525451
/* t, w, e - match pseudo-code above:
@@ -6018,10 +6017,7 @@ static void clean_live_states(struct bpf_verifier_env *env, int insn,
60186017
int i;
60196018

60206019
sl = *explored_state(env, insn);
6021-
if (!sl)
6022-
return;
6023-
6024-
while (sl != STATE_LIST_MARK) {
6020+
while (sl) {
60256021
if (sl->state.curframe != cur->curframe)
60266022
goto next;
60276023
for (i = 0; i <= cur->curframe; i++)
@@ -6376,18 +6372,18 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
63766372
struct bpf_verifier_state *cur = env->cur_state, *new;
63776373
int i, j, err, states_cnt = 0;
63786374

6379-
pprev = explored_state(env, insn_idx);
6380-
sl = *pprev;
6381-
6382-
if (!sl)
6375+
if (!env->insn_aux_data[insn_idx].prune_point)
63836376
/* this 'insn_idx' instruction wasn't marked, so we will not
63846377
* be doing state search here
63856378
*/
63866379
return 0;
63876380

6381+
pprev = explored_state(env, insn_idx);
6382+
sl = *pprev;
6383+
63886384
clean_live_states(env, insn_idx, cur);
63896385

6390-
while (sl != STATE_LIST_MARK) {
6386+
while (sl) {
63916387
if (states_equal(env, &sl->state, cur)) {
63926388
sl->hit_cnt++;
63936389
/* reached equivalent register/stack state,
@@ -8145,13 +8141,12 @@ static void free_states(struct bpf_verifier_env *env)
81458141
for (i = 0; i < env->prog->len; i++) {
81468142
sl = env->explored_states[i];
81478143

8148-
if (sl)
8149-
while (sl != STATE_LIST_MARK) {
8150-
sln = sl->next;
8151-
free_verifier_state(&sl->state, false);
8152-
kfree(sl);
8153-
sl = sln;
8154-
}
8144+
while (sl) {
8145+
sln = sl->next;
8146+
free_verifier_state(&sl->state, false);
8147+
kfree(sl);
8148+
sl = sln;
8149+
}
81558150
}
81568151

81578152
kvfree(env->explored_states);

0 commit comments

Comments
 (0)