Skip to content

Commit 3d0220f

Browse files
borkmannborkmann
committed
bpf: Wrap aux data inside bpf_sanitize_info container
Add a container structure struct bpf_sanitize_info which holds the current aux info, and update call-sites to sanitize_ptr_alu() to pass it in. This is needed for passing in additional state later on. Signed-off-by: Daniel Borkmann <[email protected]> Reviewed-by: Piotr Krysiuk <[email protected]> Acked-by: Alexei Starovoitov <[email protected]>
1 parent 5c9d706 commit 3d0220f

File tree

1 file changed

+11
-7
lines changed

1 file changed

+11
-7
lines changed

kernel/bpf/verifier.c

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6486,15 +6486,19 @@ static bool sanitize_needed(u8 opcode)
64866486
return opcode == BPF_ADD || opcode == BPF_SUB;
64876487
}
64886488

6489+
struct bpf_sanitize_info {
6490+
struct bpf_insn_aux_data aux;
6491+
};
6492+
64896493
static int sanitize_ptr_alu(struct bpf_verifier_env *env,
64906494
struct bpf_insn *insn,
64916495
const struct bpf_reg_state *ptr_reg,
64926496
const struct bpf_reg_state *off_reg,
64936497
struct bpf_reg_state *dst_reg,
6494-
struct bpf_insn_aux_data *tmp_aux,
6498+
struct bpf_sanitize_info *info,
64956499
const bool commit_window)
64966500
{
6497-
struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : tmp_aux;
6501+
struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : &info->aux;
64986502
struct bpf_verifier_state *vstate = env->cur_state;
64996503
bool off_is_imm = tnum_is_const(off_reg->var_off);
65006504
bool off_is_neg = off_reg->smin_value < 0;
@@ -6523,8 +6527,8 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env,
65236527
/* In commit phase we narrow the masking window based on
65246528
* the observed pointer move after the simulated operation.
65256529
*/
6526-
alu_state = tmp_aux->alu_state;
6527-
alu_limit = abs(tmp_aux->alu_limit - alu_limit);
6530+
alu_state = info->aux.alu_state;
6531+
alu_limit = abs(info->aux.alu_limit - alu_limit);
65286532
} else {
65296533
alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0;
65306534
alu_state |= off_is_imm ? BPF_ALU_IMMEDIATE : 0;
@@ -6685,7 +6689,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
66856689
smin_ptr = ptr_reg->smin_value, smax_ptr = ptr_reg->smax_value;
66866690
u64 umin_val = off_reg->umin_value, umax_val = off_reg->umax_value,
66876691
umin_ptr = ptr_reg->umin_value, umax_ptr = ptr_reg->umax_value;
6688-
struct bpf_insn_aux_data tmp_aux = {};
6692+
struct bpf_sanitize_info info = {};
66896693
u8 opcode = BPF_OP(insn->code);
66906694
u32 dst = insn->dst_reg;
66916695
int ret;
@@ -6754,7 +6758,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
67546758

67556759
if (sanitize_needed(opcode)) {
67566760
ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg,
6757-
&tmp_aux, false);
6761+
&info, false);
67586762
if (ret < 0)
67596763
return sanitize_err(env, insn, ret, off_reg, dst_reg);
67606764
}
@@ -6895,7 +6899,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
68956899
return -EACCES;
68966900
if (sanitize_needed(opcode)) {
68976901
ret = sanitize_ptr_alu(env, insn, dst_reg, off_reg, dst_reg,
6898-
&tmp_aux, true);
6902+
&info, true);
68996903
if (ret < 0)
69006904
return sanitize_err(env, insn, ret, off_reg, dst_reg);
69016905
}

0 commit comments

Comments
 (0)