提交 2f46e0c1 编写于 作者: J Jakub Kicinski 提交者: Alexei Starovoitov

nfp: bpf: add helper for validating stack pointers

Our implementation has restriction on stack pointers for function
calls.  Move the common checks into a helper for reuse.  The state
has to be encapsulated into a structure to support parameters
other than BPF_REG_2.
Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com>
Reviewed-by: NJiong Wang <jiong.wang@netronome.com>
Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
上级 fc448497
...@@ -1366,8 +1366,8 @@ map_call_stack_common(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta) ...@@ -1366,8 +1366,8 @@ map_call_stack_common(struct nfp_prog *nfp_prog, struct nfp_insn_meta *meta)
/* We only have to reload LM0 if the key is not at start of stack */ /* We only have to reload LM0 if the key is not at start of stack */
lm_off = nfp_prog->stack_depth; lm_off = nfp_prog->stack_depth;
lm_off += meta->arg2.var_off.value + meta->arg2.off; lm_off += meta->arg2.reg.var_off.value + meta->arg2.reg.off;
load_lm_ptr = meta->arg2_var_off || lm_off; load_lm_ptr = meta->arg2.var_off || lm_off;
/* Set LM0 to start of key */ /* Set LM0 to start of key */
if (load_lm_ptr) if (load_lm_ptr)
......
...@@ -190,6 +190,16 @@ typedef int (*instr_cb_t)(struct nfp_prog *, struct nfp_insn_meta *); ...@@ -190,6 +190,16 @@ typedef int (*instr_cb_t)(struct nfp_prog *, struct nfp_insn_meta *);
#define nfp_meta_next(meta) list_next_entry(meta, l) #define nfp_meta_next(meta) list_next_entry(meta, l)
#define nfp_meta_prev(meta) list_prev_entry(meta, l) #define nfp_meta_prev(meta) list_prev_entry(meta, l)
/**
* struct nfp_bpf_reg_state - register state for calls
* @reg: BPF register state from latest path
* @var_off: for stack arg - changes stack offset on different paths
*/
struct nfp_bpf_reg_state {
struct bpf_reg_state reg;
bool var_off;
};
#define FLAG_INSN_IS_JUMP_DST BIT(0) #define FLAG_INSN_IS_JUMP_DST BIT(0)
/** /**
...@@ -207,7 +217,6 @@ typedef int (*instr_cb_t)(struct nfp_prog *, struct nfp_insn_meta *); ...@@ -207,7 +217,6 @@ typedef int (*instr_cb_t)(struct nfp_prog *, struct nfp_insn_meta *);
* @func_id: function id for call instructions * @func_id: function id for call instructions
* @arg1: arg1 for call instructions * @arg1: arg1 for call instructions
* @arg2: arg2 for call instructions * @arg2: arg2 for call instructions
* @arg2_var_off: arg2 changes stack offset on different paths
* @off: index of first generated machine instruction (in nfp_prog.prog) * @off: index of first generated machine instruction (in nfp_prog.prog)
* @n: eBPF instruction number * @n: eBPF instruction number
* @flags: eBPF instruction extra optimization flags * @flags: eBPF instruction extra optimization flags
...@@ -233,8 +242,7 @@ struct nfp_insn_meta { ...@@ -233,8 +242,7 @@ struct nfp_insn_meta {
struct { struct {
u32 func_id; u32 func_id;
struct bpf_reg_state arg1; struct bpf_reg_state arg1;
struct bpf_reg_state arg2; struct nfp_bpf_reg_state arg2;
bool arg2_var_off;
}; };
}; };
unsigned int off; unsigned int off;
......
...@@ -97,7 +97,7 @@ nfp_record_adjust_head(struct nfp_app_bpf *bpf, struct nfp_prog *nfp_prog, ...@@ -97,7 +97,7 @@ nfp_record_adjust_head(struct nfp_app_bpf *bpf, struct nfp_prog *nfp_prog,
if (nfp_prog->adjust_head_location != meta->n) if (nfp_prog->adjust_head_location != meta->n)
goto exit_set_location; goto exit_set_location;
if (meta->arg2.var_off.value != imm) if (meta->arg2.reg.var_off.value != imm)
goto exit_set_location; goto exit_set_location;
} }
...@@ -106,6 +106,39 @@ nfp_record_adjust_head(struct nfp_app_bpf *bpf, struct nfp_prog *nfp_prog, ...@@ -106,6 +106,39 @@ nfp_record_adjust_head(struct nfp_app_bpf *bpf, struct nfp_prog *nfp_prog,
nfp_prog->adjust_head_location = location; nfp_prog->adjust_head_location = location;
} }
static int
nfp_bpf_stack_arg_ok(const char *fname, struct bpf_verifier_env *env,
const struct bpf_reg_state *reg,
struct nfp_bpf_reg_state *old_arg)
{
s64 off, old_off;
if (reg->type != PTR_TO_STACK) {
pr_vlog(env, "%s: unsupported ptr type %d\n",
fname, reg->type);
return false;
}
if (!tnum_is_const(reg->var_off)) {
pr_vlog(env, "%s: variable pointer\n", fname);
return false;
}
off = reg->var_off.value + reg->off;
if (-off % 4) {
pr_vlog(env, "%s: unaligned stack pointer %lld\n", fname, -off);
return false;
}
/* Rest of the checks is only if we re-parse the same insn */
if (!old_arg)
return true;
old_off = old_arg->reg.var_off.value + old_arg->reg.off;
old_arg->var_off |= off != old_off;
return true;
}
static int static int
nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env, nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env,
struct nfp_insn_meta *meta) struct nfp_insn_meta *meta)
...@@ -114,7 +147,6 @@ nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env, ...@@ -114,7 +147,6 @@ nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env,
const struct bpf_reg_state *reg2 = cur_regs(env) + BPF_REG_2; const struct bpf_reg_state *reg2 = cur_regs(env) + BPF_REG_2;
struct nfp_app_bpf *bpf = nfp_prog->bpf; struct nfp_app_bpf *bpf = nfp_prog->bpf;
u32 func_id = meta->insn.imm; u32 func_id = meta->insn.imm;
s64 off, old_off;
switch (func_id) { switch (func_id) {
case BPF_FUNC_xdp_adjust_head: case BPF_FUNC_xdp_adjust_head:
...@@ -135,32 +167,15 @@ nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env, ...@@ -135,32 +167,15 @@ nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env,
pr_vlog(env, "map_lookup: not supported by FW\n"); pr_vlog(env, "map_lookup: not supported by FW\n");
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
if (reg2->type != PTR_TO_STACK) {
pr_vlog(env,
"map_lookup: unsupported key ptr type %d\n",
reg2->type);
return -EOPNOTSUPP;
}
if (!tnum_is_const(reg2->var_off)) {
pr_vlog(env, "map_lookup: variable key pointer\n");
return -EOPNOTSUPP;
}
off = reg2->var_off.value + reg2->off; if (!nfp_bpf_stack_arg_ok("map_lookup", env, reg2,
if (-off % 4) { meta->func_id ? &meta->arg2 : NULL))
pr_vlog(env,
"map_lookup: unaligned stack pointer %lld\n",
-off);
return -EOPNOTSUPP; return -EOPNOTSUPP;
}
/* Rest of the checks is only if we re-parse the same insn */ /* Rest of the checks is only if we re-parse the same insn */
if (!meta->func_id) if (!meta->func_id)
break; break;
old_off = meta->arg2.var_off.value + meta->arg2.off;
meta->arg2_var_off |= off != old_off;
if (meta->arg1.map_ptr != reg1->map_ptr) { if (meta->arg1.map_ptr != reg1->map_ptr) {
pr_vlog(env, "map_lookup: called for different map\n"); pr_vlog(env, "map_lookup: called for different map\n");
return -EOPNOTSUPP; return -EOPNOTSUPP;
...@@ -173,7 +188,7 @@ nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env, ...@@ -173,7 +188,7 @@ nfp_bpf_check_call(struct nfp_prog *nfp_prog, struct bpf_verifier_env *env,
meta->func_id = func_id; meta->func_id = func_id;
meta->arg1 = *reg1; meta->arg1 = *reg1;
meta->arg2 = *reg2; meta->arg2.reg = *reg2;
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册