• J
    bpf: allow access into map value arrays · 48461135
    Josef Bacik 提交于
    Suppose you have a map array value that is something like this
    
    struct foo {
    	unsigned iter;
    	int array[SOME_CONSTANT];
    };
    
    You can easily insert this into an array, but you cannot modify the contents of
    foo->array[] after the fact.  This is because we have no way to verify we won't
    go off the end of the array at verification time.  This patch provides a start
    for this work.  We accomplish this by keeping track of a minimum and maximum
    value a register could be while we're checking the code.  Then at the time we
    try to do an access into a MAP_VALUE we verify that the maximum offset into that
    region is a valid access into that memory region.  So in practice, code such as
    this
    
    unsigned index = 0;
    
    if (foo->iter >= SOME_CONSTANT)
    	foo->iter = index;
    else
    	index = foo->iter++;
    foo->array[index] = bar;
    
    would be allowed, as we can verify that index will always be between 0 and
    SOME_CONSTANT-1.  If you wish to use signed values you'll have to have an extra
    check to make sure the index isn't less than 0, or do something like index %=
    SOME_CONSTANT.
    Signed-off-by: NJosef Bacik <jbacik@fb.com>
    Acked-by: NAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    48461135
verifier.c 89.5 KB