bpf: split explored_states
split explored_states into prune_point boolean mark and link list of explored states. This removes STATE_LIST_MARK hack and allows marks to be separate from states. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This commit is contained in:
parent
5d83902167
commit
a8f500af0c
|
@ -233,6 +233,7 @@ struct bpf_insn_aux_data {
|
|||
int sanitize_stack_off; /* stack slot to be cleared */
|
||||
bool seen; /* this insn was processed by the verifier */
|
||||
u8 alu_state; /* used in combination with alu_limit */
|
||||
bool prune_point;
|
||||
unsigned int orig_idx; /* original instruction index */
|
||||
};
|
||||
|
||||
|
|
|
@ -5436,7 +5436,6 @@ enum {
|
|||
BRANCH = 2,
|
||||
};
|
||||
|
||||
#define STATE_LIST_MARK ((struct bpf_verifier_state_list *) -1L)
|
||||
static struct bpf_verifier_state_list **explored_state(
|
||||
struct bpf_verifier_env *env,
|
||||
int idx)
|
||||
|
@ -5446,7 +5445,7 @@ static struct bpf_verifier_state_list **explored_state(
|
|||
|
||||
static void init_explored_state(struct bpf_verifier_env *env, int idx)
|
||||
{
|
||||
env->explored_states[idx] = STATE_LIST_MARK;
|
||||
env->insn_aux_data[idx].prune_point = true;
|
||||
}
|
||||
|
||||
/* t, w, e - match pseudo-code above:
|
||||
|
@ -6018,10 +6017,7 @@ static void clean_live_states(struct bpf_verifier_env *env, int insn,
|
|||
int i;
|
||||
|
||||
sl = *explored_state(env, insn);
|
||||
if (!sl)
|
||||
return;
|
||||
|
||||
while (sl != STATE_LIST_MARK) {
|
||||
while (sl) {
|
||||
if (sl->state.curframe != cur->curframe)
|
||||
goto next;
|
||||
for (i = 0; i <= cur->curframe; i++)
|
||||
|
@ -6376,18 +6372,18 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
|
|||
struct bpf_verifier_state *cur = env->cur_state, *new;
|
||||
int i, j, err, states_cnt = 0;
|
||||
|
||||
pprev = explored_state(env, insn_idx);
|
||||
sl = *pprev;
|
||||
|
||||
if (!sl)
|
||||
if (!env->insn_aux_data[insn_idx].prune_point)
|
||||
/* this 'insn_idx' instruction wasn't marked, so we will not
|
||||
* be doing state search here
|
||||
*/
|
||||
return 0;
|
||||
|
||||
pprev = explored_state(env, insn_idx);
|
||||
sl = *pprev;
|
||||
|
||||
clean_live_states(env, insn_idx, cur);
|
||||
|
||||
while (sl != STATE_LIST_MARK) {
|
||||
while (sl) {
|
||||
if (states_equal(env, &sl->state, cur)) {
|
||||
sl->hit_cnt++;
|
||||
/* reached equivalent register/stack state,
|
||||
|
@ -8145,13 +8141,12 @@ static void free_states(struct bpf_verifier_env *env)
|
|||
for (i = 0; i < env->prog->len; i++) {
|
||||
sl = env->explored_states[i];
|
||||
|
||||
if (sl)
|
||||
while (sl != STATE_LIST_MARK) {
|
||||
sln = sl->next;
|
||||
free_verifier_state(&sl->state, false);
|
||||
kfree(sl);
|
||||
sl = sln;
|
||||
}
|
||||
while (sl) {
|
||||
sln = sl->next;
|
||||
free_verifier_state(&sl->state, false);
|
||||
kfree(sl);
|
||||
sl = sln;
|
||||
}
|
||||
}
|
||||
|
||||
kvfree(env->explored_states);
|
||||
|
|
Loading…
Reference in New Issue