Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf (5d52c906) · Commits · EulixOS / Software / Kernel

arch/x86/net/bpf_jit_comp.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -570,6 +570,9 @@ static void bpf_tail_call_direct_fixup(struct bpf_prog *prog)

		for (i = 0; i < prog->aux->size_poke_tab; i++) {
		poke = &prog->aux->poke_tab[i];
		if (poke->aux && poke->aux != prog->aux)
		continue;

		WARN_ON_ONCE(READ_ONCE(poke->tailcall_target_stable));

		if (poke->reason != BPF_POKE_REASON_TAIL_CALL)

include/linux/bpf.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -780,6 +780,7 @@ struct bpf_jit_poke_descriptor {
		void *tailcall_target;
		void *tailcall_bypass;
		void *bypass_addr;
		void *aux;
		union {
		struct {
		struct bpf_map *map;

kernel/bpf/core.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -2236,8 +2236,14 @@ static void bpf_prog_free_deferred(struct work_struct *work)
		#endif
		if (aux->dst_trampoline)
		bpf_trampoline_put(aux->dst_trampoline);
		for (i = 0; i < aux->func_cnt; i++)
		for (i = 0; i < aux->func_cnt; i++) {
		/* We can just unlink the subprog poke descriptor table as
		* it was originally linked to the main program and is also
		* released along with it.
		*/
		aux->func[i]->aux->poke_tab = NULL;
		bpf_jit_free(aux->func[i]);
		}
		if (aux->func_cnt) {
		kfree(aux->func);
		bpf_prog_unlock_free(aux->prog);

kernel/bpf/devmap.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -558,7 +558,8 @@ int dev_map_enqueue_multi(struct xdp_buff xdp, struct net_device dev_rx,

		if (map->map_type == BPF_MAP_TYPE_DEVMAP) {
		for (i = 0; i < map->max_entries; i++) {
		dst = READ_ONCE(dtab->netdev_map[i]);
		dst = rcu_dereference_check(dtab->netdev_map[i],
		rcu_read_lock_bh_held());
		if (!is_valid_dst(dst, xdp, exclude_ifindex))
		continue;

		@@ -654,7 +655,8 @@ int dev_map_redirect_multi(struct net_device dev, struct sk_buff skb,

		if (map->map_type == BPF_MAP_TYPE_DEVMAP) {
		for (i = 0; i < map->max_entries; i++) {
		dst = READ_ONCE(dtab->netdev_map[i]);
		dst = rcu_dereference_check(dtab->netdev_map[i],
		rcu_read_lock_bh_held());
		if (!dst \|\| dst->dev->ifindex == exclude_ifindex)
		continue;

kernel/bpf/verifier.c

+21 −39

Original line number	Diff line number	Diff line
		@@ -12121,33 +12121,19 @@ static int jit_subprogs(struct bpf_verifier_env *env)
		goto out_free;
		func[i]->is_func = 1;
		func[i]->aux->func_idx = i;
		/* the btf and func_info will be freed only at prog->aux */
		/* Below members will be freed only at prog->aux */
		func[i]->aux->btf = prog->aux->btf;
		func[i]->aux->func_info = prog->aux->func_info;
		func[i]->aux->poke_tab = prog->aux->poke_tab;
		func[i]->aux->size_poke_tab = prog->aux->size_poke_tab;

		for (j = 0; j < prog->aux->size_poke_tab; j++) {
		u32 insn_idx = prog->aux->poke_tab[j].insn_idx;
		int ret;

		if (!(insn_idx >= subprog_start &&
		insn_idx <= subprog_end))
		continue;

		ret = bpf_jit_add_poke_descriptor(func[i],
		&prog->aux->poke_tab[j]);
		if (ret < 0) {
		verbose(env, "adding tail call poke descriptor failed\n");
		goto out_free;
		}

		func[i]->insnsi[insn_idx - subprog_start].imm = ret + 1;
		struct bpf_jit_poke_descriptor *poke;

		map_ptr = func[i]->aux->poke_tab[ret].tail_call.map;
		ret = map_ptr->ops->map_poke_track(map_ptr, func[i]->aux);
		if (ret < 0) {
		verbose(env, "tracking tail call prog failed\n");
		goto out_free;
		}
		poke = &prog->aux->poke_tab[j];
		if (poke->insn_idx < subprog_end &&
		poke->insn_idx >= subprog_start)
		poke->aux = func[i]->aux;
		}

		/* Use bpf_prog_F_tag to indicate functions in stack traces.
		@@ -12178,18 +12164,6 @@ static int jit_subprogs(struct bpf_verifier_env *env)
		cond_resched();
		}

		/* Untrack main program's aux structs so that during map_poke_run()
		* we will not stumble upon the unfilled poke descriptors; each
		* of the main program's poke descs got distributed across subprogs
		* and got tracked onto map, so we are sure that none of them will
		* be missed after the operation below
		*/
		for (i = 0; i < prog->aux->size_poke_tab; i++) {
		map_ptr = prog->aux->poke_tab[i].tail_call.map;

		map_ptr->ops->map_poke_untrack(map_ptr, prog->aux);
		}

		/* at this point all bpf functions were successfully JITed
		* now populate all bpf_calls with correct addresses and
		* run last pass of JIT
		@@ -12267,14 +12241,22 @@ static int jit_subprogs(struct bpf_verifier_env *env)
		bpf_prog_jit_attempt_done(prog);
		return 0;
		out_free:
		/* We failed JIT'ing, so at this point we need to unregister poke
		* descriptors from subprogs, so that kernel is not attempting to
		* patch it anymore as we're freeing the subprog JIT memory.
		*/
		for (i = 0; i < prog->aux->size_poke_tab; i++) {
		map_ptr = prog->aux->poke_tab[i].tail_call.map;
		map_ptr->ops->map_poke_untrack(map_ptr, prog->aux);
		}
		/* At this point we're guaranteed that poke descriptors are not
		* live anymore. We can just unlink its descriptor table as it's
		* released with the main prog.
		*/
		for (i = 0; i < env->subprog_cnt; i++) {
		if (!func[i])
		continue;

		for (j = 0; j < func[i]->aux->size_poke_tab; j++) {
		map_ptr = func[i]->aux->poke_tab[j].tail_call.map;
		map_ptr->ops->map_poke_untrack(map_ptr, func[i]->aux);
		}
		func[i]->aux->poke_tab = NULL;
		bpf_jit_free(func[i]);
		}
		kfree(func);