Commit 5d839021 authored by Alexei Starovoitov's avatar Alexei Starovoitov Committed by Daniel Borkmann
Browse files

bpf: cleanup explored_states 



clean up explored_states to prep for introduction of hashtable
No functional changes.

Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent 29c677c8

kernel/bpf/verifier.c

+20 −9
Original line number Diff line number Diff line
@@ -5437,6 +5437,17 @@ enum { 
};



#define STATE_LIST_MARK ((struct bpf_verifier_state_list *) -1L)

static struct bpf_verifier_state_list **explored_state(

					struct bpf_verifier_env *env,

					int idx)

{

	return &env->explored_states[idx];

}



static void init_explored_state(struct bpf_verifier_env *env, int idx)

{

	env->explored_states[idx] = STATE_LIST_MARK;

}



/* t, w, e - match pseudo-code above:

 * t - index of current instruction
@@ -5462,7 +5473,7 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env) 


	if (e == BRANCH)

		/* mark branch target for state pruning */

		env->explored_states[w] = STATE_LIST_MARK;

		init_explored_state(env, w);



	if (insn_state[w] == 0) {

		/* tree-edge */
@@ -5530,9 +5541,9 @@ static int check_cfg(struct bpf_verifier_env *env) 
			else if (ret < 0)

				goto err_free;

			if (t + 1 < insn_cnt)

				env->explored_states[t + 1] = STATE_LIST_MARK;

				init_explored_state(env, t + 1);

			if (insns[t].src_reg == BPF_PSEUDO_CALL) {

				env->explored_states[t] = STATE_LIST_MARK;

				init_explored_state(env, t);

				ret = push_insn(t, t + insns[t].imm + 1, BRANCH, env);

				if (ret == 1)

					goto peek_stack;
@@ -5555,10 +5566,10 @@ static int check_cfg(struct bpf_verifier_env *env) 
			 * after every call and jump

			 */

			if (t + 1 < insn_cnt)

				env->explored_states[t + 1] = STATE_LIST_MARK;

				init_explored_state(env, t + 1);

		} else {

			/* conditional jump with two edges */

			env->explored_states[t] = STATE_LIST_MARK;

			init_explored_state(env, t);

			ret = push_insn(t, t + 1, FALLTHROUGH, env);

			if (ret == 1)

				goto peek_stack;
@@ -6006,7 +6017,7 @@ static void clean_live_states(struct bpf_verifier_env *env, int insn, 
	struct bpf_verifier_state_list *sl;

	int i;



	sl = env->explored_states[insn];

	sl = *explored_state(env, insn);

	if (!sl)

		return;
@@ -6365,7 +6376,7 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx) 
	struct bpf_verifier_state *cur = env->cur_state, *new;

	int i, j, err, states_cnt = 0;



	pprev = &env->explored_states[insn_idx];

	pprev = explored_state(env, insn_idx);

	sl = *pprev;



	if (!sl)
@@ -6452,8 +6463,8 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx) 
		kfree(new_sl);

		return err;

	}

	new_sl->next = env->explored_states[insn_idx];

	env->explored_states[insn_idx] = new_sl;

	new_sl->next = *explored_state(env, insn_idx);

	*explored_state(env, insn_idx) = new_sl;

	/* connect new state to parentage chain. Current frame needs all

	 * registers connected. Only r6 - r9 of the callers are alive (pushed

	 * to the stack implicitly by JITs) so in callers' frames connect just