bpf: verifier: Improve function state reallocation
mainline inclusion from mainline-v5.14-rc1 commit c69431aa category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I932VT CVE: CVE-2023-52452 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c69431aab67a -------------------------------- Resizing and copying stack and reference tracking state currently does a lot of kfree / kmalloc when the size of the tracked set changes. The logic in copy_*_state and realloc_*_state is also hard to follow. Refactor this into two core functions. copy_array copies from a source into a destination. It avoids reallocation by taking the allocated size of the destination into account via ksize(). The function is essentially krealloc_array, with the difference that the contents of dst are not preserved. realloc_array changes the size of an array and zeroes newly allocated items. Contrary to krealloc both functions don't free the destination if the size is zero. Instead we rely on free_func_state to clean up. realloc_stack_state is renamed to grow_stack_state to better convey that it never shrinks the stack state. Signed-off-by:Lorenz Bauer <lmb@cloudflare.com> Signed-off-by:
Loading
Please sign in to comment