Commit e8f55fcf authored by Andrii Nakryiko's avatar Andrii Nakryiko Committed by Alexei Starovoitov
Browse files

bpf: teach refsafe() to take into account ID remapping 



states_equal() check performs ID mapping between old and new states to
establish a 1-to-1 correspondence between IDs, even if their absolute
numberic values across two equivalent states differ. This is important
both for correctness and to avoid unnecessary work when two states are
equivalent.

With recent changes we partially fixed this logic by maintaining ID map
across all function frames. This patch also makes refsafe() check take
into account (and maintain) ID map, making states_equal() behavior more
optimal and correct.

Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20221223054921.958283-2-andrii@kernel.org


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent cfca0076

kernel/bpf/verifier.c

+12 −4
Original line number Diff line number Diff line
@@ -13223,12 +13223,20 @@ static bool stacksafe(struct bpf_verifier_env *env, struct bpf_func_state *old, 
	return true;

}



static bool refsafe(struct bpf_func_state *old, struct bpf_func_state *cur)

static bool refsafe(struct bpf_func_state *old, struct bpf_func_state *cur,

		    struct bpf_id_pair *idmap)

{

	int i;



	if (old->acquired_refs != cur->acquired_refs)

		return false;

	return !memcmp(old->refs, cur->refs,

		       sizeof(*old->refs) * old->acquired_refs);



	for (i = 0; i < old->acquired_refs; i++) {

		if (!check_ids(old->refs[i].id, cur->refs[i].id, idmap))

			return false;

	}



	return true;

}



/* compare two verifier states
@@ -13270,7 +13278,7 @@ static bool func_states_equal(struct bpf_verifier_env *env, struct bpf_func_stat 
	if (!stacksafe(env, old, cur, env->idmap_scratch))

		return false;



	if (!refsafe(old, cur))

	if (!refsafe(old, cur, env->idmap_scratch))

		return false;



	return true;