tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "bpf: Do not include stack ptr register in precision backtracking bookkeeping"

Browse Source 
This reverts commit 4265682c29 which is
commit e2d2115e56c4a02377189bfc3a9a7933552a7b0f upstream.

It breaks the Android kernel abi and can be brought back in the future
in an abi-safe way if it is really needed.

Bug: 161946584
Change-Id: I1a833012ae4ccf639e468eedc82f6c1b93db87bc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
2025-07-13 12:30:19 +00:00
parent e9c183823c
commit 2e1a9faec5
2 changed files with 6 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/linux/bpf_verifier.h
+4 -8
View File
@@ -362,11 +362,7 @@ enum {
INSN_F_SPI_MASK = 0x3f, /* 6 bits */ INSN_F_SPI_MASK = 0x3f, /* 6 bits */
INSN_F_SPI_SHIFT = 3, /* shifted 3 bits to the left */ INSN_F_SPI_SHIFT = 3, /* shifted 3 bits to the left */
INSN_F_STACK_ACCESS = BIT(9), INSN_F_STACK_ACCESS = BIT(9), /* we need 10 bits total */
INSN_F_DST_REG_STACK = BIT(10), /* dst_reg is PTR_TO_STACK */
INSN_F_SRC_REG_STACK = BIT(11), /* src_reg is PTR_TO_STACK */
/* total 12 bits are used now. */
}; };
static_assert(INSN_F_FRAMENO_MASK + 1 >= MAX_CALL_FRAMES); static_assert(INSN_F_FRAMENO_MASK + 1 >= MAX_CALL_FRAMES);
@@ -375,9 +371,9 @@ static_assert(INSN_F_SPI_MASK + 1 >= MAX_BPF_STACK / 8);
struct bpf_insn_hist_entry { struct bpf_insn_hist_entry {
u32 idx; u32 idx;
/* insn idx can't be bigger than 1 million */ /* insn idx can't be bigger than 1 million */
u32 prev_idx : 20; u32 prev_idx : 22;
/* special INSN_F_xxx flags */ /* special flags, e.g., whether insn is doing register stack spill/load */
u32 flags : 12; u32 flags : 10;
/* additional registers that need precision tracking when this /* additional registers that need precision tracking when this
* jump is backtracked, vector of six 10-bit records * jump is backtracked, vector of six 10-bit records
*/ */
kernel/bpf/verifier.c
+2 -16
View File
@@ -4066,10 +4066,8 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, int subseq_idx,
* before it would be equally necessary to * before it would be equally necessary to
* propagate it to dreg. * propagate it to dreg.
*/ */
if (!hist || !(hist->flags & INSN_F_SRC_REG_STACK)) bt_set_reg(bt, dreg);
bt_set_reg(bt, sreg); bt_set_reg(bt, sreg);
if (!hist || !(hist->flags & INSN_F_DST_REG_STACK))
bt_set_reg(bt, dreg);
} else if (BPF_SRC(insn->code) == BPF_K) { } else if (BPF_SRC(insn->code) == BPF_K) {
/* dreg <cond> K /* dreg <cond> K
* Only dreg still needs precision before * Only dreg still needs precision before
@@ -15415,7 +15413,6 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
struct bpf_reg_state *eq_branch_regs; struct bpf_reg_state *eq_branch_regs;
struct linked_regs linked_regs = {}; struct linked_regs linked_regs = {};
u8 opcode = BPF_OP(insn->code); u8 opcode = BPF_OP(insn->code);
int insn_flags = 0;
bool is_jmp32; bool is_jmp32;
int pred = -1; int pred = -1;
int err; int err;
@@ -15475,9 +15472,6 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
insn->src_reg); insn->src_reg);
return -EACCES; return -EACCES;
} }
if (src_reg->type == PTR_TO_STACK)
insn_flags |= INSN_F_SRC_REG_STACK;
} else { } else {
if (insn->src_reg != BPF_REG_0) { if (insn->src_reg != BPF_REG_0) {
verbose(env, "BPF_JMP/JMP32 uses reserved fields\n"); verbose(env, "BPF_JMP/JMP32 uses reserved fields\n");
@@ -15489,14 +15483,6 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
__mark_reg_known(src_reg, insn->imm); __mark_reg_known(src_reg, insn->imm);
} }
if (dst_reg->type == PTR_TO_STACK)
insn_flags |= INSN_F_DST_REG_STACK;
if (insn_flags) {
err = push_insn_history(env, this_branch, insn_flags, 0);
if (err)
return err;
}
is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32; is_jmp32 = BPF_CLASS(insn->code) == BPF_JMP32;
pred = is_branch_taken(dst_reg, src_reg, opcode, is_jmp32); pred = is_branch_taken(dst_reg, src_reg, opcode, is_jmp32);
if (pred >= 0) { if (pred >= 0) {