| Context |
Check |
Description |
| bpf/vmtest-bpf-VM_Test-30 |
success
|
Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
|
| bpf/vmtest-bpf-VM_Test-31 |
success
|
Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17-O2
|
| bpf/vmtest-bpf-VM_Test-36 |
success
|
Logs for x86_64-llvm-17 / veristat-kernel
|
| bpf/vmtest-bpf-VM_Test-37 |
success
|
Logs for x86_64-llvm-17 / veristat-meta
|
| bpf/vmtest-bpf-VM_Test-38 |
success
|
Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
|
| bpf/vmtest-bpf-VM_Test-39 |
success
|
Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18-O2
|
| bpf/vmtest-bpf-VM_Test-45 |
success
|
Logs for x86_64-llvm-18 / veristat-kernel
|
| bpf/vmtest-bpf-VM_Test-46 |
success
|
Logs for x86_64-llvm-18 / veristat-meta
|
| bpf/vmtest-bpf-VM_Test-32 |
success
|
Logs for x86_64-llvm-17 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-17
|
| bpf/vmtest-bpf-VM_Test-35 |
success
|
Logs for x86_64-llvm-17 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-17
|
| bpf/vmtest-bpf-VM_Test-33 |
success
|
Logs for x86_64-llvm-17 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-17
|
| bpf/vmtest-bpf-VM_Test-34 |
success
|
Logs for x86_64-llvm-17 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-17
|
| bpf/vmtest-bpf-VM_Test-41 |
success
|
Logs for x86_64-llvm-18 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-18
|
| bpf/vmtest-bpf-VM_Test-40 |
success
|
Logs for x86_64-llvm-18 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-18
|
| bpf/vmtest-bpf-VM_Test-43 |
success
|
Logs for x86_64-llvm-18 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-18
|
| bpf/vmtest-bpf-VM_Test-44 |
success
|
Logs for x86_64-llvm-18 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-18
|
| bpf/vmtest-bpf-VM_Test-42 |
success
|
Logs for x86_64-llvm-18 / test (test_progs_cpuv4, false, 360) / test_progs_cpuv4 on x86_64 with llvm-18
|
| bpf/vmtest-bpf-VM_Test-0 |
success
|
Logs for Lint
|
| bpf/vmtest-bpf-VM_Test-1 |
success
|
Logs for ShellCheck
|
| bpf/vmtest-bpf-VM_Test-2 |
success
|
Logs for Unittests
|
| bpf/vmtest-bpf-VM_Test-3 |
success
|
Logs for Validate matrix.py
|
| bpf/vmtest-bpf-VM_Test-4 |
fail
|
Logs for aarch64-gcc / build / build for aarch64 with gcc
|
| bpf/vmtest-bpf-VM_Test-5 |
success
|
Logs for aarch64-gcc / build-release
|
| bpf/vmtest-bpf-VM_Test-6 |
success
|
Logs for aarch64-gcc / test
|
| bpf/vmtest-bpf-VM_Test-7 |
success
|
Logs for aarch64-gcc / veristat-kernel
|
| bpf/vmtest-bpf-VM_Test-8 |
success
|
Logs for aarch64-gcc / veristat-meta
|
| bpf/vmtest-bpf-VM_Test-9 |
fail
|
Logs for s390x-gcc / build / build for s390x with gcc
|
| bpf/vmtest-bpf-VM_Test-10 |
success
|
Logs for s390x-gcc / build-release
|
| bpf/vmtest-bpf-VM_Test-11 |
success
|
Logs for s390x-gcc / test
|
| bpf/vmtest-bpf-VM_Test-12 |
success
|
Logs for s390x-gcc / veristat-kernel
|
| bpf/vmtest-bpf-VM_Test-14 |
success
|
Logs for set-matrix
|
| bpf/vmtest-bpf-VM_Test-13 |
success
|
Logs for s390x-gcc / veristat-meta
|
| bpf/vmtest-bpf-VM_Test-15 |
fail
|
Logs for x86_64-gcc / build / build for x86_64 with gcc
|
| bpf/vmtest-bpf-VM_Test-16 |
success
|
Logs for x86_64-gcc / build-release
|
| bpf/vmtest-bpf-VM_Test-17 |
success
|
Logs for x86_64-gcc / test
|
| bpf/vmtest-bpf-VM_Test-18 |
success
|
Logs for x86_64-gcc / veristat-kernel
|
| bpf/vmtest-bpf-VM_Test-19 |
success
|
Logs for x86_64-gcc / veristat-meta
|
| bpf/vmtest-bpf-VM_Test-20 |
fail
|
Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
|
| bpf/vmtest-bpf-VM_Test-21 |
fail
|
Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17-O2
|
| bpf/vmtest-bpf-VM_Test-22 |
success
|
Logs for x86_64-llvm-17 / test
|
| bpf/vmtest-bpf-VM_Test-23 |
success
|
Logs for x86_64-llvm-17 / veristat-kernel
|
| bpf/vmtest-bpf-VM_Test-24 |
success
|
Logs for x86_64-llvm-17 / veristat-meta
|
| bpf/vmtest-bpf-VM_Test-25 |
fail
|
Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
|
| bpf/vmtest-bpf-VM_Test-26 |
fail
|
Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18-O2
|
| bpf/vmtest-bpf-VM_Test-27 |
success
|
Logs for x86_64-llvm-18 / test
|
| bpf/vmtest-bpf-VM_Test-28 |
success
|
Logs for x86_64-llvm-18 / veristat-kernel
|
| bpf/vmtest-bpf-VM_Test-29 |
success
|
Logs for x86_64-llvm-18 / veristat-meta
|
| bpf/vmtest-bpf-PR |
success
|
PR summary
|
@@ -1527,6 +1527,7 @@ struct bpf_prog_aux {
bool is_extended; /* true if extended by freplace program */
bool jits_use_priv_stack;
bool priv_stack_requested;
+ bool changes_pkt_data;
u64 prog_array_member_cnt; /* counts how many times as member of prog_array */
struct mutex ext_mutex; /* mutex for is_extended and prog_array_member_cnt */
struct bpf_arena *arena;
@@ -16872,6 +16872,7 @@ static int check_cfg(struct bpf_verifier_env *env)
}
}
ret = 0; /* cfg looks good */
+ env->prog->aux->changes_pkt_data = env->subprog_info[0].changes_pkt_data;
err_free:
kvfree(insn_state);
@@ -20361,6 +20362,7 @@ static int jit_subprogs(struct bpf_verifier_env *env)
func[i]->aux->num_exentries = num_exentries;
func[i]->aux->tail_call_reachable = env->subprog_info[i].tail_call_reachable;
func[i]->aux->exception_cb = env->subprog_info[i].is_exception_cb;
+ func[i]->aux->changes_pkt_data = env->subprog_info[i].changes_pkt_data;
if (!i)
func[i]->aux->exception_boundary = env->seen_exception;
func[i] = bpf_int_jit_compile(func[i]);
@@ -22225,6 +22227,12 @@ int bpf_check_attach_target(struct bpf_verifier_log *log,
"Extension programs should be JITed\n");
return -EINVAL;
}
+ if (prog->aux->changes_pkt_data &&
+ !aux->func[subprog]->aux->changes_pkt_data) {
+ bpf_log(log,
+ "Extension program changes packet data, while original does not\n");
+ return -EINVAL;
+ }
}
if (!tgt_prog->jited) {
bpf_log(log, "Can attach to only JITed progs\n");
@@ -22690,10 +22698,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3
if (ret < 0)
goto skip_full_check;
- ret = check_attach_btf_id(env);
- if (ret)
- goto skip_full_check;
-
ret = resolve_pseudo_ldimm64(env);
if (ret < 0)
goto skip_full_check;
@@ -22708,6 +22712,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3
if (ret < 0)
goto skip_full_check;
+ ret = check_attach_btf_id(env);
+ if (ret)
+ goto skip_full_check;
+
ret = mark_fastcall_patterns(env);
if (ret < 0)
goto skip_full_check;
When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt_data property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changes_pkt_data property of the sub-program being replaced. This commit: - adds changes_pkt_data flag to struct bpf_prog_aux: - this flag is set in check_cfg() for main sub-program; - in jit_subprogs() for other sub-programs; - modifies bpf_check_attach_btf_id() to check changes_pkt_data flag; - moves call to check_attach_btf_id() after the call to check_cfg(), because it needs changes_pkt_data flag to be set: bpf_check: ... ... - check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ... The following fields are set by check_attach_btf_id(): - env->ops - prog->aux->attach_btf_trace - prog->aux->attach_func_name - prog->aux->attach_func_proto - prog->aux->dst_trampoline - prog->aux->mod - prog->aux->saved_dst_attach_type - prog->aux->saved_dst_prog_type - prog->expected_attach_type Neither of these fields are used by resolve_pseudo_ldimm64() or bpf_prog_offload_verifier_prep() (for netronome and netdevsim drivers), so the reordering is safe. Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com> Signed-off-by: Eduard Zingerman <eddyz87@gmail.com> --- include/linux/bpf.h | 1 + kernel/bpf/verifier.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-)