bpf: allow offload of programs with BPF-to-BPF function calls

Now that there is at least one driver supporting BPF-to-BPF function
calls, lift the restriction, in the verifier, on hardware offload of
eBPF programs containing such calls. But prevent jit_subprogs(), still
in the verifier, from being run for offloaded programs.

Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Reviewed-by: Jiong Wang <jiong.wang@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

1 files changed, 3 insertions, 7 deletions

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a0454cb299ba..73cc136915fe 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1009,10 +1009,6 @@ static int check_subprogs(struct bpf_verifier_env *env)
                         verbose(env, "function calls to other bpf functions are allowed for root only\n");
                         return -EPERM;
                 }
-                if (bpf_prog_is_dev_bound(env->prog->aux)) {
-                        verbose(env, "function calls in offloaded programs are not supported yet\n");
-                        return -EINVAL;
-                }
                 ret = add_subprog(env, i + insn[i].imm + 1);
                 if (ret < 0)
                         return ret;
@@ -5968,10 +5964,10 @@ static int fixup_call_args(struct bpf_verifier_env *env)
         struct bpf_insn *insn = prog->insnsi;
         int i, depth;
 #endif
-        int err;
+        int err = 0;
 
-        err = 0;
-        if (env->prog->jit_requested) {
+        if (env->prog->jit_requested &&
+            !bpf_prog_is_dev_bound(env->prog->aux)) {
                 err = jit_subprogs(env);
                 if (err == 0)
                         return 0;