diff options
| author | Alexei Starovoitov <ast@plumgrid.com> | 2014-09-26 03:17:01 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-09-26 15:05:14 -0400 |
| commit | 0a542a86d73b1577e7d4f55fc95dcffd3fe62643 (patch) | |
| tree | 8d42f33a9d472940f47e56e404d25f9ebe1c5560 /kernel/bpf | |
| parent | 09756af46893c18839062976c3252e93a1beeba7 (diff) | |
bpf: handle pseudo BPF_CALL insn
in native eBPF programs userspace is using pseudo BPF_CALL instructions
which encode one of 'enum bpf_func_id' inside insn->imm field.
Verifier checks that program using correct function arguments to given func_id.
If all checks passed, kernel needs to fixup BPF_CALL->imm fields by
replacing func_id with in-kernel function pointer.
eBPF interpreter just calls the function.
In-kernel eBPF users continue to use generic BPF_CALL.
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/bpf')
| -rw-r--r-- | kernel/bpf/syscall.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 0afb4eaa1887..b513659d120f 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c | |||
| @@ -357,6 +357,40 @@ void bpf_register_prog_type(struct bpf_prog_type_list *tl) | |||
| 357 | list_add(&tl->list_node, &bpf_prog_types); | 357 | list_add(&tl->list_node, &bpf_prog_types); |
| 358 | } | 358 | } |
| 359 | 359 | ||
| 360 | /* fixup insn->imm field of bpf_call instructions: | ||
| 361 | * if (insn->imm == BPF_FUNC_map_lookup_elem) | ||
| 362 | * insn->imm = bpf_map_lookup_elem - __bpf_call_base; | ||
| 363 | * else if (insn->imm == BPF_FUNC_map_update_elem) | ||
| 364 | * insn->imm = bpf_map_update_elem - __bpf_call_base; | ||
| 365 | * else ... | ||
| 366 | * | ||
| 367 | * this function is called after eBPF program passed verification | ||
| 368 | */ | ||
| 369 | static void fixup_bpf_calls(struct bpf_prog *prog) | ||
| 370 | { | ||
| 371 | const struct bpf_func_proto *fn; | ||
| 372 | int i; | ||
| 373 | |||
| 374 | for (i = 0; i < prog->len; i++) { | ||
| 375 | struct bpf_insn *insn = &prog->insnsi[i]; | ||
| 376 | |||
| 377 | if (insn->code == (BPF_JMP | BPF_CALL)) { | ||
| 378 | /* we reach here when program has bpf_call instructions | ||
| 379 | * and it passed bpf_check(), means that | ||
| 380 | * ops->get_func_proto must have been supplied, check it | ||
| 381 | */ | ||
| 382 | BUG_ON(!prog->aux->ops->get_func_proto); | ||
| 383 | |||
| 384 | fn = prog->aux->ops->get_func_proto(insn->imm); | ||
| 385 | /* all functions that have prototype and verifier allowed | ||
| 386 | * programs to call them, must be real in-kernel functions | ||
| 387 | */ | ||
| 388 | BUG_ON(!fn->func); | ||
| 389 | insn->imm = fn->func - __bpf_call_base; | ||
| 390 | } | ||
| 391 | } | ||
| 392 | } | ||
| 393 | |||
| 360 | /* drop refcnt on maps used by eBPF program and free auxilary data */ | 394 | /* drop refcnt on maps used by eBPF program and free auxilary data */ |
| 361 | static void free_used_maps(struct bpf_prog_aux *aux) | 395 | static void free_used_maps(struct bpf_prog_aux *aux) |
| 362 | { | 396 | { |
| @@ -478,6 +512,9 @@ static int bpf_prog_load(union bpf_attr *attr) | |||
| 478 | if (err < 0) | 512 | if (err < 0) |
| 479 | goto free_used_maps; | 513 | goto free_used_maps; |
| 480 | 514 | ||
| 515 | /* fixup BPF_CALL->imm field */ | ||
| 516 | fixup_bpf_calls(prog); | ||
| 517 | |||
| 481 | /* eBPF program is ready to be JITed */ | 518 | /* eBPF program is ready to be JITed */ |
| 482 | bpf_prog_select_runtime(prog); | 519 | bpf_prog_select_runtime(prog); |
| 483 | 520 | ||