Skip to content

Commit 0a542a8

Browse files
Alexei Starovoitovdavem330
Alexei Starovoitov
authored and
davem330
committed
bpf: handle pseudo BPF_CALL insn
in native eBPF programs userspace is using pseudo BPF_CALL instructions which encode one of 'enum bpf_func_id' inside insn->imm field. Verifier checks that program using correct function arguments to given func_id. If all checks passed, kernel needs to fixup BPF_CALL->imm fields by replacing func_id with in-kernel function pointer. eBPF interpreter just calls the function. In-kernel eBPF users continue to use generic BPF_CALL. Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 09756af commit 0a542a8

File tree

1 file changed

+37
-0
lines changed

1 file changed

+37
-0
lines changed

kernel/bpf/syscall.c

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -357,6 +357,40 @@ void bpf_register_prog_type(struct bpf_prog_type_list *tl)
357357
list_add(&tl->list_node, &bpf_prog_types);
358358
}
359359

360+
/* fixup insn->imm field of bpf_call instructions:
361+
* if (insn->imm == BPF_FUNC_map_lookup_elem)
362+
* insn->imm = bpf_map_lookup_elem - __bpf_call_base;
363+
* else if (insn->imm == BPF_FUNC_map_update_elem)
364+
* insn->imm = bpf_map_update_elem - __bpf_call_base;
365+
* else ...
366+
*
367+
* this function is called after eBPF program passed verification
368+
*/
369+
static void fixup_bpf_calls(struct bpf_prog *prog)
370+
{
371+
const struct bpf_func_proto *fn;
372+
int i;
373+
374+
for (i = 0; i < prog->len; i++) {
375+
struct bpf_insn *insn = &prog->insnsi[i];
376+
377+
if (insn->code == (BPF_JMP | BPF_CALL)) {
378+
/* we reach here when program has bpf_call instructions
379+
* and it passed bpf_check(), means that
380+
* ops->get_func_proto must have been supplied, check it
381+
*/
382+
BUG_ON(!prog->aux->ops->get_func_proto);
383+
384+
fn = prog->aux->ops->get_func_proto(insn->imm);
385+
/* all functions that have prototype and verifier allowed
386+
* programs to call them, must be real in-kernel functions
387+
*/
388+
BUG_ON(!fn->func);
389+
insn->imm = fn->func - __bpf_call_base;
390+
}
391+
}
392+
}
393+
360394
/* drop refcnt on maps used by eBPF program and free auxilary data */
361395
static void free_used_maps(struct bpf_prog_aux *aux)
362396
{
@@ -478,6 +512,9 @@ static int bpf_prog_load(union bpf_attr *attr)
478512
if (err < 0)
479513
goto free_used_maps;
480514

515+
/* fixup BPF_CALL->imm field */
516+
fixup_bpf_calls(prog);
517+
481518
/* eBPF program is ready to be JITed */
482519
bpf_prog_select_runtime(prog);
483520

0 commit comments

Comments
 (0)