bpf: split explored_states

split explored_states into prune_point boolean mark and link list of explored states. This removes STATE_LIST_MARK hack and allows marks to be separate from states. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

bpf: split explored_states
split explored_states into prune_point boolean mark and link list of explored states. This removes STATE_LIST_MARK hack and allows marks to be separate from states. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
a8f500af · Alexei Starovoitov · Daniel Borkmann · 5d839021 · a8f500af · a8f500af
Commit a8f500af authored May 21, 2019 by Alexei Starovoitov Committed by Daniel Borkmann May 24, 2019
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 18 deletions

include/linux/bpf_verifier.h include/linux/bpf_verifier.h +1 -0

kernel/bpf/verifier.c kernel/bpf/verifier.c +13 -18

No files found.
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -233,6 +233,7 @@ struct bpf_insn_aux_data {
 	int sanitize_stack_off; /* stack slot to be cleared */
 	bool seen; /* this insn was processed by the verifier */
 	u8 alu_state; /* used in combination with alu_limit */
+	bool prune_point;
 	unsigned int orig_idx; /* original instruction index */
 };

--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5436,7 +5436,6 @@ enum {
 	BRANCH = 2,
 };
-#define STATE_LIST_MARK ((struct bpf_verifier_state_list *) -1L)
 static struct bpf_verifier_state_list **explored_state(
 					struct bpf_verifier_env *env,
 					int idx)
@@ -5446,7 +5445,7 @@ static struct bpf_verifier_state_list **explored_state(
 static void init_explored_state(struct bpf_verifier_env *env, int idx)
 {
-	env->explored_states[idx] = STATE_LIST_MARK;
+	env->insn_aux_data[idx].prune_point = true;
 }
 /* t, w, e - match pseudo-code above:
@@ -6018,10 +6017,7 @@ static void clean_live_states(struct bpf_verifier_env *env, int insn,
 	int i;
 	sl = *explored_state(env, insn);
-	if (!sl)
+	while (sl) {
-		return;
-	while (sl != STATE_LIST_MARK) {
 		if (sl->state.curframe != cur->curframe)
 			goto next;
 		for (i = 0; i <= cur->curframe; i++)
@@ -6376,18 +6372,18 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
 	struct bpf_verifier_state *cur = env->cur_state, *new;
 	int i, j, err, states_cnt = 0;
-	pprev = explored_state(env, insn_idx);
+	if (!env->insn_aux_data[insn_idx].prune_point)
-	sl = *pprev;
-	if (!sl)
 		/* this 'insn_idx' instruction wasn't marked, so we will not
 		 * be doing state search here
 		 */
 		return 0;
+	pprev = explored_state(env, insn_idx);
+	sl = *pprev;
 	clean_live_states(env, insn_idx, cur);
-	while (sl != STATE_LIST_MARK) {
+	while (sl) {
 		if (states_equal(env, &sl->state, cur)) {
 			sl->hit_cnt++;
 			/* reached equivalent register/stack state,
@@ -8145,8 +8141,7 @@ static void free_states(struct bpf_verifier_env *env)
 	for (i = 0; i < env->prog->len; i++) {
 		sl = env->explored_states[i];
-		if (sl)
+		while (sl) {
-			while (sl != STATE_LIST_MARK) {
 			sln = sl->next;
 			free_verifier_state(&sl->state, false);
 			kfree(sl);