diff options
| author | David S. Miller <davem@davemloft.net> | 2017-10-10 22:30:17 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-10-10 22:30:17 +0300 |
| commit | 67174bb2336061d373bc83ea1c56a4337a40e20f (patch) | |
| tree | f879063be29de0e6d7435759db62f0157c7773ff /include/linux | |
| parent | 442d713baa33db0f78adadee6125c215f10f5a75 (diff) | |
| parent | a2a7d5701052542cd2260e7659b12443e0a74733 (diff) | |
| download | linux-67174bb2336061d373bc83ea1c56a4337a40e20f.tar.xz | |
Merge branch 'bpf-get-rid-of-global-verifier-state-and-reuse-instruction-printer'
Jakub Kicinski says:
====================
bpf: get rid of global verifier state and reuse instruction printer
This set started off as simple extraction of eBPF verifier's instruction
printer into a separate file but evolved into removal of global state.
The purpose of moving instruction printing code is to be able to reuse it
from the bpftool.
As far as the global verifier lock goes, this set removes the global
variables relating to the log buffer, makes the one-time init done
by bpf_get_skb_set_tunnel_proto() not depend on any external locking,
and performs verifier log writeback as data is produced removing the need
for allocating a potentially large temporary buffer.
The final step of actually removing the verifier lock is left to someone
more competent and self-confident :)
Note that struct bpf_verifier_env is just 40B under two pages now,
we should probably switch to vzalloc() when it's expanded again...
v2:
- add a selftest;
- use env buffer and flush on every print (Alexei);
- handle kernel log allocation failures (Daniel);
- put the env log members into a struct (Daniel).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/bpf_verifier.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index b8d200f60a40..f00ef751c1c5 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -115,6 +115,21 @@ struct bpf_insn_aux_data { #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */ +#define BPF_VERIFIER_TMP_LOG_SIZE 1024 + +struct bpf_verifer_log { + u32 level; + char kbuf[BPF_VERIFIER_TMP_LOG_SIZE]; + char __user *ubuf; + u32 len_used; + u32 len_total; +}; + +static inline bool bpf_verifier_log_full(const struct bpf_verifer_log *log) +{ + return log->len_used >= log->len_total - 1; +} + struct bpf_verifier_env; struct bpf_ext_analyzer_ops { int (*insn_hook)(struct bpf_verifier_env *env, @@ -139,6 +154,8 @@ struct bpf_verifier_env { bool allow_ptr_leaks; bool seen_direct_write; struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */ + + struct bpf_verifer_log log; }; int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops, |