diff options
| author | Anay Wadhera <awadhera@berkeley.edu> | 2021-05-20 21:56:29 -0700 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2022-04-19 00:49:43 +0300 |
| commit | f0233b20e68109b50f8530b14e6e8eebc40d3fcd (patch) | |
| tree | 642aebc23ad9182aff634791629c30b735d33036 | |
| parent | d93445ad89b2a11be7f6cad950c1e62a164c5c36 (diff) | |
Revert "bpf: fix branch pruning logic"
This reverts commit 1367d854b97493bfb1f3d24cf89ba60cb7f059ea.
Signed-off-by: Chatur27 <jasonbright2709@gmail.com>
| -rw-r--r-- | kernel/bpf/verifier.c | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a62679711de0..014c2d759916 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -191,7 +191,6 @@ struct bpf_insn_aux_data { enum bpf_reg_type ptr_type; /* pointer type for load/store insns */ struct bpf_map *map_ptr; /* pointer for call insn into lookup_elem */ }; - bool seen; /* this insn was processed by the verifier */ }; #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */ @@ -1794,7 +1793,6 @@ static int do_check(struct verifier_env *env) print_bpf_insn(env, insn); } - env->insn_aux_data[insn_idx].seen = true; if (class == BPF_ALU || class == BPF_ALU64) { err = check_alu_op(env, insn); if (err) @@ -1990,7 +1988,6 @@ process_bpf_exit: return err; insn_idx++; - env->insn_aux_data[insn_idx].seen = true; } else { verbose("invalid BPF_LD mode\n"); return -EINVAL; @@ -2128,7 +2125,6 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len, u32 off, u32 cnt) { struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data; - int i; if (cnt == 1) return 0; @@ -2138,8 +2134,6 @@ static int adjust_insn_aux_data(struct verifier_env *env, u32 prog_len, memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off); memcpy(new_data + off + cnt - 1, old_data + off, sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1)); - for (i = off; i < off + cnt - 1; i++) - new_data[i].seen = true; env->insn_aux_data = new_data; vfree(old_data); return 0; @@ -2158,25 +2152,6 @@ static struct bpf_prog *bpf_patch_insn_data(struct verifier_env *env, u32 off, return new_prog; } -/* The verifier does more data flow analysis than llvm and will not explore - * branches that are dead at run time. Malicious programs can have dead code - * too. Therefore replace all dead at-run-time code with nops. - */ -static void sanitize_dead_code(struct verifier_env *env) -{ - struct bpf_insn_aux_data *aux_data = env->insn_aux_data; - struct bpf_insn nop = BPF_MOV64_REG(BPF_REG_0, BPF_REG_0); - struct bpf_insn *insn = env->prog->insnsi; - const int insn_cnt = env->prog->len; - int i; - - for (i = 0; i < insn_cnt; i++) { - if (aux_data[i].seen) - continue; - memcpy(insn + i, &nop, sizeof(nop)); - } -} - /* convert load instructions that access fields of 'struct __sk_buff' * into sequence of instructions that access fields of 'struct sk_buff' */ @@ -2396,9 +2371,6 @@ skip_full_check: free_states(env); if (ret == 0) - sanitize_dead_code(env); - - if (ret == 0) /* program is valid, convert *(u32*)(ctx + off) accesses */ ret = convert_ctx_accesses(env); |