git.maquefel.me Git - linux.git/commit

author	Alexei Starovoitov <ast@kernel.org>
	Fri, 8 Mar 2024 01:08:03 +0000 (17:08 -0800)
committer	Andrii Nakryiko <andrii@kernel.org>
	Mon, 11 Mar 2024 22:37:24 +0000 (15:37 -0700)
commit	6082b6c328b5486da2b356eae94b8b83c98b5565
tree	c61b1d28d56273bc3b459f87167423a55b989675	tree \| snapshot
parent	142fd4d2dcf58b1720a6af644f31de1a5551f219	commit \| diff

bpf: Recognize addr_space_cast instruction in the verifier.

rY = addr_space_cast(rX, 0, 1) tells the verifier that rY->type = PTR_TO_ARENA.
Any further operations on PTR_TO_ARENA register have to be in 32-bit domain.

The verifier will mark load/store through PTR_TO_ARENA with PROBE_MEM32.
JIT will generate them as kern_vm_start + 32bit_addr memory accesses.

rY = addr_space_cast(rX, 1, 0) tells the verifier that rY->type = unknown scalar.
If arena->map_flags has BPF_F_NO_USER_CONV set then convert cast_user to mov32 as well.
Otherwise JIT will convert it to:
  rY = (u32)rX;
  if (rY)
     rY |= arena->user_vm_start & ~(u64)~0U;

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20240308010812.89848-6-alexei.starovoitov@gmail.com

include/linux/bpf.h		diff \| blob \| history
include/linux/bpf_verifier.h		diff \| blob \| history
kernel/bpf/log.c		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
kernel/bpf/verifier.c		diff \| blob \| history