linux/include
Daniel Borkmann f96da09473 bpf: simplify narrower ctx access
This work tries to make the semantics and code around the
narrower ctx access a bit easier to follow. Right now
everything is done inside the .is_valid_access(). Offset
matching is done differently for read/write types, meaning
writes don't support narrower access and thus matching only
on offsetof(struct foo, bar) is enough whereas for read
case that supports narrower access we must check for
offsetof(struct foo, bar) + offsetof(struct foo, bar) +
sizeof(<bar>) - 1 for each of the cases. For read cases of
individual members that don't support narrower access (like
packet pointers or skb->cb[] case which has its own narrow
access logic), we check as usual only offsetof(struct foo,
bar) like in write case. Then, for the case where narrower
access is allowed, we also need to set the aux info for the
access. Meaning, ctx_field_size and converted_op_size have
to be set. First is the original field size e.g. sizeof(<bar>)
as in above example from the user facing ctx, and latter
one is the target size after actual rewrite happened, thus
for the kernel facing ctx. Also here we need the range match
and we need to keep track changing convert_ctx_access() and
converted_op_size from is_valid_access() as both are not at
the same location.

We can simplify the code a bit: check_ctx_access() becomes
simpler in that we only store ctx_field_size as a meta data
and later in convert_ctx_accesses() we fetch the target_size
right from the location where we do convert. Should the verifier
be misconfigured we do reject for BPF_WRITE cases or target_size
that are not provided. For the subsystems, we always work on
ranges in is_valid_access() and add small helpers for ranges
and narrow access, convert_ctx_accesses() sets target_size
for the relevant instruction.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Cc: Yonghong Song <yhs@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-03 02:22:52 -07:00
..
acpi ACPI / scan: Fix enumeration for special SPI and I2C devices 2017-06-21 23:14:55 +02:00
asm-generic
clocksource
crypto
drm drm/dp: start a DPCD based DP sink/branch device quirk database 2017-05-29 13:43:26 +03:00
dt-bindings clk: sunxi-ng: a64: Export PLL_PERIPH0 clock for the PRCM 2017-05-31 21:57:30 +02:00
keys
kvm KVM: arm/arm64: Fix bug when registering redist iodevs 2017-05-18 11:18:12 +02:00
linux bpf: simplify narrower ctx access 2017-07-03 02:22:52 -07:00
math-emu
media [media] media/cec.h: use IS_REACHABLE instead of IS_ENABLED 2017-06-08 16:52:28 -03:00
memory
misc
net bpf: Add support for changing congestion control 2017-07-01 16:15:14 -07:00
pcmcia
ras
rdma RDMA/SA: Fix kernel panic in CMA request handler flow 2017-06-01 17:20:14 -04:00
rxrpc rxrpc: Implement service upgrade 2017-06-05 14:30:49 +01:00
scsi
soc net/wan/fsl_ucc_hdlc: add hdlc-bus support 2017-05-18 10:28:39 -04:00
sound
target iscsi-target: Fix initial login PDU asynchronous socket close OOPs 2017-05-31 15:12:31 -07:00
trace rxrpc: Add service upgrade support for client connections 2017-06-05 14:30:49 +01:00
uapi bpf: add bpf_skb_adjust_room helper 2017-07-03 02:22:52 -07:00
video
xen