diff options
| author | David S. Miller <davem@davemloft.net> | 2015-03-01 14:05:24 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-03-01 14:05:24 -0500 |
| commit | 68932f7188f84673fdb0de14a00c2f428869c6ed (patch) | |
| tree | dd4de9c9faa662e188285fa5db20663859139f55 /kernel/bpf/verifier.c | |
| parent | b656cc64cf815d8ff6e99883a531fafc48199bd0 (diff) | |
| parent | e2e9b6541dd4b31848079da80fe2253daaafb549 (diff) | |
| download | op-kernel-dev-68932f7188f84673fdb0de14a00c2f428869c6ed.zip op-kernel-dev-68932f7188f84673fdb0de14a00c2f428869c6ed.tar.gz | |
Merge branch 'ebpf_support_for_cls_bpf'
Daniel Borkmann says:
====================
eBPF support for cls_bpf
This is the non-RFC version of my patchset posted before netdev01 [1]
conference. It contains a couple of eBPF cleanups and preparation
patches to get eBPF support into cls_bpf. The last patch adds the
actual support. I'll post the iproute2 parts after the kernel bits
are merged, an initial preview link to the code is mentioned in the
last patch.
Patch 4 and 5 were originally one patch, but I've split them into
two parts upon request as patch 4 only is also needed for Alexei's
tracing patches that go via tip tree.
Tested with tc and all in-kernel available BPF test suites.
I have configured and built LLVM with --enable-experimental-targets=BPF
but as Alexei put it, the plan is to get rid of the experimental
status in future [2].
Thanks a lot!
v1 -> v2:
- Removed arch patches from this series
- x86 is already queued in tip tree, under x86/mm
- arm64 just reposted directly to arm folks
- Rest is unchanged
[1] http://thread.gmane.org/gmane.linux.network/350191
[2] http://article.gmane.org/gmane.linux.kernel/1874969
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/bpf/verifier.c')
| -rw-r--r-- | kernel/bpf/verifier.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a28e09c..bdf4192 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -852,7 +852,7 @@ static int check_call(struct verifier_env *env, int func_id) } /* eBPF programs must be GPL compatible to use GPL-ed functions */ - if (!env->prog->aux->is_gpl_compatible && fn->gpl_only) { + if (!env->prog->gpl_compatible && fn->gpl_only) { verbose("cannot call GPL only function from proprietary program\n"); return -EINVAL; } @@ -1172,6 +1172,17 @@ static int check_ld_imm(struct verifier_env *env, struct bpf_insn *insn) return 0; } +static bool may_access_skb(enum bpf_prog_type type) +{ + switch (type) { + case BPF_PROG_TYPE_SOCKET_FILTER: + case BPF_PROG_TYPE_SCHED_CLS: + return true; + default: + return false; + } +} + /* verify safety of LD_ABS|LD_IND instructions: * - they can only appear in the programs where ctx == skb * - since they are wrappers of function calls, they scratch R1-R5 registers, @@ -1194,8 +1205,8 @@ static int check_ld_abs(struct verifier_env *env, struct bpf_insn *insn) struct reg_state *reg; int i, err; - if (env->prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) { - verbose("BPF_LD_ABS|IND instructions are only allowed in socket filters\n"); + if (!may_access_skb(env->prog->type)) { + verbose("BPF_LD_ABS|IND instructions not allowed for this program type\n"); return -EINVAL; } |
