From: Yonghong Song <yonghong.song@linux.dev>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
kernel-team@fb.com, Martin KaFai Lau <martin.lau@kernel.org>,
Tejun Heo <tj@kernel.org>
Subject: [PATCH bpf-next v7 1/9] bpf: Check stack depth limit after visiting all subprogs
Date: Tue, 29 Oct 2024 15:16:42 -0700 [thread overview]
Message-ID: <20241029221642.264723-1-yonghong.song@linux.dev> (raw)
In-Reply-To: <20241029221637.264348-1-yonghong.song@linux.dev>
Check stack depth limit after all subprogs are visited. Note that if
private stack is enabled, the only stack size restriction is for a single
subprog with size less than or equal to MAX_BPF_STACK.
In subsequent patches, in function check_max_stack_depth(), there could
be a flip from enabling private stack to disabling private stack due to
potential nested bpf subprog run. Moving stack depth limit checking after
visiting all subprogs ensures the checking not missed in such flipping
cases.
The useless 'continue' statement in the loop in func
check_max_stack_depth() is also removed.
Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
---
kernel/bpf/verifier.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 797cf3ed32e0..89b0a980d0f9 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6032,7 +6032,8 @@ static int round_up_stack_depth(struct bpf_verifier_env *env, int stack_depth)
* Since recursion is prevented by check_cfg() this algorithm
* only needs a local stack of MAX_CALL_FRAMES to remember callsites
*/
-static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx)
+static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx,
+ int *subtree_depth, int *depth_frame)
{
struct bpf_subprog_info *subprog = env->subprog_info;
struct bpf_insn *insn = env->prog->insnsi;
@@ -6070,10 +6071,9 @@ static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx)
return -EACCES;
}
depth += round_up_stack_depth(env, subprog[idx].stack_depth);
- if (depth > MAX_BPF_STACK) {
- verbose(env, "combined stack size of %d calls is %d. Too large\n",
- frame + 1, depth);
- return -EACCES;
+ if (depth > MAX_BPF_STACK && !*subtree_depth) {
+ *subtree_depth = depth;
+ *depth_frame = frame + 1;
}
continue_func:
subprog_end = subprog[idx + 1].start;
@@ -6173,15 +6173,19 @@ static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx)
static int check_max_stack_depth(struct bpf_verifier_env *env)
{
struct bpf_subprog_info *si = env->subprog_info;
- int ret;
+ int ret, subtree_depth = 0, depth_frame;
for (int i = 0; i < env->subprog_cnt; i++) {
if (!i || si[i].is_async_cb) {
- ret = check_max_stack_depth_subprog(env, i);
+ ret = check_max_stack_depth_subprog(env, i, &subtree_depth, &depth_frame);
if (ret < 0)
return ret;
}
- continue;
+ }
+ if (subtree_depth > MAX_BPF_STACK) {
+ verbose(env, "combined stack size of %d calls is %d. Too large\n",
+ depth_frame, subtree_depth);
+ return -EACCES;
}
return 0;
}
--
2.43.5
next prev parent reply other threads:[~2024-10-29 22:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-29 22:16 [PATCH bpf-next v7 0/9] bpf: Support private stack for bpf progs Yonghong Song
2024-10-29 22:16 ` Yonghong Song [this message]
2024-10-29 22:16 ` [PATCH bpf-next v7 2/9] bpf: Allow private stack to have each subprog having stack size of 512 bytes Yonghong Song
2024-10-29 22:16 ` [PATCH bpf-next v7 3/9] bpf: Check potential private stack recursion for progs with async callback Yonghong Song
2024-10-29 22:16 ` [PATCH bpf-next v7 4/9] bpf: Allocate private stack for eligible main prog or subprogs Yonghong Song
2024-10-29 22:17 ` [PATCH bpf-next v7 5/9] bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth Yonghong Song
2024-10-29 22:17 ` [PATCH bpf-next v7 6/9] bpf, x86: Support private stack in jit Yonghong Song
2024-10-29 22:17 ` [PATCH bpf-next v7 7/9] selftests/bpf: Add tracing prog private stack tests Yonghong Song
2024-10-29 22:17 ` [PATCH bpf-next v7 8/9] bpf: Support private stack for struct_ops progs Yonghong Song
2024-10-30 23:14 ` Tejun Heo
2024-10-29 22:17 ` [PATCH bpf-next v7 9/9] selftests/bpf: Add struct_ops prog private stack tests Yonghong Song
2024-10-30 23:29 ` Tejun Heo
2024-10-31 19:37 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241029221642.264723-1-yonghong.song@linux.dev \
--to=yonghong.song@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=martin.lau@kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox