From 7b53e4c6fee09d4302531987a4d15325c3c68f76 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 19 May 2025 11:10:36 +0000 Subject: [PATCH] Revert "bpf: track changes_pkt_data property for global functions" This reverts commit 79751e9227a5910c0e5a2c7186877d91821d957d which is commit 51081a3f25c742da5a659d7fc6fd77ebfdd555be upstream. It breaks the Android kernel abi and can be brought back in the future in an abi-safe way if it is really needed. Bug: 161946584 Change-Id: Ia665bdeb8ea5b714a017beebf9bc9ba660a79a75 Signed-off-by: Greg Kroah-Hartman --- include/linux/bpf_verifier.h | 1 - kernel/bpf/verifier.c | 32 +------------------------------- 2 files changed, 1 insertion(+), 32 deletions(-) diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index 61d453b58050..e0d8971d8ef2 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -574,7 +574,6 @@ struct bpf_subprog_info { bool tail_call_reachable; bool has_ld_abs; bool is_async_cb; - bool changes_pkt_data; ANDROID_KABI_RESERVE(1); }; diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 9093c1ba7ea9..0dba4ac5eeb2 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -9398,8 +9398,6 @@ static int check_func_call(struct bpf_verifier_env *env, struct bpf_insn *insn, if (env->log.level & BPF_LOG_LEVEL) verbose(env, "Func#%d is global and valid. Skipping.\n", subprog); - if (env->subprog_info[subprog].changes_pkt_data) - clear_all_pkt_pointers(env); clear_caller_saved_regs(env, caller->regs); /* All global functions return a 64-bit SCALAR_VALUE */ @@ -15150,29 +15148,6 @@ static int check_return_code(struct bpf_verifier_env *env) return 0; } -static void mark_subprog_changes_pkt_data(struct bpf_verifier_env *env, int off) -{ - struct bpf_subprog_info *subprog; - - subprog = find_containing_subprog(env, off); - subprog->changes_pkt_data = true; -} - -/* 't' is an index of a call-site. - * 'w' is a callee entry point. - * Eventually this function would be called when env->cfg.insn_state[w] == EXPLORED. - * Rely on DFS traversal order and absence of recursive calls to guarantee that - * callee's change_pkt_data marks would be correct at that moment. - */ -static void merge_callee_effects(struct bpf_verifier_env *env, int t, int w) -{ - struct bpf_subprog_info *caller, *callee; - - caller = find_containing_subprog(env, t); - callee = find_containing_subprog(env, w); - caller->changes_pkt_data |= callee->changes_pkt_data; -} - /* non-recursive DFS pseudo code * 1 procedure DFS-iterative(G,v): * 2 label v as discovered @@ -15306,7 +15281,6 @@ static int visit_func_call_insn(int t, struct bpf_insn *insns, bool visit_callee) { int ret, insn_sz; - int w; insn_sz = bpf_is_ldimm64(&insns[t]) ? 2 : 1; ret = push_insn(t, t + insn_sz, FALLTHROUGH, env); @@ -15318,10 +15292,8 @@ static int visit_func_call_insn(int t, struct bpf_insn *insns, mark_jmp_point(env, t + insn_sz); if (visit_callee) { - w = t + insns[t].imm + 1; mark_prune_point(env, t); - merge_callee_effects(env, t, w); - ret = push_insn(t, w, BRANCH, env); + ret = push_insn(t, t + insns[t].imm + 1, BRANCH, env); } return ret; } @@ -15373,8 +15345,6 @@ static int visit_insn(int t, struct bpf_verifier_env *env) mark_prune_point(env, t); mark_jmp_point(env, t); } - if (bpf_helper_call(insn) && bpf_helper_changes_pkt_data(insn->imm)) - mark_subprog_changes_pkt_data(env, t); if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) { struct bpf_kfunc_call_arg_meta meta;