diff options
| author | Paul Chaignon <paul@isovalent.com> | 2021-12-19 20:59:43 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2021-12-21 05:33:37 +0100 |
| commit | 249a240f56f88e69fe97cdcf8fb614ade2251958 (patch) | |
| tree | 295327a5cb0e9b2f9aad94ff37863b94aed81405 /sys/linux | |
| parent | b747e572ec589543e9ccb870158f467f7fa3d825 (diff) | |
sys/linux: support callback BPF functions
Commit [1] upstream introduced a new BPF helper, bpf_for_each_map_elem,
which comes with callback functions (BPF programs). The callback
function's address is provided via a 64-bit IMM load instruction where
the first 32-bit of the immediate value are the offset from the current
instruction to the start of the callback function. The 64-bit value is
then rewritten into the address of the callback function.
Callback BPF functions are similar to BPF_PSEUDO_CALL functions, except
the offset to the function is converted into an address to be passed to
a BPF helper. The same workaround is thus used to encode the offset in
syzkaller, given we can't currently limit the offset to the program
size.
1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69c087ba6225b
Signed-off-by: Paul Chaignon <paul@isovalent.com>
Diffstat (limited to 'sys/linux')
| -rw-r--r-- | sys/linux/bpf.txt | 14 | ||||
| -rw-r--r-- | sys/linux/bpf.txt.const | 1 |
2 files changed, 15 insertions, 0 deletions
diff --git a/sys/linux/bpf.txt b/sys/linux/bpf.txt index e7d3a512b..fcf0a8f07 100644 --- a/sys/linux/bpf.txt +++ b/sys/linux/bpf.txt @@ -236,6 +236,7 @@ bpf_insn [ map_val bpf_insn_map_value map_idx_val bpf_insn_map_idx_value btf_id bpf_insn_btf_id + cb_func bpf_insn_cb_func ] [varlen] bpf_insn_generic { @@ -413,6 +414,19 @@ bpf_insn_map_idx_value { imm2 int32 } +bpf_insn_cb_func { + code const[bpf_insn_load_imm_dw, int8] + dst flags[bpf_reg, int8:4] + src const[BPF_PSEUDO_FUNC, int8:4] + off const[0, int16] +# NEED: to limit the call offset to the program size, we'd need support for path expressions inside ranges of values. + imm int32[-8:8] + code2 const[0, int8] + regs2 const[0, int8] + off2 const[0, int16] + imm2 const[0, int32] +} + bpf_insn_btf_id { code const[bpf_insn_load_imm_dw, int8] dst flags[bpf_reg, int8:4] diff --git a/sys/linux/bpf.txt.const b/sys/linux/bpf.txt.const index 83ff643d5..5f8cf4c07 100644 --- a/sys/linux/bpf.txt.const +++ b/sys/linux/bpf.txt.const @@ -192,6 +192,7 @@ BPF_PROG_TYPE_TRACING = 26 BPF_PROG_TYPE_XDP = 6 BPF_PSEUDO_BTF_ID = 3 BPF_PSEUDO_CALL = 1 +BPF_PSEUDO_FUNC = 4 BPF_PSEUDO_MAP_FD = 1 BPF_PSEUDO_MAP_IDX = 5 BPF_PSEUDO_MAP_IDX_VALUE = 6 |