bpf: fix env->peak_states computation (574078b0) · Commits · git / linux-net

include/linux/bpf_verifier.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -772,6 +772,8 @@ struct bpf_verifier_env {
		u32 peak_states;
		/* longest register parentage chain walked for liveness marking */
		u32 longest_mark_read_walk;
		u32 free_list_size;
		u32 explored_states_size;
		bpfptr_t fd_array;

		/* bit mask to keep track of whether a register has been accessed

+13 −2

Original line number	Diff line number	Diff line
		@@ -1609,6 +1609,14 @@ static struct bpf_reference_state find_lock_state(struct bpf_verifier_state st
		return NULL;
		}

		static void update_peak_states(struct bpf_verifier_env *env)
		{
		u32 cur_states;

		cur_states = env->explored_states_size + env->free_list_size;
		env->peak_states = max(env->peak_states, cur_states);
		}

		static void free_func_state(struct bpf_func_state *state)
		{
		if (!state)
		@@ -1670,7 +1678,7 @@ static void maybe_free_verifier_state(struct bpf_verifier_env *env,
		list_del(&sl->node);
		free_verifier_state(&sl->state, false);
		kfree(sl);
		env->peak_states--;
		env->free_list_size--;
		sl = loop_entry_sl;
		}
		}
		@@ -18858,6 +18866,8 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
		sl->in_free_list = true;
		list_del(&sl->node);
		list_add(&sl->node, &env->free_list);
		env->free_list_size++;
		env->explored_states_size--;
		maybe_free_verifier_state(env, sl);
		}
		}
		@@ -18884,7 +18894,8 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
		if (!new_sl)
		return -ENOMEM;
		env->total_states++;
		env->peak_states++;
		env->explored_states_size++;
		update_peak_states(env);
		env->prev_jmps_processed = env->jmps_processed;
		env->prev_insn_processed = env->insn_processed;