Skip to content

Commit

Permalink
Splits stricter_controlflow from static_syscalls.
Browse files Browse the repository at this point in the history
  • Loading branch information
Lichtso committed Nov 21, 2024
1 parent 291c16c commit c1062a2
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/interpreter.rs
Original file line number Diff line number Diff line change
Expand Up @@ -518,7 +518,7 @@ impl<'a, 'b, C: ContextObject> Interpreter<'a, 'b, C> {
return false;
}
check_pc!(self, next_pc, target_pc.wrapping_sub(self.program_vm_addr) / ebpf::INSN_SIZE as u64);
if self.executable.get_sbpf_version().static_syscalls() && self.executable.get_function_registry().lookup_by_key(next_pc as u32).is_none() {
if self.executable.get_sbpf_version().stricter_controlflow() && self.executable.get_function_registry().lookup_by_key(next_pc as u32).is_none() {
self.vm.due_insn_count += 1;
self.reg[11] = next_pc;
throw_error!(self, EbpfError::UnsupportedInstruction);
Expand Down
2 changes: 1 addition & 1 deletion src/jit.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1680,7 +1680,7 @@ impl<'a, C: ContextObject> JitCompiler<'a, C> {
}
// There is no `VerifierError::JumpToMiddleOfLDDW` for `call imm` so patch it here
let call_unsupported_instruction = self.anchors[ANCHOR_CALL_UNSUPPORTED_INSTRUCTION] as usize;
if self.executable.get_sbpf_version().static_syscalls() {
if self.executable.get_sbpf_version().stricter_controlflow() {
let mut prev_pc = 0;
for current_pc in self.executable.get_function_registry().keys() {
if current_pc as usize >= self.result.pc_section.len() {
Expand Down
5 changes: 5 additions & 0 deletions src/program.rs
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,11 @@ impl SBPFVersion {
}
}

/// Restricts jump and call targets to function boundaries
pub fn stricter_controlflow(&self) -> bool {
self != &SBPFVersion::V1
}

/// Move opcodes of memory instructions into ALU instruction classes
pub fn move_memory_instruction_classes(self) -> bool {
self != SBPFVersion::V1
Expand Down
6 changes: 3 additions & 3 deletions src/verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,7 @@ impl Verifier for RequisiteVerifier {
let insn = ebpf::get_insn(prog, insn_ptr);
let mut store = false;

if sbpf_version.static_syscalls() && function_iter.peek() == Some(&insn_ptr) {
if sbpf_version.stricter_controlflow() && function_iter.peek() == Some(&insn_ptr) {
function_range.start = function_iter.next().unwrap_or(0);
function_range.end = *function_iter.peek().unwrap_or(&program_range.end);
let insn = ebpf::get_insn(prog, function_range.end.saturating_sub(1));
Expand Down Expand Up @@ -390,7 +390,7 @@ impl Verifier for RequisiteVerifier {
ebpf::JSLT_REG => { check_jmp_offset(prog, insn_ptr, &function_range)?; },
ebpf::JSLE_IMM => { check_jmp_offset(prog, insn_ptr, &function_range)?; },
ebpf::JSLE_REG => { check_jmp_offset(prog, insn_ptr, &function_range)?; },
ebpf::CALL_IMM if sbpf_version.static_syscalls() => {
ebpf::CALL_IMM if sbpf_version.stricter_controlflow() => {
let target_pc = sbpf_version.calculate_call_imm_target_pc(insn_ptr, insn.imm);
check_call_target(
target_pc,
Expand All @@ -402,7 +402,7 @@ impl Verifier for RequisiteVerifier {
ebpf::CALL_REG => { check_callx_register(&insn, insn_ptr, sbpf_version)?; },
ebpf::EXIT if !sbpf_version.static_syscalls() => {},
ebpf::RETURN if sbpf_version.static_syscalls() => {},
ebpf::SYSCALL if sbpf_version.static_syscalls() => {
ebpf::SYSCALL if sbpf_version.stricter_controlflow() => {
check_call_target(
insn.imm as u32,
syscall_registry,
Expand Down

0 comments on commit c1062a2

Please sign in to comment.