• Alexei Starovoitov's avatar
    bpf: introduce function calls (function boundaries) · cc8b0b92
    Alexei Starovoitov authored
    Allow arbitrary function calls from bpf function to another bpf function.
    
    Since the beginning of bpf all bpf programs were represented as a single function
    and program authors were forced to use always_inline for all functions
    in their C code. That was causing llvm to unnecessary inflate the code size
    and forcing developers to move code to header files with little code reuse.
    
    With a bit of additional complexity teach verifier to recognize
    arbitrary function calls from one bpf function to another as long as
    all of functions are presented to the verifier as a single bpf program.
    New program layout:
    r6 = r1    // some code
    ..
    r1 = ..    // arg1
    r2 = ..    // arg2
    call pc+1  // function call pc-relative
    exit
    .. = r1    // access arg1
    .. = r2    // access arg2
    ..
    call pc+20 // second level of function call
    ...
    
    It allows for better optimized code and finally allows to introduce
    the core bpf libraries that can be reused in different projects,
    since programs are no longer limited by single elf file.
    With function calls bpf can be compiled into multiple .o files.
    
    This patch is the first step. It detects programs that contain
    multiple functions and checks that calls between them are valid.
    It splits the sequence of bpf instructions (one program) into a set
    of bpf functions that call each other. Calls to only known
    functions are allowed. In the future the verifier may allow
    calls to unresolved functions and will do dynamic linking.
    This logic supports statically linked bpf functions only.
    
    Such function boundary detection could have been done as part of
    control flow graph building in check_cfg(), but it's cleaner to
    separate function boundary detection vs control flow checks within
    a subprogram (function) into logically indepedent steps.
    Follow up patches may split check_cfg() further, but not check_subprogs().
    
    Only allow bpf-to-bpf calls for root only and for non-hw-offloaded programs.
    These restrictions can be relaxed in the future.
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    cc8b0b92
verifier.c 139 KB