bpf: remove old offload/analyzer

Thanks to the ability to load a program for a specific device,
running verifier twice is no longer needed.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index e45011dbc02d4a249e3f0e795fd8463ef33eebe7..07b96aaca2567df8dd3cd6064b861cbd8a961f0e 100644 (file)
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -152,9 +152,7 @@ struct bpf_verifier_env {
        bool strict_alignment;          /* perform strict pointer alignment checks */
        struct bpf_verifier_state *cur_state; /* current verifier state */
        struct bpf_verifier_state_list **explored_states; /* search pruning optimization */
-       const struct bpf_ext_analyzer_ops *analyzer_ops; /* external analyzer ops */
        const struct bpf_ext_analyzer_ops *dev_ops; /* device analyzer ops */
-       void *analyzer_priv; /* pointer to external analyzer's private data */
        struct bpf_map *used_maps[MAX_USED_MAPS]; /* array of map's used by eBPF program */
        u32 used_map_cnt;               /* number of used maps */
        u32 id_gen;                     /* used to generate unique reg IDs */
@@ -179,7 +177,4 @@ int bpf_prog_offload_verifier_prep(struct bpf_verifier_env *env)
 }
 #endif
 
-int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
-                void *priv);
-
 #endif /* _LINUX_BPF_VERIFIER_H */

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 51aabb32ad67db2661c1841c80551392e9f40e77..add845fe788a8a481b6823c2191a693adfbad887 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -949,9 +949,6 @@ static int check_ctx_access(struct bpf_verifier_env *env, int insn_idx, int off,
                 */
                *reg_type = info.reg_type;
 
-               if (env->analyzer_ops)
-                       return 0;
-
                env->insn_aux_data[insn_idx].ctx_field_size = info.ctx_field_size;
                /* remember the offset of last byte accessed in ctx */
                if (env->prog->aux->max_ctx_offset < off + size)
@@ -3736,9 +3733,6 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
 static int ext_analyzer_insn_hook(struct bpf_verifier_env *env,
                                  int insn_idx, int prev_insn_idx)
 {
-       if (env->analyzer_ops && env->analyzer_ops->insn_hook)
-               return env->analyzer_ops->insn_hook(env, insn_idx,
-                                                   prev_insn_idx);
        if (env->dev_ops && env->dev_ops->insn_hook)
                return env->dev_ops->insn_hook(env, insn_idx, prev_insn_idx);
 
@@ -4601,72 +4595,3 @@ err_free_env:
        kfree(env);
        return ret;
 }
-
-static const struct bpf_verifier_ops * const bpf_analyzer_ops[] = {
-#ifdef CONFIG_NET
-       [BPF_PROG_TYPE_XDP]             = &xdp_analyzer_ops,
-       [BPF_PROG_TYPE_SCHED_CLS]       = &tc_cls_act_analyzer_ops,
-#endif
-};
-
-int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
-                void *priv)
-{
-       struct bpf_verifier_env *env;
-       int ret;
-
-       if (prog->type >= ARRAY_SIZE(bpf_analyzer_ops) ||
-           !bpf_analyzer_ops[prog->type])
-               return -EOPNOTSUPP;
-
-       env = kzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
-       if (!env)
-               return -ENOMEM;
-
-       env->insn_aux_data = vzalloc(sizeof(struct bpf_insn_aux_data) *
-                                    prog->len);
-       ret = -ENOMEM;
-       if (!env->insn_aux_data)
-               goto err_free_env;
-       env->prog = prog;
-       env->ops = bpf_analyzer_ops[env->prog->type];
-       env->analyzer_ops = ops;
-       env->analyzer_priv = priv;
-
-       /* grab the mutex to protect few globals used by verifier */
-       mutex_lock(&bpf_verifier_lock);
-
-       env->strict_alignment = false;
-       if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
-               env->strict_alignment = true;
-
-       env->explored_states = kcalloc(env->prog->len,
-                                      sizeof(struct bpf_verifier_state_list *),
-                                      GFP_KERNEL);
-       ret = -ENOMEM;
-       if (!env->explored_states)
-               goto skip_full_check;
-
-       ret = check_cfg(env);
-       if (ret < 0)
-               goto skip_full_check;
-
-       env->allow_ptr_leaks = capable(CAP_SYS_ADMIN);
-
-       ret = do_check(env);
-       if (env->cur_state) {
-               free_verifier_state(env->cur_state, true);
-               env->cur_state = NULL;
-       }
-
-skip_full_check:
-       while (!pop_stack(env, NULL, NULL));
-       free_states(env);
-
-       mutex_unlock(&bpf_verifier_lock);
-       vfree(env->insn_aux_data);
-err_free_env:
-       kfree(env);
-       return ret;
-}
-EXPORT_SYMBOL_GPL(bpf_analyzer);

diff --git a/net/core/filter.c b/net/core/filter.c
index a0112168d6f9bfdf624b9a6ae772c8a0221e7050..1afa17935954b71ff6ae30d84511a0023afa9cc8 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3777,25 +3777,6 @@ static bool tc_cls_act_is_valid_access(int off, int size,
        return bpf_skb_is_valid_access(off, size, type, info);
 }
 
-static bool
-tc_cls_act_is_valid_access_analyzer(int off, int size,
-                                   enum bpf_access_type type,
-                                   struct bpf_insn_access_aux *info)
-{
-       switch (off) {
-       case offsetof(struct sk_buff, len):
-               return true;
-       case offsetof(struct sk_buff, data):
-               info->reg_type = PTR_TO_PACKET;
-               return true;
-       case offsetof(struct sk_buff, cb) +
-            offsetof(struct bpf_skb_data_end, data_end):
-               info->reg_type = PTR_TO_PACKET_END;
-               return true;
-       }
-       return false;
-}
-
 static bool __is_valid_xdp_access(int off, int size)
 {
        if (off < 0 || off >= sizeof(struct xdp_md))
@@ -3830,21 +3811,6 @@ static bool xdp_is_valid_access(int off, int size,
        return __is_valid_xdp_access(off, size);
 }
 
-static bool xdp_is_valid_access_analyzer(int off, int size,
-                                        enum bpf_access_type type,
-                                        struct bpf_insn_access_aux *info)
-{
-       switch (off) {
-       case offsetof(struct xdp_buff, data):
-               info->reg_type = PTR_TO_PACKET;
-               return true;
-       case offsetof(struct xdp_buff, data_end):
-               info->reg_type = PTR_TO_PACKET_END;
-               return true;
-       }
-       return false;
-}
-
 void bpf_warn_invalid_xdp_action(u32 act)
 {
        const u32 act_max = XDP_REDIRECT;
@@ -4516,10 +4482,6 @@ const struct bpf_verifier_ops tc_cls_act_verifier_ops = {
        .gen_prologue           = tc_cls_act_prologue,
 };
 
-const struct bpf_verifier_ops tc_cls_act_analyzer_ops = {
-       .is_valid_access        = tc_cls_act_is_valid_access_analyzer,
-};
-
 const struct bpf_prog_ops tc_cls_act_prog_ops = {
        .test_run               = bpf_prog_test_run_skb,
 };
@@ -4530,10 +4492,6 @@ const struct bpf_verifier_ops xdp_verifier_ops = {
        .convert_ctx_access     = xdp_convert_ctx_access,
 };
 
-const struct bpf_verifier_ops xdp_analyzer_ops = {
-       .is_valid_access        = xdp_is_valid_access_analyzer,
-};
-
 const struct bpf_prog_ops xdp_prog_ops = {
        .test_run               = bpf_prog_test_run_xdp,
 };