Re: [PATCH RFC bpf-next v3 08/16] bpf/verifier: do_misc_fixups for is_bpf_timer_set_sleepable_cb_kfunc

[Eduard Zingerman]

On Wed, 2024-02-21 at 17:25 +0100, Benjamin Tissoires wrote:
> This is still a WIP, but I think this can be dropped as we never
> get to this instruction. So what should we do here?

As Alexei replied in a separate sub-thread you probably want this
for sleepable timers. Here is full source code block:

        if (insn->imm == BPF_FUNC_timer_set_callback ||
            is_bpf_timer_set_sleepable_cb_kfunc(insn->imm)) {
            ...
            struct bpf_insn ld_addrs[2] = {
                BPF_LD_IMM64(BPF_REG_3, (long)prog->aux),
            };

            insn_buf[0] = ld_addrs[0];
            insn_buf[1] = ld_addrs[1];
            insn_buf[2] = *insn;
            cnt = 3;

            new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
            ...
        }

Effectively, it sets up third function call parameter (R3)
for timer_set_callback() to be prog->aux.
E.g. before bpf_patch_insn_data():

   r1 = ... timer ...
   r2 = ... callback address ...
   call timer_set_callback

After bpf_patch_insn_data():

   r1 = ... timer ...
   r2 = ... callback address ...
   r3 = prog->aux ll
   call timer_set_callback

This way it won't be necessary to walk stack in search for ctx.aux
in bpf_timer_set_sleepable_cb().