[bpf-next v8 1/5] bpf: Move constants blinding from JIT to verifier

Mon Mar 9 23:52:51 PDT 2026

On 3/10/2026 1:20 AM, Anton Protopopov wrote:

[...]

>>   	if (!jit_data) {
>>   		jit_data = kzalloc_obj(*jit_data);
>> -		if (!jit_data) {
>> -			prog = orig_prog;
>> +		if (!jit_data)
>>   			goto out;
>> -		}
>>   		prog->aux->jit_data = jit_data;
>>   	}
>>   	priv_stack_ptr = prog->aux->priv_stack_ptr;
>> @@ -3765,10 +3749,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>   		priv_stack_alloc_sz = round_up(prog->aux->stack_depth, 8) +
>>   				      2 * PRIV_STACK_GUARD_SZ;
>>   		priv_stack_ptr = __alloc_percpu_gfp(priv_stack_alloc_sz, 8, GFP_KERNEL);
>> -		if (!priv_stack_ptr) {
>> -			prog = orig_prog;
>> +		if (!priv_stack_ptr)
>>   			goto out_priv_stack;
>> -		}
>>   
>>   		priv_stack_init_guard(priv_stack_ptr, priv_stack_alloc_sz);
>>   		prog->aux->priv_stack_ptr = priv_stack_ptr;
>> @@ -3786,10 +3768,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>   		goto skip_init_addrs;
>>   	}
>>   	addrs = kvmalloc_objs(*addrs, prog->len + 1);
>> -	if (!addrs) {
>> -		prog = orig_prog;
>> +	if (!addrs)
>>   		goto out_addrs;
>> -	}
>>   
>>   	/*
>>   	 * Before first pass, make a rough estimation of addrs[]
>> @@ -3820,8 +3800,6 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>   						   sizeof(rw_header->size));
>>   				bpf_jit_binary_pack_free(header, rw_header);
>>   			}
>> -			/* Fall back to interpreter mode */
>> -			prog = orig_prog;
>>   			if (extra_pass) {
>>   				prog->bpf_func = NULL;
>>   				prog->jited = 0;
>> @@ -3852,10 +3830,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>   			header = bpf_jit_binary_pack_alloc(roundup(proglen, align) + extable_size,
>>   							   &image, align, &rw_header, &rw_image,
>>   							   jit_fill_hole);
>> -			if (!header) {
>> -				prog = orig_prog;
>> +			if (!header)
>>   				goto out_addrs;
>> -			}
>>   			prog->aux->extable = (void *) image + roundup(proglen, align);
>>   		}
>>   		oldproglen = proglen;
>> @@ -3908,8 +3884,6 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>   		prog->bpf_func = (void *)image + cfi_get_offset();
>>   		prog->jited = 1;
>>   		prog->jited_len = proglen - cfi_get_offset();
>> -	} else {
>> -		prog = orig_prog;
>>   	}
>>   
>>   	if (!image || !prog->is_func || extra_pass) {
>> @@ -3925,10 +3899,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>   		kfree(jit_data);
>>   		prog->aux->jit_data = NULL;
>>   	}
>> +
>>   out:
> 
> small nit: is the label 'out' necessary now?
> 

There is a "goto out" in the "if (!jit_data)" body, but it is the
only one, I'll replace it with a direct "return prog" and remove
the out label.