函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-27 14:11:07
Last Modify:2022-05-19 20:02:10 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:heck_stack_read/write functions track spill/fill of registers,* stack boundary and alignment are checked in check_mem_access()

函数原型:static int check_stack_write(struct bpf_verifier_env *env, struct bpf_func_state *state, int off, int size, int value_regno, int insn_idx)

返回类型:int

参数:

类型参数名称
struct bpf_verifier_env *env
struct bpf_func_state *stateunc where register points to
intoff
intsize
intvalue_regno
intinsn_idx
1956  slot等于负off减1, spi等于slot除size of eBPF register in bytes
1957  dst_reg等于 dest register
1958  struct bpf_reg_state * reg = NULL
1960  err等于do_check() starts with zero-sized stack in struct bpf_verifier_state to* make it consume minimal amount of memory
1962  如果err则返回:err
1967  如果非allow_ptr_leaksslot_type[0]恒等于 register spilled into stack size不等于size of eBPF register in bytes
1970  verbose(env, "attempt to corrupt spilled pointer on stack\n")
1971  返回:负EACCES
1974  cur等于 call stack tracking [curframe]
1975  如果value_regno大于等于0则reg等于regs[value_regno]
1978  如果regsize恒等于size of eBPF register in bytes register_is_const(reg)且非Does this register contain a constant zero? allow_ptr_leaks
1980  如果dst_reg不等于BPF_REG_FP
1987  err等于mark_chain_precision(env, value_regno)
1988  如果err则返回:err
1991  save_register_state(unc where register points to , spi, reg)
1992  否则如果regis_spillable_regtype( Ordering of fields matters. See states_equal() )则
1994  如果size不等于size of eBPF register in bytes
1995  verbose_linfo(env, insn_idx, "; ")
1996  verbose(env, "invalid size of register spill\n")
1997  返回:负EACCES
2000  如果unc where register points to 不等于cur Ordering of fields matters. See states_equal() 恒等于g == frame_pointer + offset
2001  verbose(env, "cannot spill pointers to stack into stack frame of the caller\n")
2002  返回:负EINVAL
2005  如果非allow_ptr_leaks
2006  bool sanitize = false
2008  如果slot_type[0]恒等于 register spilled into stack register_is_const( & spilled_ptr)则sanitize = true
2011 i小于size of eBPF register in bytes 循环如果slot_type[i]恒等于 BPF program wrote some data into this slot
2013  sanitize = true
2014  退出
2016  如果sanitize
2017  poff等于 stack slot to be cleared
2018  soff等于负spi减1的差乘size of eBPF register in bytes
2027  如果poffpoff不等于soff
2032  verbose(env, "insn %d cannot access two stack slots fp%d and fp%d", insn_idx, * poff, soff)
2035  返回:负EINVAL
2037  poff等于soff
2040  save_register_state(unc where register points to , spi, reg)
2041  否则
2042  type等于 BPF program wrote some data into this slot
2045  Ordering of fields matters. See states_equal() 等于hing was written into register
2047  如果slot_type[0]恒等于 register spilled into stack 则以i小于size of eBPF register in bytes 循环
2049  slot_type[i]等于 BPF program wrote some data into this slot
2059  如果size恒等于size of eBPF register in bytes live或等于g was written first, screening off later reads
2063  如果regDoes this register contain a constant zero?
2065  err等于mark_chain_precision(env, value_regno)
2066  如果err则返回:err
2068  type等于 BPF program wrote constant zero
2072 i小于size循环slot_type[(slot - i) % size of eBPF register in bytes ]等于type
2076  返回:0
调用者
名称描述
check_mem_accessheck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&