Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-28 12:57:36
Last Modify:2022-05-19 20:02:10 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:heck_stack_read/write functions track spill/fill of registers,* stack boundary and alignment are checked in check_mem_access()

Proto:static int check_stack_write(struct bpf_verifier_env *env, struct bpf_func_state *state, int off, int size, int value_regno, int insn_idx)

Type:int

Parameter:

TypeParameterName
struct bpf_verifier_env *env
struct bpf_func_state *stateunc where register points to
intoff
intsize
intvalue_regno
intinsn_idx
1956  slot = -off - 1 , spi = slot / size of eBPF register in bytes
1957  dst_reg = dest register
1958  struct bpf_reg_state * reg = NULL
1960  err = do_check() starts with zero-sized stack in struct bpf_verifier_state to* make it consume minimal amount of memory
1962  If err Then Return err
1967  If Not allow_ptr_leaks && slot_type[0] == register spilled into stack && size != size of eBPF register in bytes Then
1970  verbose(env, "attempt to corrupt spilled pointer on stack\n")
1971  Return -EACCES
1974  cur = call stack tracking [curframe]
1975  If value_regno >= 0 Then reg = regs[value_regno]
1978  If reg && size == size of eBPF register in bytes && register_is_const(reg) && Not Does this register contain a constant zero? && allow_ptr_leaks Then
1980  If dst_reg != BPF_REG_FP Then
1987  err = mark_chain_precision(env, value_regno)
1988  If err Then Return err
1991  save_register_state(unc where register points to , spi, reg)
1992  Else if reg && is_spillable_regtype( Ordering of fields matters. See states_equal() ) Then
1994  If size != size of eBPF register in bytes Then
1995  verbose_linfo(env, insn_idx, "; ")
1996  verbose(env, "invalid size of register spill\n")
1997  Return -EACCES
2000  If unc where register points to != cur && Ordering of fields matters. See states_equal() == g == frame_pointer + offset Then
2001  verbose(env, "cannot spill pointers to stack into stack frame of the caller\n")
2002  Return -EINVAL
2005  If Not allow_ptr_leaks Then
2006  bool sanitize = false
2008  If slot_type[0] == register spilled into stack && register_is_const( & spilled_ptr) Then sanitize = true
2011  When i < size of eBPF register in bytes cycle If slot_type[i] == BPF program wrote some data into this slot Then
2013  sanitize = true
2014  Break
2016  If sanitize Then
2017  poff = stack slot to be cleared
2018  soff = (-spi - 1) * size of eBPF register in bytes
2027  If poff && poff != soff Then
2032  verbose(env, "insn %d cannot access two stack slots fp%d and fp%d", insn_idx, * poff, soff)
2035  Return -EINVAL
2037  poff = soff
2040  save_register_state(unc where register points to , spi, reg)
2041  Else
2042  type = BPF program wrote some data into this slot
2045  Ordering of fields matters. See states_equal() = hing was written into register
2047  If slot_type[0] == register spilled into stack Then When i < size of eBPF register in bytes cycle
2049  slot_type[i] = BPF program wrote some data into this slot
2059  If size == size of eBPF register in bytes Then live |= g was written first, screening off later reads
2063  If reg && Does this register contain a constant zero? Then
2065  err = mark_chain_precision(env, value_regno)
2066  If err Then Return err
2068  type = BPF program wrote constant zero
2072  When i < size cycle slot_type[(slot - i) % size of eBPF register in bytes ] = type
2076  Return 0
Caller
NameDescribe
check_mem_accessheck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&