函数逻辑报告 |
Source Code:kernel\bpf\verifier.c |
Create Date:2022-07-27 14:18:22 |
Last Modify:2022-05-19 20:02:10 | Copyright©Brick |
首页 | 函数Tree |
注解内核,赢得工具 | 下载SCCT | English |
函数名称:do_check
函数原型:static int do_check(struct bpf_verifier_env *env)
返回类型:int
参数:
类型 | 参数 | 名称 |
---|---|---|
struct bpf_verifier_env * | env |
7741 | insn_cnt等于 Number of filter blocks |
7742 | bool do_print_state = false |
7743 | prev_insn_idx等于负1 |
7745 | prev_linfo = NULL |
7750 | curframe等于0 |
7751 | speculative = false |
7753 | call stack tracking [0]等于分配内存并置零 |
7754 | 如果非 call stack tracking [0]则 |
7758 | current verifier state 等于state |
7759 | init_func_state(env, call stack tracking [0], BPF_MAIN_FUNC, 0, 0) |
7764 | 如果btf_check_func_arg_match(env, 0)则返回:负EINVAL |
7767 | 循环 |
7772 | prev_insn_idx等于prev_insn_idx |
7780 | class等于Instruction classes ( opcode ) |
7782 | 如果umber of instructions analyzed by the verifier 先自加大于yes. 1M insns 则 |
7783 | verbose(env, "BPF program is too large. Processed %d insn\n", umber of instructions analyzed by the verifier ) |
7786 | 返回:负E2BIG |
7789 | err等于is_state_visited(env, insn_idx) |
7792 | 如果err恒等于1则 |
7794 | 如果level按位与BPF_LOG_LEVEL则 |
7795 | 如果do_print_state则verbose(env, "\nfrom %d to %d%s: safe\n", prev_insn_idx, insn_idx, speculative ? " (speculative execution)" : "") |
7803 | 转到:process_bpf_exit |
7806 | 如果signal_pending(当前进程)则返回:负EAGAIN |
7809 | 如果need_resched()则cond_resched() |
7812 | 如果level按位与BPF_LOG_LEVEL2或level按位与BPF_LOG_LEVEL且do_print_state则 |
7814 | 如果level按位与BPF_LOG_LEVEL2则verbose(env, "%d:", insn_idx) |
7816 | 否则verbose(env, "\nfrom %d to %d%s:", prev_insn_idx, insn_idx, speculative ? " (speculative execution)" : "") |
7822 | do_print_state = false |
7825 | 如果level按位与BPF_LOG_LEVEL则 |
7826 | const struct bpf_insn_cbs cbs = {cb_print = verbose, private_data = env, } |
7831 | verbose_linfo(env, insn_idx, "; ") |
7833 | print_bpf_insn( & cbs, insn, allow_ptr_leaks) |
7836 | 如果bpf_prog_is_dev_bound( Auxiliary fields )则 |
7844 | this insn was processed by the verifier = true |
7845 | prev_insn_idx等于insn_idx |
7847 | 如果class恒等于BPF_ALU或class恒等于alu mode in double word width 则 |
7862 | err等于check_reg_arg(env, dest register , DST_OP_NO_MARK) |
7879 | 如果prev_src_type恒等于hing was written into register 则 |
7884 | prev_src_type等于src_reg_type |
7901 | 如果BPF BPF_DW 0x18 64-bit ( opcode )恒等于xclusive add 则 |
7929 | 如果prev_dst_type恒等于hing was written into register 则 |
7930 | prev_dst_type等于dst_reg_type |
7937 | 如果BPF BPF_DW 0x18 64-bit ( opcode )不等于BPF_MEM或 source register 不等于BPF_REG_0则 |
7947 | 如果is_ctx_reg(env, dest register )则 |
7948 | verbose(env, "BPF_ST stores into R%d %s is not allowed\n", dest register , string representation of 'enum bpf_reg_type' [type]) |
7951 | 返回:负EACCES |
7961 | 否则如果class恒等于BPF_JMP或class恒等于jmp mode in word width 则 |
7962 | opcode等于alu/jmp fields ( opcode ) |
7965 | 如果opcode恒等于unction call 则 |
7982 | 如果 source register 恒等于when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative* offset to another bpf function则err等于check_func_call(env, insn, & insn_idx) |
7984 | 否则err等于check_helper_call(env, signed immediate constant , insn_idx) |
7990 | 如果BPF_SRC( opcode )不等于BPF_K或 signed immediate constant 不等于0或 source register 不等于BPF_REG_0或 dest register 不等于BPF_REG_0或class恒等于jmp mode in word width 则 |
7999 | insn_idx加等于 signed offset 加1 |
8000 | 继续下一循环 |
8002 | 否则如果opcode恒等于unction return 则 |
8003 | 如果BPF_SRC( opcode )不等于BPF_K或 signed immediate constant 不等于0或 source register 不等于BPF_REG_0或 dest register 不等于BPF_REG_0或class恒等于jmp mode in word width 则 |
8012 | 如果active_spin_lock则 |
8017 | 如果curframe则 |
8026 | err等于check_reference_leak(env) |
8040 | 如果is_pointer_value(env, BPF_REG_0)则 |
8045 | err等于check_return_code(env) |
8048 | process_bpf_exit : |
8050 | err等于pop_stack(env, & prev_insn_idx, & insn_idx) |
8052 | 如果err小于0则 |
8056 | 否则 |
8057 | do_print_state = true |
8058 | 继续下一循环 |
8060 | 否则 |
8066 | mode等于BPF BPF_DW 0x18 64-bit ( opcode ) |
8078 | insn_idx自加 |
8079 | this insn was processed by the verifier = true |
8080 | 否则 |
8084 | 否则 |
8089 | insn_idx自加 |
8093 | 返回:0 |
名称 | 描述 |
---|---|
bpf_check |
源代码转换工具 开放的插件接口 | X |
---|---|
支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |