do_check

类型	参数	名称
struct bpf_verifier_env *	env

7772

prev_insn_idx等于prev_insn_idx

7773

如果insn_idx大于等于insn_cnt则

7774

verbose(env, "invalid insn idx %d insn_cnt %d\n", insn_idx, insn_cnt)

7776

返回:负EFAULT

7779

insn等于insns[insn_idx]

7780

class等于Instruction classes ( opcode )

7782

如果umber of instructions analyzed by the verifier 先自加大于yes. 1M insns 则

7783

verbose(env, "BPF program is too large. Processed %d insn\n", umber of instructions analyzed by the verifier )

7786

返回:负E2BIG

7789

err等于is_state_visited(env, insn_idx)

7790

如果err小于0则返回:err

7792

如果err恒等于1则

7794

如果level按位与BPF_LOG_LEVEL则

7795

如果do_print_state则verbose(env, "\nfrom %d to %d%s: safe\n", prev_insn_idx, insn_idx, speculative ? " (speculative execution)" : "")

7800

否则verbose(env, "%d: safe\n", insn_idx)

7803

转到:process_bpf_exit

7806

如果signal_pending(当前进程)则返回:负EAGAIN

7809

如果need_resched()则cond_resched()

7812

如果level按位与BPF_LOG_LEVEL2或level按位与BPF_LOG_LEVEL且do_print_state则

7814

如果level按位与BPF_LOG_LEVEL2则verbose(env, "%d:", insn_idx)

7816

否则verbose(env, "\nfrom %d to %d%s:", prev_insn_idx, insn_idx, speculative ? " (speculative execution)" : "")

7821

print_verifier_state(env, call stack tracking [curframe])

7822

do_print_state = false

7825

如果level按位与BPF_LOG_LEVEL则

7826

const struct bpf_insn_cbs cbs = {cb_print = verbose, private_data = env, }

7831

verbose_linfo(env, insn_idx, "; ")

7832

verbose(env, "%d: ", insn_idx)

7833

print_bpf_insn( & cbs, insn, allow_ptr_leaks)

7836

如果bpf_prog_is_dev_bound( Auxiliary fields )则

7837

err等于bpf_prog_offload_verify_insn(env, insn_idx, prev_insn_idx)

7839

如果err则返回:err

7843

regs等于cur_regs(env)

7844

this insn was processed by the verifier = true

7845

prev_insn_idx等于insn_idx

7847

如果class恒等于BPF_ALU或class恒等于alu mode in double word width 则

7848

err等于heck validity of 32-bit and 64-bit arithmetic operations

7849

如果err则返回:err

7852

否则如果class恒等于BPF_LDX则

7858

err等于check_reg_arg(env, source register , register is used as source operand )

7859

如果err则返回:err

7862

err等于check_reg_arg(env, dest register , DST_OP_NO_MARK)

7863

如果err则返回:err

7866

src_reg_type等于 Ordering of fields matters. See states_equal()

7871

err等于heck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&

7874

如果err则返回:err

7877

prev_src_type等于 pointer type for load/store insns

7879

如果prev_src_type恒等于hing was written into register 则

7884

prev_src_type等于src_reg_type

7886

否则如果If an instruction was previously used with particular pointer types, then we* need to be careful to avoid cases such as the below, where it may be ok* for one branch accessing the pointer, but not ok for the other branch:* R1 = sock_ptr* goto X;* 则

7894

verbose(env, "same insn cannot be used with different pointers\n")

7895

返回:负EINVAL

7898

否则如果class恒等于BPF_STX则

7901

如果BPF BPF_DW 0x18 64-bit ( opcode )恒等于xclusive add 则

7902

err等于check_xadd(env, insn_idx, insn)

7903

如果err则返回:err

7905

insn_idx自加

7906

继续下一循环

7910

err等于check_reg_arg(env, source register , register is used as source operand )

7911

如果err则返回:err

7914

err等于check_reg_arg(env, dest register , register is used as source operand )

7915

如果err则返回:err

7918

dst_reg_type等于 Ordering of fields matters. See states_equal()

7921

7924

如果err则返回:err

7927

prev_dst_type等于 pointer type for load/store insns

7929

如果prev_dst_type恒等于hing was written into register 则

7930

prev_dst_type等于dst_reg_type

7931

7932

verbose(env, "same insn cannot be used with different pointers\n")

7933

返回:负EINVAL

7936

否则如果class恒等于BPF_ST则

7937

如果BPF BPF_DW 0x18 64-bit ( opcode )不等于BPF_MEM或 source register 不等于BPF_REG_0则

7939

verbose(env, "BPF_ST uses reserved fields\n")

7940

返回:负EINVAL

7943

err等于check_reg_arg(env, dest register , register is used as source operand )

7944

如果err则返回:err

7947

如果is_ctx_reg(env, dest register )则

7948

verbose(env, "BPF_ST stores into R%d %s is not allowed\n", dest register , string representation of 'enum bpf_reg_type' [type])

7951

返回:负EACCES

7955

7958

如果err则返回:err

7961

否则如果class恒等于BPF_JMP或class恒等于jmp mode in word width 则

7962

opcode等于alu/jmp fields ( opcode )

7964

umber of jmps, calls, exits analyzed so far 自加

7965

如果opcode恒等于unction call 则

7966

如果BPF_SRC( opcode )不等于BPF_K或 signed offset 不等于0或 source register 不等于BPF_REG_0且 source register 不等于when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative* offset to another bpf function或 dest register 不等于BPF_REG_0或class恒等于jmp mode in word width 则

7972

verbose(env, "BPF_CALL uses reserved fields\n")

7973

返回:负EINVAL

7976

如果active_spin_lock且 source register 恒等于when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative* offset to another bpf function或 signed immediate constant 不等于BPF_FUNC_spin_unlock的值则

7979

verbose(env, "function calls are not allowed while holding a lock\n")

7980

返回:负EINVAL

7982

如果 source register 恒等于when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative* offset to another bpf function则err等于check_func_call(env, insn, & insn_idx)

7984

否则err等于check_helper_call(env, signed immediate constant , insn_idx)

7986

如果err则返回:err

7989

否则如果opcode恒等于BPF_JA则

7990

如果BPF_SRC( opcode )不等于BPF_K或 signed immediate constant 不等于0或 source register 不等于BPF_REG_0或 dest register 不等于BPF_REG_0或class恒等于jmp mode in word width 则

7995

verbose(env, "BPF_JA uses reserved fields\n")

7996

返回:负EINVAL

7999

insn_idx加等于 signed offset 加1

8000

继续下一循环

8002

否则如果opcode恒等于unction return 则

8003

如果BPF_SRC( opcode )不等于BPF_K或 signed immediate constant 不等于0或 source register 不等于BPF_REG_0或 dest register 不等于BPF_REG_0或class恒等于jmp mode in word width 则

8008

verbose(env, "BPF_EXIT uses reserved fields\n")

8009

返回:负EINVAL

8012

如果active_spin_lock则

8013

verbose(env, "bpf_spin_unlock is missing\n")

8014

返回:负EINVAL

8017

如果curframe则

8019

err等于prepare_func_exit(env, & insn_idx)

8020

如果err则返回:err

8022

do_print_state = true

8023

继续下一循环

8026

err等于check_reference_leak(env)

8027

如果err则返回:err

8036

err等于check_reg_arg(env, BPF_REG_0, register is used as source operand )

8037

如果err则返回:err

8040

如果is_pointer_value(env, BPF_REG_0)则

8041

verbose(env, "R0 leaks addr as return value\n")

8042

返回:负EACCES

8045

err等于check_return_code(env)

8046

如果err则返回:err

8048

process_bpf_exit :

8049

update_branch_counts(env, current verifier state )

8050

err等于pop_stack(env, & prev_insn_idx, & insn_idx)

8052

如果err小于0则

8053

如果err不等于负ENOENT则返回:err

8055

退出

8056

否则

8057

do_print_state = true

8058

继续下一循环

8060

否则

8061

err等于check_cond_jmp_op(env, insn, & insn_idx)

8062

如果err则返回:err

8065

否则如果class恒等于BPF_LD则

8066

mode等于BPF BPF_DW 0x18 64-bit ( opcode )

8068

如果mode恒等于BPF_ABS或mode恒等于BPF_IND则

8069

err等于verify safety of LD_ABS|LD_IND instructions:* - they can only appear in the programs where ctx == skb* - since they are wrappers of function calls, they scratch R1-R5 registers,* preserve R6-R9, and store return value into R0* Implicit input:* ctx == skb

8070

如果err则返回:err

8073

否则如果mode恒等于BPF_IMM则

8074

err等于verify BPF_LD_IMM64 instruction

8075

如果err则返回:err

8078

insn_idx自加

8079

this insn was processed by the verifier = true

8080

否则

8081

verbose(env, "invalid BPF_LD mode\n")

8082

返回:负EINVAL

8084

否则

8085

verbose(env, "unknown insn class %d\n", class)

8086

返回:负EINVAL

8089

insn_idx自加

函数逻辑报告