Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-28 13:03:47
Last Modify:2022-05-19 20:02:10 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:do_check

Proto:static int do_check(struct bpf_verifier_env *env)

Type:int

Parameter:

TypeParameterName
struct bpf_verifier_env *env
7739  insns = insnsi
7741  insn_cnt = Number of filter blocks
7742  bool do_print_state = false
7743  prev_insn_idx = -1
7745  prev_linfo = NULL
7747  state = kzalloc - allocate memory. The memory is set to zero.*@size: how many bytes of memory are required.*@flags: the type of memory to allocate (see kmalloc).
7748  If Not state Then Return -ENOMEM
7750  curframe = 0
7751  speculative = false
7752  * 'branches' field is the number of branches left to explore: * 0 - all possible paths from this state reached bpf_exit or * were safely pruned * 1 - at least one path is being explored. * This state hasn't reached bpf_exit * 2 - at least two paths are bei = 1
7753  call stack tracking [0] = kzalloc - allocate memory. The memory is set to zero.*@size: how many bytes of memory are required.*@flags: the type of memory to allocate (see kmalloc).
7754  If Not call stack tracking [0] Then
7755  kfree(state)
7756  Return -ENOMEM
7758  current verifier state = state
7759  init_func_state(env, call stack tracking [0], BPF_MAIN_FUNC, 0, 0)
7764  If btf_check_func_arg_match(env, 0) Then Return -EINVAL
7767  cycle
7772  prev_insn_idx = prev_insn_idx
7773  If insn_idx >= insn_cnt Then
7774  verbose(env, "invalid insn idx %d insn_cnt %d\n", insn_idx, insn_cnt)
7776  Return -EFAULT
7779  insn = insns[insn_idx]
7780  class = Instruction classes ( opcode )
7782  If ++umber of instructions analyzed by the verifier > yes. 1M insns Then
7783  verbose(env, "BPF program is too large. Processed %d insn\n", umber of instructions analyzed by the verifier )
7786  Return -E2BIG
7789  err = is_state_visited(env, insn_idx)
7790  If err < 0 Then Return err
7792  If err == 1 Then
7794  If level & BPF_LOG_LEVEL Then
7795  If do_print_state Then verbose(env, "\nfrom %d to %d%s: safe\n", prev_insn_idx, insn_idx, speculative ? " (speculative execution)" : "")
7800  Else verbose(env, "%d: safe\n", insn_idx)
7803  Go to process_bpf_exit
7806  If signal_pending(current process) Then Return -EAGAIN
7809  If need_resched() Then cond_resched()
7812  If level & BPF_LOG_LEVEL2 || level & BPF_LOG_LEVEL && do_print_state Then
7814  If level & BPF_LOG_LEVEL2 Then verbose(env, "%d:", insn_idx)
7816  Else verbose(env, "\nfrom %d to %d%s:", prev_insn_idx, insn_idx, speculative ? " (speculative execution)" : "")
7821  print_verifier_state(env, call stack tracking [curframe])
7822  do_print_state = false
7825  If level & BPF_LOG_LEVEL Then
7826  const struct bpf_insn_cbs cbs = {cb_print = verbose, private_data = env, }
7831  verbose_linfo(env, insn_idx, "; ")
7832  verbose(env, "%d: ", insn_idx)
7833  print_bpf_insn( & cbs, insn, allow_ptr_leaks)
7836  If bpf_prog_is_dev_bound( Auxiliary fields ) Then
7837  err = bpf_prog_offload_verify_insn(env, insn_idx, prev_insn_idx)
7839  If err Then Return err
7843  regs = cur_regs(env)
7844  this insn was processed by the verifier = true
7845  prev_insn_idx = insn_idx
7847  If class == BPF_ALU || class == alu mode in double word width Then
7848  err = heck validity of 32-bit and 64-bit arithmetic operations
7849  If err Then Return err
7852  Else if class == BPF_LDX Then
7858  err = check_reg_arg(env, source register , register is used as source operand )
7859  If err Then Return err
7862  err = check_reg_arg(env, dest register , DST_OP_NO_MARK)
7863  If err Then Return err
7866  src_reg_type = Ordering of fields matters. See states_equal()
7871  err = heck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&
7874  If err Then Return err
7877  prev_src_type = pointer type for load/store insns
7879  If prev_src_type == hing was written into register Then
7886  Else if If an instruction was previously used with particular pointer types, then we* need to be careful to avoid cases such as the below, where it may be ok* for one branch accessing the pointer, but not ok for the other branch:* R1 = sock_ptr* goto X;* Then
7894  verbose(env, "same insn cannot be used with different pointers\n")
7895  Return -EINVAL
7898  Else if class == BPF_STX Then
7901  If BPF BPF_DW 0x18 64-bit ( opcode ) == xclusive add Then
7902  err = check_xadd(env, insn_idx, insn)
7903  If err Then Return err
7905  insn_idx++
7906  Continue
7910  err = check_reg_arg(env, source register , register is used as source operand )
7911  If err Then Return err
7914  err = check_reg_arg(env, dest register , register is used as source operand )
7915  If err Then Return err
7918  dst_reg_type = Ordering of fields matters. See states_equal()
7921  err = heck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&
7924  If err Then Return err
7927  prev_dst_type = pointer type for load/store insns
7929  If prev_dst_type == hing was written into register Then
7931  Else if If an instruction was previously used with particular pointer types, then we* need to be careful to avoid cases such as the below, where it may be ok* for one branch accessing the pointer, but not ok for the other branch:* R1 = sock_ptr* goto X;* Then
7932  verbose(env, "same insn cannot be used with different pointers\n")
7933  Return -EINVAL
7936  Else if class == BPF_ST Then
7937  If BPF BPF_DW 0x18 64-bit ( opcode ) != BPF_MEM || source register != BPF_REG_0 Then
7939  verbose(env, "BPF_ST uses reserved fields\n")
7940  Return -EINVAL
7943  err = check_reg_arg(env, dest register , register is used as source operand )
7944  If err Then Return err
7947  If is_ctx_reg(env, dest register ) Then
7948  verbose(env, "BPF_ST stores into R%d %s is not allowed\n", dest register , string representation of 'enum bpf_reg_type' [type])
7951  Return -EACCES
7955  err = heck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&
7958  If err Then Return err
7961  Else if class == BPF_JMP || class == jmp mode in word width Then
7962  opcode = alu/jmp fields ( opcode )
7964  umber of jmps, calls, exits analyzed so far ++
7965  If opcode == unction call Then
7989  Else if opcode == BPF_JA Then
7990  If BPF_SRC( opcode ) != BPF_K || signed immediate constant != 0 || source register != BPF_REG_0 || dest register != BPF_REG_0 || class == jmp mode in word width Then
7995  verbose(env, "BPF_JA uses reserved fields\n")
7996  Return -EINVAL
7999  insn_idx += signed offset + 1
8000  Continue
8002  Else if opcode == unction return Then
8003  If BPF_SRC( opcode ) != BPF_K || signed immediate constant != 0 || source register != BPF_REG_0 || dest register != BPF_REG_0 || class == jmp mode in word width Then
8008  verbose(env, "BPF_EXIT uses reserved fields\n")
8009  Return -EINVAL
8012  If active_spin_lock Then
8013  verbose(env, "bpf_spin_unlock is missing\n")
8014  Return -EINVAL
8017  If curframe Then
8019  err = prepare_func_exit(env, & insn_idx)
8020  If err Then Return err
8022  do_print_state = true
8023  Continue
8026  err = check_reference_leak(env)
8027  If err Then Return err
8036  err = check_reg_arg(env, BPF_REG_0, register is used as source operand )
8037  If err Then Return err
8040  If is_pointer_value(env, BPF_REG_0) Then
8041  verbose(env, "R0 leaks addr as return value\n")
8042  Return -EACCES
8045  err = check_return_code(env)
8046  If err Then Return err
8048  process_bpf_exit :
8049  update_branch_counts(env, current verifier state )
8050  err = pop_stack(env, & prev_insn_idx, & insn_idx)
8052  If err < 0 Then
8053  If err != -ENOENT Then Return err
8055  Break
8056  Else
8057  do_print_state = true
8058  Continue
8060  Else
8061  err = check_cond_jmp_op(env, insn, & insn_idx)
8062  If err Then Return err
8065  Else if class == BPF_LD Then
8066  mode = BPF BPF_DW 0x18 64-bit ( opcode )
8068  If mode == BPF_ABS || mode == BPF_IND Then
8073  Else if mode == BPF_IMM Then
8080  Else
8081  verbose(env, "invalid BPF_LD mode\n")
8082  Return -EINVAL
8084  Else
8085  verbose(env, "unknown insn class %d\n", class)
8086  Return -EINVAL
8089  insn_idx++
8092  stack_depth = max. stack depth used by this function
8093  Return 0
Caller
NameDescribe
bpf_check