函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-27 14:17:55
Last Modify:2022-05-19 20:02:10 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:is_state_visited

函数原型:static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)

返回类型:int

参数:

类型参数名称
struct bpf_verifier_env *env
intinsn_idx
7497  cur等于current verifier state
7498  states_cnt等于0
7499  bool add_new_state = st verifier with different pruning frequency ? true : false
7501  last_insn_idx等于prev_insn_idx
7502  如果非prune_point则返回:0
7516  如果umber of jmps, calls, exits analyzed so far umber of jmps, calls, exits analyzed so far 大于等于2且umber of instructions analyzed by the verifier umber of instructions analyzed by the verifier 大于等于8则add_new_state = true
7520  pprev等于explored_state(env, insn_idx)
7521  sl等于pprev
7523  he parentage chains form a tree
7525 sl循环
7526  states_cnt自加
7527  如果insn_idx不等于insn_idx则转到:next
7529  如果* 'branches' field is the number of branches left to explore: * 0 - all possible paths from this state reached bpf_exit or * were safely pruned * 1 - at least one path is being explored. * This state hasn't reached bpf_exit * 2 - at least two paths are bei
7530  如果states_maybe_looping( & state, cur)且states_equal(env, & state, cur)则
7532  verbose_linfo(env, insn_idx, "; ")
7533  verbose(env, "infinite loop detected at insn %d\n", insn_idx)
7534  返回:负EINVAL
7548  如果umber of jmps, calls, exits analyzed so far umber of jmps, calls, exits analyzed so far 小于20且umber of instructions analyzed by the verifier umber of instructions analyzed by the verifier 小于100则add_new_state = false
7551  转到:miss
7553  如果states_equal(env, & state, cur)则
7554  hit_cnt自加
7565  err等于A write screens off any subsequent reads; but write marks come from the* straight-line code between a state and its parent
7572  err等于如果err否则r any branch, call, exit record the history of jmps in the given state
7573  err等于如果err否则d precise scalars in the previous equivalent state and* propagate them into the current state
7574  如果err则返回:err
7576  返回:1
7578  miss :
7585  如果add_new_statemiss_cnt自加
7592  如果miss_cnt大于hit_cnt乘3加3则
7596  pprev等于next
7597  如果live按位与liveness won't be updating this register anymore
7606  否则
7611  next等于free_list
7612  free_list等于sl
7614  sl等于pprev
7615  继续下一循环
7617  :
7618  pprev等于next
7619  sl等于pprev
7622  如果maximum number of verifier states kept in 'branching' instructions 小于states_cntmaximum number of verifier states kept in 'branching' instructions 等于states_cnt
7625  如果非allow_ptr_leaksstates_cnt大于BPF_COMPLEXITY_LIMIT_STATES则返回:r any branch, call, exit record the history of jmps in the given state
7628  如果非add_new_state则返回:r any branch, call, exit record the history of jmps in the given state
7640  new_sl等于分配内存并置零
7641  如果非new_sl则返回:负ENOMEM
7643  al number of allocated verifier states 自加
7644  some states are freed during program analysis.* this is peak number of states. this number dominates kernel* memory consumption during verification自加
7645  umber of jmps, calls, exits analyzed so far 等于umber of jmps, calls, exits analyzed so far
7646  umber of instructions analyzed by the verifier 等于umber of instructions analyzed by the verifier
7649  new等于state
7650  err等于copy_verifier_state(new, cur)
7651  如果err
7652  free_verifier_state(new, false)
7653  kfree(new_sl)
7654  返回:err
7656  insn_idx等于insn_idx
7657  WARN_ONCE(* 'branches' field is the number of branches left to explore: * 0 - all possible paths from this state reached bpf_exit or * were safely pruned * 1 - at least one path is being explored. * This state hasn't reached bpf_exit * 2 - at least two paths are bei != 1, "BUG is_state_visited:branches_to_explore=%d insn %d\n", * 'branches' field is the number of branches left to explore: * 0 - all possible paths from this state reached bpf_exit or * were safely pruned * 1 - at least one path is being explored. * This state hasn't reached bpf_exit * 2 - at least two paths are bei, insn_idx)
7660  parent等于new
7661  first and last insn idx of this verifier state 等于insn_idx
7662  clear_jmp_history(cur)
7663  next等于explored_state(env, insn_idx)
7664  explored_state(env, insn_idx)等于new_sl
7678 j小于等于curframe循环
7679 i小于BPF_REG_FP循环 parentage chain for liveness checking 等于regs[i]
7681 i小于BPF_REG_FP循环live等于g hasn't been read or written this branch
7686 j小于等于curframe循环
7687  frame等于 call stack tracking [j]
7688  newframe等于 call stack tracking [j]
7690 i小于allocated_stacksize of eBPF register in bytes 循环
7691  live等于g hasn't been read or written this branch
7692  parentage chain for liveness checking 等于spilled_ptr
7696  返回:0
调用者
名称描述
do_check