Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-28 13:03:24
Last Modify:2022-05-19 20:02:10 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:is_state_visited

Proto:static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)

Type:int

Parameter:

TypeParameterName
struct bpf_verifier_env *env
intinsn_idx
7497  cur = current verifier state
7498  states_cnt = 0
7499  bool add_new_state = st verifier with different pruning frequency ? true : false
7501  last_insn_idx = prev_insn_idx
7502  If Not prune_point Then Return 0
7516  If umber of jmps, calls, exits analyzed so far - umber of jmps, calls, exits analyzed so far >= 2 && umber of instructions analyzed by the verifier - umber of instructions analyzed by the verifier >= 8 Then add_new_state = true
7520  pprev = explored_state(env, insn_idx)
7521  sl = pprev
7523  he parentage chains form a tree
7525  When sl cycle
7526  states_cnt++
7527  If insn_idx != insn_idx Then Go to next
7529  If * 'branches' field is the number of branches left to explore: * 0 - all possible paths from this state reached bpf_exit or * were safely pruned * 1 - at least one path is being explored. * This state hasn't reached bpf_exit * 2 - at least two paths are bei Then
7530  If states_maybe_looping( & state, cur) && states_equal(env, & state, cur) Then
7532  verbose_linfo(env, insn_idx, "; ")
7533  verbose(env, "infinite loop detected at insn %d\n", insn_idx)
7534  Return -EINVAL
7548  If umber of jmps, calls, exits analyzed so far - umber of jmps, calls, exits analyzed so far < 20 && umber of instructions analyzed by the verifier - umber of instructions analyzed by the verifier < 100 Then add_new_state = false
7551  Go to miss
7553  If states_equal(env, & state, cur) Then
7554  hit_cnt++
7565  err = A write screens off any subsequent reads; but write marks come from the* straight-line code between a state and its parent
7572  err = If err Else r any branch, call, exit record the history of jmps in the given state
7573  err = If err Else d precise scalars in the previous equivalent state and* propagate them into the current state
7574  If err Then Return err
7576  Return 1
7578  miss :
7585  If add_new_state Then miss_cnt++
7592  If miss_cnt > hit_cnt * 3 + 3 Then
7596  pprev = next
7597  If live & liveness won't be updating this register anymore Then
7606  Else
7611  next = free_list
7612  free_list = sl
7614  sl = pprev
7615  Continue
7617  :
7618  pprev = next
7619  sl = pprev
7622  If maximum number of verifier states kept in 'branching' instructions < states_cnt Then maximum number of verifier states kept in 'branching' instructions = states_cnt
7625  If Not allow_ptr_leaks && states_cnt > BPF_COMPLEXITY_LIMIT_STATES Then Return r any branch, call, exit record the history of jmps in the given state
7628  If Not add_new_state Then Return r any branch, call, exit record the history of jmps in the given state
7640  new_sl = kzalloc - allocate memory. The memory is set to zero.*@size: how many bytes of memory are required.*@flags: the type of memory to allocate (see kmalloc).
7641  If Not new_sl Then Return -ENOMEM
7643  al number of allocated verifier states ++
7644  some states are freed during program analysis.* this is peak number of states. this number dominates kernel* memory consumption during verification++
7645  umber of jmps, calls, exits analyzed so far = umber of jmps, calls, exits analyzed so far
7646  umber of instructions analyzed by the verifier = umber of instructions analyzed by the verifier
7649  new = state
7650  err = copy_verifier_state(new, cur)
7651  If err Then
7652  free_verifier_state(new, false)
7653  kfree(new_sl)
7654  Return err
7656  insn_idx = insn_idx
7657  WARN_ONCE(* 'branches' field is the number of branches left to explore: * 0 - all possible paths from this state reached bpf_exit or * were safely pruned * 1 - at least one path is being explored. * This state hasn't reached bpf_exit * 2 - at least two paths are bei != 1, "BUG is_state_visited:branches_to_explore=%d insn %d\n", * 'branches' field is the number of branches left to explore: * 0 - all possible paths from this state reached bpf_exit or * were safely pruned * 1 - at least one path is being explored. * This state hasn't reached bpf_exit * 2 - at least two paths are bei, insn_idx)
7660  parent = new
7661  first and last insn idx of this verifier state = insn_idx
7662  clear_jmp_history(cur)
7663  next = explored_state(env, insn_idx)
7664  explored_state(env, insn_idx) = new_sl
7678  When j <= curframe cycle
7679  When i < BPF_REG_FP cycle parentage chain for liveness checking = regs[i]
7681  When i < BPF_REG_FP cycle live = g hasn't been read or written this branch
7686  When j <= curframe cycle
7687  frame = call stack tracking [j]
7688  newframe = call stack tracking [j]
7690  When i < allocated_stack / size of eBPF register in bytes cycle
7691  live = g hasn't been read or written this branch
7692  parentage chain for liveness checking = spilled_ptr
7696  Return 0
Caller
NameDescribe
do_check