Lines Matching refs:env
241 static void print_verifier_state(struct verifier_env *env) in print_verifier_state() argument
247 t = env->cur_state.regs[i].type; in print_verifier_state()
252 verbose("%d", env->cur_state.regs[i].imm); in print_verifier_state()
256 env->cur_state.regs[i].map_ptr->key_size, in print_verifier_state()
257 env->cur_state.regs[i].map_ptr->value_size); in print_verifier_state()
260 if (env->cur_state.stack_slot_type[i] == STACK_SPILL) in print_verifier_state()
262 reg_type_str[env->cur_state.spilled_regs[i / BPF_REG_SIZE].type]); in print_verifier_state()
412 static int pop_stack(struct verifier_env *env, int *prev_insn_idx) in pop_stack() argument
417 if (env->head == NULL) in pop_stack()
420 memcpy(&env->cur_state, &env->head->st, sizeof(env->cur_state)); in pop_stack()
421 insn_idx = env->head->insn_idx; in pop_stack()
423 *prev_insn_idx = env->head->prev_insn_idx; in pop_stack()
424 elem = env->head->next; in pop_stack()
425 kfree(env->head); in pop_stack()
426 env->head = elem; in pop_stack()
427 env->stack_size--; in pop_stack()
431 static struct verifier_state *push_stack(struct verifier_env *env, int insn_idx, in push_stack() argument
440 memcpy(&elem->st, &env->cur_state, sizeof(env->cur_state)); in push_stack()
443 elem->next = env->head; in push_stack()
444 env->head = elem; in push_stack()
445 env->stack_size++; in push_stack()
446 if (env->stack_size > 1024) { in push_stack()
453 while (pop_stack(env, NULL) >= 0); in push_stack()
613 static int check_map_access(struct verifier_env *env, u32 regno, int off, in check_map_access() argument
616 struct bpf_map *map = env->cur_state.regs[regno].map_ptr; in check_map_access()
627 static int check_ctx_access(struct verifier_env *env, int off, int size, in check_ctx_access() argument
630 if (env->prog->aux->ops->is_valid_access && in check_ctx_access()
631 env->prog->aux->ops->is_valid_access(off, size, t)) in check_ctx_access()
644 static int check_mem_access(struct verifier_env *env, u32 regno, int off, in check_mem_access() argument
648 struct verifier_state *state = &env->cur_state; in check_mem_access()
661 err = check_map_access(env, regno, off, size); in check_mem_access()
666 err = check_ctx_access(env, off, size, t); in check_mem_access()
687 static int check_xadd(struct verifier_env *env, struct bpf_insn *insn) in check_xadd() argument
689 struct reg_state *regs = env->cur_state.regs; in check_xadd()
709 err = check_mem_access(env, insn->dst_reg, insn->off, in check_xadd()
715 return check_mem_access(env, insn->dst_reg, insn->off, in check_xadd()
723 static int check_stack_boundary(struct verifier_env *env, in check_stack_boundary() argument
726 struct verifier_state *state = &env->cur_state; in check_stack_boundary()
751 static int check_func_arg(struct verifier_env *env, u32 regno, in check_func_arg() argument
754 struct reg_state *reg = env->cur_state.regs + regno; in check_func_arg()
807 err = check_stack_boundary(env, regno, (*mapp)->key_size); in check_func_arg()
818 err = check_stack_boundary(env, regno, (*mapp)->value_size); in check_func_arg()
830 err = check_stack_boundary(env, regno - 1, reg->imm); in check_func_arg()
836 static int check_call(struct verifier_env *env, int func_id) in check_call() argument
838 struct verifier_state *state = &env->cur_state; in check_call()
851 if (env->prog->aux->ops->get_func_proto) in check_call()
852 fn = env->prog->aux->ops->get_func_proto(func_id); in check_call()
860 if (!env->prog->gpl_compatible && fn->gpl_only) { in check_call()
866 err = check_func_arg(env, BPF_REG_1, fn->arg1_type, &map); in check_call()
869 err = check_func_arg(env, BPF_REG_2, fn->arg2_type, &map); in check_call()
872 err = check_func_arg(env, BPF_REG_3, fn->arg3_type, &map); in check_call()
875 err = check_func_arg(env, BPF_REG_4, fn->arg4_type, &map); in check_call()
878 err = check_func_arg(env, BPF_REG_5, fn->arg5_type, &map); in check_call()
1052 static int check_cond_jmp_op(struct verifier_env *env, in check_cond_jmp_op() argument
1055 struct reg_state *regs = env->cur_state.regs; in check_cond_jmp_op()
1107 other_branch = push_stack(env, *insn_idx + insn->off + 1, *insn_idx); in check_cond_jmp_op()
1147 print_verifier_state(env); in check_cond_jmp_op()
1160 static int check_ld_imm(struct verifier_env *env, struct bpf_insn *insn) in check_ld_imm() argument
1162 struct reg_state *regs = env->cur_state.regs; in check_ld_imm()
1217 static int check_ld_abs(struct verifier_env *env, struct bpf_insn *insn) in check_ld_abs() argument
1219 struct reg_state *regs = env->cur_state.regs; in check_ld_abs()
1224 if (!may_access_skb(env->prog->type)) { in check_ld_abs()
1317 static int push_insn(int t, int w, int e, struct verifier_env *env) in push_insn() argument
1325 if (w < 0 || w >= env->prog->len) { in push_insn()
1332 env->explored_states[w] = STATE_LIST_MARK; in push_insn()
1338 if (cur_stack >= env->prog->len) in push_insn()
1358 static int check_cfg(struct verifier_env *env) in check_cfg() argument
1360 struct bpf_insn *insns = env->prog->insnsi; in check_cfg()
1361 int insn_cnt = env->prog->len; in check_cfg()
1390 ret = push_insn(t, t + 1, FALLTHROUGH, env); in check_cfg()
1402 FALLTHROUGH, env); in check_cfg()
1411 env->explored_states[t + 1] = STATE_LIST_MARK; in check_cfg()
1414 ret = push_insn(t, t + 1, FALLTHROUGH, env); in check_cfg()
1420 ret = push_insn(t, t + insns[t].off + 1, BRANCH, env); in check_cfg()
1430 ret = push_insn(t, t + 1, FALLTHROUGH, env); in check_cfg()
1535 static int is_state_visited(struct verifier_env *env, int insn_idx) in is_state_visited() argument
1540 sl = env->explored_states[insn_idx]; in is_state_visited()
1548 if (states_equal(&sl->state, &env->cur_state)) in is_state_visited()
1567 memcpy(&new_sl->state, &env->cur_state, sizeof(env->cur_state)); in is_state_visited()
1568 new_sl->next = env->explored_states[insn_idx]; in is_state_visited()
1569 env->explored_states[insn_idx] = new_sl; in is_state_visited()
1573 static int do_check(struct verifier_env *env) in do_check() argument
1575 struct verifier_state *state = &env->cur_state; in do_check()
1576 struct bpf_insn *insns = env->prog->insnsi; in do_check()
1578 int insn_cnt = env->prog->len; in do_check()
1605 err = is_state_visited(env, insn_idx); in do_check()
1622 print_verifier_state(env); in do_check()
1655 err = check_mem_access(env, insn->src_reg, insn->off, in do_check()
1689 err = check_xadd(env, insn); in do_check()
1711 err = check_mem_access(env, insn->dst_reg, insn->off, in do_check()
1729 err = check_mem_access(env, insn->dst_reg, insn->off, in do_check()
1747 err = check_call(env, insn->imm); in do_check()
1783 insn_idx = pop_stack(env, &prev_insn_idx); in do_check()
1791 err = check_cond_jmp_op(env, insn, &insn_idx); in do_check()
1799 err = check_ld_abs(env, insn); in do_check()
1804 err = check_ld_imm(env, insn); in do_check()
1827 static int replace_map_fd_with_map_ptr(struct verifier_env *env) in replace_map_fd_with_map_ptr() argument
1829 struct bpf_insn *insn = env->prog->insnsi; in replace_map_fd_with_map_ptr()
1830 int insn_cnt = env->prog->len; in replace_map_fd_with_map_ptr()
1876 for (j = 0; j < env->used_map_cnt; j++) in replace_map_fd_with_map_ptr()
1877 if (env->used_maps[j] == map) { in replace_map_fd_with_map_ptr()
1882 if (env->used_map_cnt >= MAX_USED_MAPS) { in replace_map_fd_with_map_ptr()
1888 env->used_maps[env->used_map_cnt++] = map; in replace_map_fd_with_map_ptr()
1912 static void release_maps(struct verifier_env *env) in release_maps() argument
1916 for (i = 0; i < env->used_map_cnt; i++) in release_maps()
1917 bpf_map_put(env->used_maps[i]); in release_maps()
1921 static void convert_pseudo_ld_imm64(struct verifier_env *env) in convert_pseudo_ld_imm64() argument
1923 struct bpf_insn *insn = env->prog->insnsi; in convert_pseudo_ld_imm64()
1924 int insn_cnt = env->prog->len; in convert_pseudo_ld_imm64()
1955 static int convert_ctx_accesses(struct verifier_env *env) in convert_ctx_accesses() argument
1957 struct bpf_insn *insn = env->prog->insnsi; in convert_ctx_accesses()
1958 int insn_cnt = env->prog->len; in convert_ctx_accesses()
1964 if (!env->prog->aux->ops->convert_ctx_access) in convert_ctx_accesses()
1977 cnt = env->prog->aux->ops-> in convert_ctx_accesses()
1992 new_prog = bpf_prog_realloc(env->prog, in convert_ctx_accesses()
2010 env->prog = new_prog; in convert_ctx_accesses()
2018 static void free_states(struct verifier_env *env) in free_states() argument
2023 if (!env->explored_states) in free_states()
2026 for (i = 0; i < env->prog->len; i++) { in free_states()
2027 sl = env->explored_states[i]; in free_states()
2037 kfree(env->explored_states); in free_states()
2043 struct verifier_env *env; in bpf_check() local
2052 env = kzalloc(sizeof(struct verifier_env), GFP_KERNEL); in bpf_check()
2053 if (!env) in bpf_check()
2056 env->prog = *prog; in bpf_check()
2084 ret = replace_map_fd_with_map_ptr(env); in bpf_check()
2088 env->explored_states = kcalloc(env->prog->len, in bpf_check()
2092 if (!env->explored_states) in bpf_check()
2095 ret = check_cfg(env); in bpf_check()
2099 ret = do_check(env); in bpf_check()
2102 while (pop_stack(env, NULL) >= 0); in bpf_check()
2103 free_states(env); in bpf_check()
2107 ret = convert_ctx_accesses(env); in bpf_check()
2122 if (ret == 0 && env->used_map_cnt) { in bpf_check()
2124 env->prog->aux->used_maps = kmalloc_array(env->used_map_cnt, in bpf_check()
2125 sizeof(env->used_maps[0]), in bpf_check()
2128 if (!env->prog->aux->used_maps) { in bpf_check()
2133 memcpy(env->prog->aux->used_maps, env->used_maps, in bpf_check()
2134 sizeof(env->used_maps[0]) * env->used_map_cnt); in bpf_check()
2135 env->prog->aux->used_map_cnt = env->used_map_cnt; in bpf_check()
2140 convert_pseudo_ld_imm64(env); in bpf_check()
2147 if (!env->prog->aux->used_maps) in bpf_check()
2151 release_maps(env); in bpf_check()
2152 *prog = env->prog; in bpf_check()
2153 kfree(env); in bpf_check()