Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-28 13:01:59
Last Modify:2022-05-19 20:02:10 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:check_cond_jmp_op

Proto:static int check_cond_jmp_op(struct bpf_verifier_env *env, struct bpf_insn *insn, int *insn_idx)

Type:int

Parameter:

TypeParameterName
struct bpf_verifier_env *env
struct bpf_insn *insn
int *insn_idx
6044  this_branch = current verifier state
6046  regs = regs
6047  struct bpf_reg_state * dst_reg, * other_branch_regs, * src_reg = NULL
6048  opcode = alu/jmp fields ( opcode )
6050  pred = -1
6054  If opcode == BPF_JA || opcode > SLE is signed, '<=' Then
6055  verbose(env, "invalid BPF_JMP/JMP32 opcode %x\n", opcode)
6056  Return -EINVAL
6059  If BPF_SRC( opcode ) == BPF_X Then
6060  If signed immediate constant != 0 Then
6061  verbose(env, "BPF_JMP/JMP32 uses reserved fields\n")
6062  Return -EINVAL
6066  err = check_reg_arg(env, source register , register is used as source operand )
6067  If err Then Return err
6070  If is_pointer_value(env, source register ) Then
6071  verbose(env, "R%d pointer comparison prohibited\n", source register )
6073  Return -EACCES
6075  src_reg = regs[ source register ]
6076  Else
6077  If source register != BPF_REG_0 Then
6078  verbose(env, "BPF_JMP/JMP32 uses reserved fields\n")
6079  Return -EINVAL
6084  err = check_reg_arg(env, dest register , register is used as source operand )
6085  If err Then Return err
6088  dst_reg = regs[ dest register ]
6089  is_jmp32 = Instruction classes ( opcode ) == jmp mode in word width
6091  If BPF_SRC( opcode ) == BPF_K Then pred = mpute branch direction of the expression "if (reg opcode val) goto target;"* and return:* 1 - branch will be taken and "goto target" will be executed* 0 - branch will not be taken and fall-through to next insn* -1 - unknown
6094  Else if Ordering of fields matters. See states_equal() == g doesn't contain a valid pointer && Returns true if @a is a known constant Then pred = mpute branch direction of the expression "if (reg opcode val) goto target;"* and return:* 1 - branch will be taken and "goto target" will be executed* 0 - branch will not be taken and fall-through to next insn* -1 - unknown
6098  If pred >= 0 Then
6099  err = mark_chain_precision(env, dest register )
6100  If BPF_SRC( opcode ) == BPF_X && Not err Then err = mark_chain_precision(env, source register )
6102  If err Then Return err
6105  If pred == 1 Then
6107  insn_idx += signed offset
6108  Return 0
6109  Else if pred == 0 Then
6113  Return 0
6116  other_branch = push_stack(env, * insn_idx + signed offset + 1, * insn_idx, false)
6118  If Not other_branch Then Return -EFAULT
6120  other_branch_regs = regs
6129  If BPF_SRC( opcode ) == BPF_X Then
6130  src_reg = regs[ source register ]
6131  lo_reg0 = dst_reg
6132  lo_reg1 = src_reg
6135  dst_lo = lo_reg0
6136  src_lo = lo_reg1
6137  runcate register to smaller size (in bytes)* must be called with size < BPF_REG_SIZE
6138  runcate register to smaller size (in bytes)* must be called with size < BPF_REG_SIZE
6140  If Ordering of fields matters. See states_equal() == g doesn't contain a valid pointer && Ordering of fields matters. See states_equal() == g doesn't contain a valid pointer Then
6142  If Returns true if @a is a known constant || is_jmp32 && Returns true if @a is a known constant Then Adjusts the register min/max values in the case that the dst_reg is the* variable register that we are working on, and src_reg is a constant or we're* simply doing a BPF_K check.* In JEQ/JNE cases we also adjust the var_off values.
6150  Else if Returns true if @a is a known constant || is_jmp32 && Returns true if @a is a known constant Then Same as above, but for the case that dst_reg holds a constant and src_reg is* the variable reg.
6158  Else if Not is_jmp32 && ( opcode == BPF_JEQ || opcode == jump != ) Then reg_combine_min_max( & other_branch_regs[ source register ], & other_branch_regs[ dest register ], src_reg, dst_reg, opcode)
6165  Else if Ordering of fields matters. See states_equal() == g doesn't contain a valid pointer Then
6166  Adjusts the register min/max values in the case that the dst_reg is the* variable register that we are working on, and src_reg is a constant or we're* simply doing a BPF_K check.* In JEQ/JNE cases we also adjust the var_off values.
6174  If Not is_jmp32 && BPF_SRC( opcode ) == BPF_K && signed immediate constant == 0 && ( opcode == BPF_JEQ || opcode == jump != ) && reg_type_may_be_null( Ordering of fields matters. See states_equal() ) Then
6180  The logic is similar to find_good_pkt_pointers(), both could eventually* be folded together at some point.
6182  The logic is similar to find_good_pkt_pointers(), both could eventually* be folded together at some point.
6184  Else if Not try_match_pkt_pointers(insn, dst_reg, & regs[ source register ], this_branch, other_branch) && is_pointer_value(env, dest register ) Then
6187  verbose(env, "R%d pointer comparison prohibited\n", dest register )
6189  Return -EACCES
6191  If level & BPF_LOG_LEVEL Then print_verifier_state(env, call stack tracking [curframe])
6193  Return 0
Caller
NameDescribe
do_check