check_func_arg

函数名称：check_func_arg

函数原型：static int check_func_arg(struct bpf_verifier_env *env, u32 regno, enum bpf_arg_type arg_type, struct bpf_call_arg_meta *meta)

返回类型：int

参数：

类型	参数	名称
struct bpf_verifier_env *	env
u32	regno
enum bpf_arg_type	arg_type
struct bpf_call_arg_meta *	meta

3409

regs等于cur_regs(env), reg等于regs

3410

type等于 Ordering of fields matters. See states_equal()

3411

err等于0

3413

如果arg_type恒等于unused argument in helper function 则返回:0

3416

err等于check_reg_arg(env, regno, register is used as source operand )

3417

如果err则返回:err

3420

如果arg_type恒等于any (initialized) argument is ok 则

3421

如果is_pointer_value(env, regno)则

3422

verbose(env, "R%d leaks addr into helper function\n", regno)

3424

返回:负EACCES

3426

返回:0

3429

如果type_is_pkt_pointer(type)且非may_access_direct_pkt_data(env, meta, BPF_READ)则

3431

verbose(env, "helper access to the packet is not allowed\n")

3432

返回:负EACCES

3435

如果arg_type恒等于pointer to stack used as map key 或arg_type恒等于pointer to stack used as map value 或arg_type恒等于pointer to valid memory used to store a map value 或arg_type恒等于pointer to stack used as map value or NULL 则

3439

expected_type等于g == frame_pointer + offset

3440

如果Does this register contain a constant zero? 且arg_type恒等于pointer to stack used as map value or NULL 则否则如果非type_is_pkt_pointer(type)且type不等于g points to map element value 且type不等于expected_type则

3446

转到:err_type

3447

否则如果arg_type恒等于umber of bytes accessed from memory 或arg_type恒等于umber of bytes accessed from memory or 0 则

3449

expected_type等于g doesn't contain a valid pointer

3450

如果type不等于expected_type则转到:err_type

3452

否则如果arg_type恒等于const argument used as pointer to bpf_map 则

3453

expected_type等于g points to struct bpf_map

3454

如果type不等于expected_type则转到:err_type

3456

否则如果arg_type恒等于pointer to context 则

3457

expected_type等于g points to bpf_context

3458

如果type不等于expected_type则转到:err_type

3460

err等于check_ctx_reg(env, reg, regno)

3461

如果err小于0则返回:err

3463

否则如果arg_type恒等于pointer to sock_common 则

3464

expected_type等于g points to sock_common

3466

如果非type_is_sk_pointer(type)则转到:err_type

3468

如果 PTR_TO_SOCKET and PTR_TO_TCP_SOCK could be a ptr returned * from a pointer-cast helper, bpf_sk_fullsock() and * bpf_tcp_sock(). * Consider the following where "sk" is a reference counted * pointer returned from "sk = bpf_sk_lookup_tcp();": * 1: sk = bpf_s则

3469

如果ref_obj_id则

3470

verbose(env, "verifier internal error: more than one arg with ref_obj_id R%d %u %u\n", regno, PTR_TO_SOCKET and PTR_TO_TCP_SOCK could be a ptr returned * from a pointer-cast helper, bpf_sk_fullsock() and * bpf_tcp_sock(). * Consider the following where "sk" is a reference counted * pointer returned from "sk = bpf_sk_lookup_tcp();": * 1: sk = bpf_s, ref_obj_id)

3473

返回:负EFAULT

3475

ref_obj_id等于 PTR_TO_SOCKET and PTR_TO_TCP_SOCK could be a ptr returned * from a pointer-cast helper, bpf_sk_fullsock() and * bpf_tcp_sock(). * Consider the following where "sk" is a reference counted * pointer returned from "sk = bpf_sk_lookup_tcp();": * 1: sk = bpf_s

3477

否则如果arg_type恒等于pointer to bpf_sock (fullsock) 则

3478

expected_type等于g points to struct bpf_sock

3479

如果type不等于expected_type则转到:err_type

3481

否则如果arg_type恒等于pointer to in-kernel struct 则

3482

expected_type等于g points to kernel struct

3483

如果type不等于expected_type则转到:err_type

3485

如果 for PTR_TO_BTF_ID 不等于btf_id则

3486

verbose(env, "Helper has type %s got %s in R%d\n", kernel_type_name(btf_id), kernel_type_name( for PTR_TO_BTF_ID ), regno)

3490

返回:负EACCES

3492

如果非Returns true if @a is a known constant 或value或 Fixed part of pointer offset, pointer types only 则

3493

verbose(env, "R%d is a pointer to in-kernel struct with non-zero offset\n", regno)

3495

返回:负EACCES

3497

否则如果arg_type恒等于pointer to bpf_spin_lock 则

3498

如果func_id恒等于BPF_FUNC_spin_lock则

3499

如果Implementation details:* bpf_map_lookup returns PTR_TO_MAP_VALUE_OR_NULL* Two bpf_map_lookups (even with the same key) will have different reg->id则返回:负EACCES

3501

否则如果func_id恒等于BPF_FUNC_spin_unlock则

3502

如果Implementation details:* bpf_map_lookup returns PTR_TO_MAP_VALUE_OR_NULL* Two bpf_map_lookups (even with the same key) will have different reg->id则返回:负EACCES

3504

否则

3505

verbose(env, "verifier internal error\n")

3506

返回:负EFAULT

3508

否则如果arg_type_is_mem_ptr(arg_type)则

3509

expected_type等于g == frame_pointer + offset

3514

如果Does this register contain a constant zero? 且arg_type恒等于pointer to valid memory or NULL 则否则如果非type_is_pkt_pointer(type)且type不等于g points to map element value 且type不等于expected_type则

3520

转到:err_type

3521

raw_mode等于arg_type恒等于pointer to memory does not need to be initialized,* helper function must fill all bytes or clear* them in error case.

3522

否则如果arg_type_is_int_ptr(arg_type)则

3523

expected_type等于g == frame_pointer + offset

3524

如果非type_is_pkt_pointer(type)且type不等于g points to map element value 且type不等于expected_type则转到:err_type

3528

否则

3529

verbose(env, "unsupported arg_type %d\n", arg_type)

3530

返回:负EFAULT

3533

如果arg_type恒等于const argument used as pointer to bpf_map 则

3535

map_ptr等于 valid when type == CONST_PTR_TO_MAP | PTR_TO_MAP_VALUE | * PTR_TO_MAP_VALUE_OR_NULL

3536

否则如果arg_type恒等于pointer to stack used as map key 则

3541

如果非map_ptr则

3547

verbose(env, "invalid map_ptr to access map->key\n")

3548

返回:负EACCES

3550

err等于check_helper_mem_access(env, regno, key_size, TSC's on different sockets may be reset asynchronously.* This may cause the TSC ADJUST value on socket 0 to be NOT 0., NULL)

3553

否则如果arg_type恒等于pointer to stack used as map value 或arg_type恒等于pointer to stack used as map value or NULL 且非Does this register contain a constant zero? 或arg_type恒等于pointer to valid memory used to store a map value 则

3560

如果非map_ptr则

3562

verbose(env, "invalid map_ptr to access map->value\n")

3563

返回:负EACCES

3565

raw_mode等于arg_type恒等于pointer to valid memory used to store a map value

3566

err等于check_helper_mem_access(env, regno, value_size, TSC's on different sockets may be reset asynchronously.* This may cause the TSC ADJUST value on socket 0 to be NOT 0., meta)

3569

否则如果arg_type_is_mem_size(arg_type)则

3570

zero_size_allowed等于arg_type恒等于umber of bytes accessed from memory or 0

3575

msize_smax_value等于 maximum possible (s64)value

3576

msize_umax_value等于 maximum possible (u64)value

3581

如果非Returns true if @a is a known constant 则meta = NULL

3589

如果 minimum possible (s64)value 小于0则

3590

verbose(env, "R%d min value is negative, either use unsigned or 'var &= const'\n", regno)

3592

返回:负EACCES

3595

如果 minimum possible (u64)value 恒等于0则

3596

err等于check_helper_mem_access(env, regno - 1, 0, zero_size_allowed, meta)

3599

如果err则返回:err

3603

如果 maximum possible (u64)value 大于等于Maximum variable size permitted for ARG_CONST_SIZE[_OR_ZERO]. This ensures* that converting umax_value to int cannot overflow.则

3604

verbose(env, "R%d unbounded memory access, use 'var &= const' or 'if (var < const)'\n", regno)

3606

返回:负EACCES

3608

err等于check_helper_mem_access(env, regno - 1, maximum possible (u64)value , zero_size_allowed, meta)

3611

如果非err则err等于mark_chain_precision(env, regno)

3613

否则如果arg_type_is_int_ptr(arg_type)则

3614

size等于int_ptr_type_to_size(arg_type)

3616

err等于check_helper_mem_access(env, regno, size, TSC's on different sockets may be reset asynchronously.* This may cause the TSC ADJUST value on socket 0 to be NOT 0., meta)

3617

如果err则返回:err

3619

err等于check_ptr_alignment(env, reg, 0, size, true)

3622

返回:err

3623

3624

verbose(env, "R%d type=%s expected=%s\n", regno, string representation of 'enum bpf_reg_type' [type], string representation of 'enum bpf_reg_type' [expected_type])

3626

返回:负EACCES

**调用者**
名称	描述
check_helper_call

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码