Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-28 12:57:51
Last Modify:2022-05-19 20:02:10 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:heck read/write into a map element with possible variable offset

Proto:static int check_map_access(struct bpf_verifier_env *env, u32 regno, int off, int size, bool zero_size_allowed)

Type:int

Parameter:

TypeParameterName
struct bpf_verifier_env *env
u32regno
intoff
intsize
boolzero_size_allowed
2237  vstate = current verifier state
2238  state = call stack tracking [curframe]
2239  reg = regs[regno]
2246  If level & BPF_LOG_LEVEL Then print_verifier_state(env, state)
2255  If minimum possible (s64)value < 0 && ( minimum possible (s64)value == S64_MIN || off + minimum possible (s64)value != off + minimum possible (s64)value || minimum possible (s64)value + off < 0 ) Then
2259  verbose(env, "R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n", regno)
2261  Return -EACCES
2263  err = heck read/write into map element returned by bpf_map_lookup_elem()
2265  If err Then
2266  verbose(env, "R%d min value is outside of the array range\n", regno)
2268  Return err
2275  If maximum possible (u64)value >= Maximum variable offset umax_value permitted when resolving memory accesses.* In practice this is far bigger than any realistic pointer offset; this limit* ensures that umax_value + (int)off + (int)size cannot overflow a u64. Then
2276  verbose(env, "R%d unbounded memory access, make sure to bounds check any array access into a map\n", regno)
2278  Return -EACCES
2280  err = heck read/write into map element returned by bpf_map_lookup_elem()
2282  If err Then verbose(env, "R%d max value is outside of the array range\n", regno)
2286  If map_value_has_spin_lock( valid when type == CONST_PTR_TO_MAP | PTR_TO_MAP_VALUE | * PTR_TO_MAP_VALUE_OR_NULL) Then
2287  lock = >=0 valid offset, <0 error
2294  If minimum possible (s64)value + off < lock + sizeof(structbpf_spin_lock) && lock < maximum possible (u64)value + off + size Then
2296  verbose(env, "bpf_spin_lock cannot be accessed directly by load/store\n")
2297  Return -EACCES
2300  Return err
Caller
NameDescribe
check_mem_accessheck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&
check_helper_mem_access
adjust_ptr_min_max_valsHandles arithmetic on a pointer and a scalar: computes new min/max and var_off.* Caller should also handle BPF_MOV case separately.* If we return -EACCES, caller may want to try again treating pointer as a* scalar