函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-27 14:12:21
Last Modify:2022-05-19 20:02:10 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:heck whether memory at (regno + off) is accessible for t = (read | write)* if t==write, value_regno is a register which value is stored into memory* if t==read, value_regno is a register which will receive the value from memory* if t==write &&

函数原型:static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regno, int off, int bpf_size, enum bpf_access_type t, int value_regno, bool strict_alignment_once)

返回类型:int

参数:

类型参数名称
struct bpf_verifier_env *env
intinsn_idx
u32regno
intoff
intbpf_size
enum bpf_access_typet
intvalue_regno
boolstrict_alignment_once
2906  regs等于cur_regs(env)
2907  reg等于regsregno
2909  err等于0
2911  size等于bpf_size_to_bytes(bpf_size)
2912  如果size小于0则返回:size
2916  err等于check_ptr_alignment(env, reg, off, size, strict_alignment_once)
2917  如果err则返回:err
2921  off加等于 Fixed part of pointer offset, pointer types only
2923  如果 Ordering of fields matters. See states_equal() 恒等于g points to map element value
2924  如果t恒等于BPF_WRITEvalue_regno大于等于0且is_pointer_value(env, value_regno)则
2926  verbose(env, "R%d leaks addr into map\n", value_regno)
2927  返回:负EACCES
2929  err等于check_map_access_type(env, regno, off, size, t)
2930  如果err则返回:err
2932  err等于heck read/write into a map element with possible variable offset
2933  如果非errt恒等于BPF_READvalue_regno大于等于0则
2934  map等于 valid when type == CONST_PTR_TO_MAP | PTR_TO_MAP_VALUE | * PTR_TO_MAP_VALUE_OR_NULL
2937  如果Returns true if @a is a known constant bpf_map_is_rdonly(map)且map_direct_value_addr
2950  否则
2954  否则如果 Ordering of fields matters. See states_equal() 恒等于g points to bpf_context
2955  reg_type等于g doesn't contain a valid pointer
2956  btf_id等于0
2958  如果t恒等于BPF_WRITEvalue_regno大于等于0且is_pointer_value(env, value_regno)则
2960  verbose(env, "R%d leaks addr into ctx\n", value_regno)
2961  返回:负EACCES
2964  err等于check_ctx_reg(env, reg, regno)
2965  如果err小于0则返回:err
2968  err等于heck access to 'struct bpf_context' fields. Supports fixed offsets only
2969  如果errverbose_linfo(env, insn_idx, "; ")
2971  如果非errt恒等于BPF_READvalue_regno大于等于0则
2976  如果reg_type恒等于g doesn't contain a valid pointer
2978  否则
2992  Ordering of fields matters. See states_equal() 等于reg_type
2995  否则如果 Ordering of fields matters. See states_equal() 恒等于g == frame_pointer + offset
2996  off加等于value
2997  err等于check_stack_access(env, reg, off, size)
2998  如果err则返回:err
3001  state等于func(env, reg)
3002  err等于update_stack_depth(env, state, off)
3003  如果err则返回:err
3006  如果t恒等于BPF_WRITEerr等于heck_stack_read/write functions track spill/fill of registers,* stack boundary and alignment are checked in check_mem_access()
3009  否则err等于check_stack_read(env, state, off, size, value_regno)
3012  否则如果reg_is_pkt_pointer(reg)则
3013  如果t恒等于BPF_WRITE且非may_access_direct_pkt_data(env, NULL, t)则
3014  verbose(env, "cannot write into packet\n")
3015  返回:负EACCES
3017  如果t恒等于BPF_WRITEvalue_regno大于等于0且is_pointer_value(env, value_regno)则
3019  verbose(env, "R%d leaks addr into packet\n", value_regno)
3021  返回:负EACCES
3023  err等于check_packet_access(env, regno, off, size, false)
3024  如果非errt恒等于BPF_READvalue_regno大于等于0则mark_reg_unknown(env, regs, value_regno)
3026  否则如果 Ordering of fields matters. See states_equal() 恒等于g points to bpf_flow_keys
3027  如果t恒等于BPF_WRITEvalue_regno大于等于0且is_pointer_value(env, value_regno)则
3029  verbose(env, "R%d leaks addr into flow keys\n", value_regno)
3031  返回:负EACCES
3034  err等于check_flow_keys_access(env, off, size)
3035  如果非errt恒等于BPF_READvalue_regno大于等于0则mark_reg_unknown(env, regs, value_regno)
3037  否则如果type_is_sk_pointer( Ordering of fields matters. See states_equal() )则
3038  如果t恒等于BPF_WRITE
3039  verbose(env, "R%d cannot write into %s\n", regno, string representation of 'enum bpf_reg_type' [ Ordering of fields matters. See states_equal() ])
3041  返回:负EACCES
3043  err等于check_sock_access(env, insn_idx, regno, off, size, t)
3044  如果非errvalue_regno大于等于0则mark_reg_unknown(env, regs, value_regno)
3046  否则如果 Ordering of fields matters. See states_equal() 恒等于g points to a writable raw tp's buffer
3047  err等于check_tp_buffer_access(env, reg, regno, off, size)
3048  如果非errt恒等于BPF_READvalue_regno大于等于0则mark_reg_unknown(env, regs, value_regno)
3050  否则如果 Ordering of fields matters. See states_equal() 恒等于g points to kernel struct
3051  err等于check_ptr_to_btf_access(env, regs, regno, off, size, t, value_regno)
3053  否则
3054  verbose(env, "R%d invalid mem access '%s'\n", regno, string representation of 'enum bpf_reg_type' [ Ordering of fields matters. See states_equal() ])
3056  返回:负EACCES
3059  如果非errsize小于size of eBPF register in bytes value_regno大于等于0且t恒等于BPF_READ Ordering of fields matters. See states_equal() 恒等于g doesn't contain a valid pointer
3062  runcate register to smaller size (in bytes)* must be called with size < BPF_REG_SIZE
3064  返回:err
调用者
名称描述
check_xadd
check_helper_call
do_check