函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-27 14:12:37
Last Modify:2022-05-19 20:02:10 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:when register 'regno' is passed into function that will read 'access_size'* bytes from that pointer, make sure that it's within stack boundary* and all elements of stack are initialized

函数原型:static int check_stack_boundary(struct bpf_verifier_env *env, int regno, int access_size, bool zero_size_allowed, struct bpf_call_arg_meta *meta)

返回类型:int

参数:

类型参数名称
struct bpf_verifier_env *env
intregno
intaccess_size
boolzero_size_allowed
struct bpf_call_arg_meta *meta
3146  reg等于reg_state(env, regno)
3147  state等于func(env, reg)
3150  如果 Ordering of fields matters. See states_equal() 不等于g == frame_pointer + offset
3152  如果zero_size_allowedaccess_size恒等于0且Does this register contain a constant zero? 则返回:0
3156  verbose(env, "R%d type=%s expected=%s\n", regno, string representation of 'enum bpf_reg_type' [ Ordering of fields matters. See states_equal() ], string representation of 'enum bpf_reg_type' [g == frame_pointer + offset ])
3159  返回:负EACCES
3162  如果Returns true if @a is a known constant
3163  min_off等于max_off等于value Fixed part of pointer offset, pointer types only
3164  err等于__check_stack_boundary(env, regno, min_off, access_size, zero_size_allowed)
3166  如果err则返回:err
3168  否则
3174  如果非allow_ptr_leaks
3177  Format a tnum as a pair of hex numbers (value; mask)
3178  verbose(env, "R%d indirect variable offset stack access prohibited for !root, var_off=%s\n", regno, tn_buf)
3180  返回:负EACCES
3188  如果metaraw_modemeta = NULL
3191  如果 maximum possible (s64)value 大于等于Maximum variable offset umax_value permitted when resolving memory accesses.* In practice this is far bigger than any realistic pointer offset; this limit* ensures that umax_value + (int)off + (int)size cannot overflow a u64. maximum possible (s64)value 小于等于负Maximum variable offset umax_value permitted when resolving memory accesses.* In practice this is far bigger than any realistic pointer offset; this limit* ensures that umax_value + (int)off + (int)size cannot overflow a u64.
3193  verbose(env, "R%d unbounded indirect variable offset stack access\n", regno)
3195  返回:负EACCES
3197  min_off等于 minimum possible (s64)value Fixed part of pointer offset, pointer types only
3198  max_off等于 maximum possible (s64)value Fixed part of pointer offset, pointer types only
3199  err等于__check_stack_boundary(env, regno, min_off, access_size, zero_size_allowed)
3201  如果err
3202  verbose(env, "R%d min value is outside of stack bound\n", regno)
3204  返回:err
3206  err等于__check_stack_boundary(env, regno, max_off, access_size, zero_size_allowed)
3208  如果err
3209  verbose(env, "R%d max value is outside of stack bound\n", regno)
3211  返回:err
3215  如果metaraw_mode
3216  access_size等于access_size
3217  regno等于regno
3218  返回:0
3221 i小于max_offaccess_size循环
3224  slot等于负i减1
3225  spi等于slotsize of eBPF register in bytes
3226  如果allocated_stack小于等于slot则转到:err
3228  stype等于slot_type[slot % size of eBPF register in bytes ]
3229  如果stype恒等于 BPF program wrote some data into this slot 则转到:mark
3231  如果stype恒等于 BPF program wrote constant zero
3233  stype等于 BPF program wrote some data into this slot
3234  转到:mark
3236  如果slot_type[0]恒等于 register spilled into stack Ordering of fields matters. See states_equal() 恒等于g doesn't contain a valid pointer
3238  Mark a register as having a completely unknown (scalar) value.
3239 j小于size of eBPF register in bytes 循环slot_type[j]等于 BPF program wrote some data into this slot
3241  转到:mark
3244  err :
3245  如果Returns true if @a is a known constant
3246  verbose(env, "invalid indirect read from stack off %d+%d size %d\n", min_off, i - min_off, access_size)
3248  否则
3251  Format a tnum as a pair of hex numbers (value; mask)
3252  verbose(env, "invalid indirect read from stack var_off %s+%d size %d\n", tn_buf, i - min_off, access_size)
3255  返回:负EACCES
3256  mark :
3260  Parentage chain of this register (or stack slot) should take care of all* issues like callee-saved registers, stack slot allocation time, etc.
3264  返回:update_stack_depth(env, state, min_off)
调用者
名称描述
check_helper_mem_access