Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\bpf\verifier.c Create Date:2022-07-28 12:58:53
Last Modify:2022-05-19 20:02:10 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:when register 'regno' is passed into function that will read 'access_size'* bytes from that pointer, make sure that it's within stack boundary* and all elements of stack are initialized

Proto:static int check_stack_boundary(struct bpf_verifier_env *env, int regno, int access_size, bool zero_size_allowed, struct bpf_call_arg_meta *meta)

Type:int

Parameter:

TypeParameterName
struct bpf_verifier_env *env
intregno
intaccess_size
boolzero_size_allowed
struct bpf_call_arg_meta *meta
3146  reg = reg_state(env, regno)
3147  state = func(env, reg)
3150  If Ordering of fields matters. See states_equal() != g == frame_pointer + offset Then
3152  If zero_size_allowed && access_size == 0 && Does this register contain a constant zero? Then Return 0
3156  verbose(env, "R%d type=%s expected=%s\n", regno, string representation of 'enum bpf_reg_type' [ Ordering of fields matters. See states_equal() ], string representation of 'enum bpf_reg_type' [g == frame_pointer + offset ])
3159  Return -EACCES
3162  If Returns true if @a is a known constant Then
3163  min_off = max_off = value + Fixed part of pointer offset, pointer types only
3164  err = __check_stack_boundary(env, regno, min_off, access_size, zero_size_allowed)
3166  If err Then Return err
3168  Else
3174  If Not allow_ptr_leaks Then
3177  Format a tnum as a pair of hex numbers (value; mask)
3178  verbose(env, "R%d indirect variable offset stack access prohibited for !root, var_off=%s\n", regno, tn_buf)
3180  Return -EACCES
3188  If meta && raw_mode Then meta = NULL
3191  If maximum possible (s64)value >= Maximum variable offset umax_value permitted when resolving memory accesses.* In practice this is far bigger than any realistic pointer offset; this limit* ensures that umax_value + (int)off + (int)size cannot overflow a u64. || maximum possible (s64)value <= -Maximum variable offset umax_value permitted when resolving memory accesses.* In practice this is far bigger than any realistic pointer offset; this limit* ensures that umax_value + (int)off + (int)size cannot overflow a u64. Then
3193  verbose(env, "R%d unbounded indirect variable offset stack access\n", regno)
3195  Return -EACCES
3197  min_off = minimum possible (s64)value + Fixed part of pointer offset, pointer types only
3198  max_off = maximum possible (s64)value + Fixed part of pointer offset, pointer types only
3199  err = __check_stack_boundary(env, regno, min_off, access_size, zero_size_allowed)
3201  If err Then
3202  verbose(env, "R%d min value is outside of stack bound\n", regno)
3204  Return err
3206  err = __check_stack_boundary(env, regno, max_off, access_size, zero_size_allowed)
3208  If err Then
3209  verbose(env, "R%d max value is outside of stack bound\n", regno)
3211  Return err
3215  If meta && raw_mode Then
3216  access_size = access_size
3217  regno = regno
3218  Return 0
3221  When i < max_off + access_size cycle
3224  slot = -i - 1
3225  spi = slot / size of eBPF register in bytes
3226  If allocated_stack <= slot Then Go to err
3228  stype = slot_type[slot % size of eBPF register in bytes ]
3229  If stype == BPF program wrote some data into this slot Then Go to mark
3231  If stype == BPF program wrote constant zero Then
3233  stype = BPF program wrote some data into this slot
3234  Go to mark
3236  If slot_type[0] == register spilled into stack && Ordering of fields matters. See states_equal() == g doesn't contain a valid pointer Then
3238  Mark a register as having a completely unknown (scalar) value.
3239  When j < size of eBPF register in bytes cycle slot_type[j] = BPF program wrote some data into this slot
3241  Go to mark
3244  err :
3245  If Returns true if @a is a known constant Then
3246  verbose(env, "invalid indirect read from stack off %d+%d size %d\n", min_off, i - min_off, access_size)
3248  Else
3251  Format a tnum as a pair of hex numbers (value; mask)
3252  verbose(env, "invalid indirect read from stack var_off %s+%d size %d\n", tn_buf, i - min_off, access_size)
3255  Return -EACCES
3256  mark :
3260  Parentage chain of this register (or stack slot) should take care of all* issues like callee-saved registers, stack slot allocation time, etc.
3264  Return update_stack_depth(env, state, min_off)
Caller
NameDescribe
check_helper_mem_access