Commit 67174bb2 authored by David S. Miller's avatar David S. Miller

Merge branch 'bpf-get-rid-of-global-verifier-state-and-reuse-instruction-printer'

Jakub Kicinski says:

====================
bpf: get rid of global verifier state and reuse instruction printer

This set started off as simple extraction of eBPF verifier's instruction
printer into a separate file but evolved into removal of global state.
The purpose of moving instruction printing code is to be able to reuse it
from the bpftool.

As far as the global verifier lock goes, this set removes the global
variables relating to the log buffer, makes the one-time init done
by bpf_get_skb_set_tunnel_proto() not depend on any external locking,
and performs verifier log writeback as data is produced removing the need
for allocating a potentially large temporary buffer.

The final step of actually removing the verifier lock is left to someone
more competent and self-confident :)

Note that struct bpf_verifier_env is just 40B under two pages now,
we should probably switch to vzalloc() when it's expanded again...

v2:
 - add a selftest;
 - use env buffer and flush on every print (Alexei);
 - handle kernel log allocation failures (Daniel);
 - put the env log members into a struct (Daniel).
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 442d713b a2a7d570
...@@ -115,6 +115,21 @@ struct bpf_insn_aux_data { ...@@ -115,6 +115,21 @@ struct bpf_insn_aux_data {
#define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */ #define MAX_USED_MAPS 64 /* max number of maps accessed by one eBPF program */
#define BPF_VERIFIER_TMP_LOG_SIZE 1024
struct bpf_verifer_log {
u32 level;
char kbuf[BPF_VERIFIER_TMP_LOG_SIZE];
char __user *ubuf;
u32 len_used;
u32 len_total;
};
static inline bool bpf_verifier_log_full(const struct bpf_verifer_log *log)
{
return log->len_used >= log->len_total - 1;
}
struct bpf_verifier_env; struct bpf_verifier_env;
struct bpf_ext_analyzer_ops { struct bpf_ext_analyzer_ops {
int (*insn_hook)(struct bpf_verifier_env *env, int (*insn_hook)(struct bpf_verifier_env *env,
...@@ -139,6 +154,8 @@ struct bpf_verifier_env { ...@@ -139,6 +154,8 @@ struct bpf_verifier_env {
bool allow_ptr_leaks; bool allow_ptr_leaks;
bool seen_direct_write; bool seen_direct_write;
struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */ struct bpf_insn_aux_data *insn_aux_data; /* array of per-insn state */
struct bpf_verifer_log log;
}; };
int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops, int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
......
...@@ -87,6 +87,7 @@ static inline int skb_metadata_dst_cmp(const struct sk_buff *skb_a, ...@@ -87,6 +87,7 @@ static inline int skb_metadata_dst_cmp(const struct sk_buff *skb_a,
void metadata_dst_free(struct metadata_dst *); void metadata_dst_free(struct metadata_dst *);
struct metadata_dst *metadata_dst_alloc(u8 optslen, enum metadata_type type, struct metadata_dst *metadata_dst_alloc(u8 optslen, enum metadata_type type,
gfp_t flags); gfp_t flags);
void metadata_dst_free_percpu(struct metadata_dst __percpu *md_dst);
struct metadata_dst __percpu * struct metadata_dst __percpu *
metadata_dst_alloc_percpu(u8 optslen, enum metadata_type type, gfp_t flags); metadata_dst_alloc_percpu(u8 optslen, enum metadata_type type, gfp_t flags);
......
...@@ -2,6 +2,7 @@ obj-y := core.o ...@@ -2,6 +2,7 @@ obj-y := core.o
obj-$(CONFIG_BPF_SYSCALL) += syscall.o verifier.o inode.o helpers.o tnum.o obj-$(CONFIG_BPF_SYSCALL) += syscall.o verifier.o inode.o helpers.o tnum.o
obj-$(CONFIG_BPF_SYSCALL) += hashtab.o arraymap.o percpu_freelist.o bpf_lru_list.o lpm_trie.o map_in_map.o obj-$(CONFIG_BPF_SYSCALL) += hashtab.o arraymap.o percpu_freelist.o bpf_lru_list.o lpm_trie.o map_in_map.o
obj-$(CONFIG_BPF_SYSCALL) += disasm.o
ifeq ($(CONFIG_NET),y) ifeq ($(CONFIG_NET),y)
obj-$(CONFIG_BPF_SYSCALL) += devmap.o obj-$(CONFIG_BPF_SYSCALL) += devmap.o
ifeq ($(CONFIG_STREAM_PARSER),y) ifeq ($(CONFIG_STREAM_PARSER),y)
......
/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
* Copyright (c) 2016 Facebook
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*/
#include <linux/bpf.h>
#include "disasm.h"
#define __BPF_FUNC_STR_FN(x) [BPF_FUNC_ ## x] = __stringify(bpf_ ## x)
static const char * const func_id_str[] = {
__BPF_FUNC_MAPPER(__BPF_FUNC_STR_FN)
};
#undef __BPF_FUNC_STR_FN
const char *func_id_name(int id)
{
BUILD_BUG_ON(ARRAY_SIZE(func_id_str) != __BPF_FUNC_MAX_ID);
if (id >= 0 && id < __BPF_FUNC_MAX_ID && func_id_str[id])
return func_id_str[id];
else
return "unknown";
}
const char *const bpf_class_string[8] = {
[BPF_LD] = "ld",
[BPF_LDX] = "ldx",
[BPF_ST] = "st",
[BPF_STX] = "stx",
[BPF_ALU] = "alu",
[BPF_JMP] = "jmp",
[BPF_RET] = "BUG",
[BPF_ALU64] = "alu64",
};
const char *const bpf_alu_string[16] = {
[BPF_ADD >> 4] = "+=",
[BPF_SUB >> 4] = "-=",
[BPF_MUL >> 4] = "*=",
[BPF_DIV >> 4] = "/=",
[BPF_OR >> 4] = "|=",
[BPF_AND >> 4] = "&=",
[BPF_LSH >> 4] = "<<=",
[BPF_RSH >> 4] = ">>=",
[BPF_NEG >> 4] = "neg",
[BPF_MOD >> 4] = "%=",
[BPF_XOR >> 4] = "^=",
[BPF_MOV >> 4] = "=",
[BPF_ARSH >> 4] = "s>>=",
[BPF_END >> 4] = "endian",
};
static const char *const bpf_ldst_string[] = {
[BPF_W >> 3] = "u32",
[BPF_H >> 3] = "u16",
[BPF_B >> 3] = "u8",
[BPF_DW >> 3] = "u64",
};
static const char *const bpf_jmp_string[16] = {
[BPF_JA >> 4] = "jmp",
[BPF_JEQ >> 4] = "==",
[BPF_JGT >> 4] = ">",
[BPF_JLT >> 4] = "<",
[BPF_JGE >> 4] = ">=",
[BPF_JLE >> 4] = "<=",
[BPF_JSET >> 4] = "&",
[BPF_JNE >> 4] = "!=",
[BPF_JSGT >> 4] = "s>",
[BPF_JSLT >> 4] = "s<",
[BPF_JSGE >> 4] = "s>=",
[BPF_JSLE >> 4] = "s<=",
[BPF_CALL >> 4] = "call",
[BPF_EXIT >> 4] = "exit",
};
static void print_bpf_end_insn(bpf_insn_print_cb verbose,
struct bpf_verifier_env *env,
const struct bpf_insn *insn)
{
verbose(env, "(%02x) r%d = %s%d r%d\n", insn->code, insn->dst_reg,
BPF_SRC(insn->code) == BPF_TO_BE ? "be" : "le",
insn->imm, insn->dst_reg);
}
void print_bpf_insn(bpf_insn_print_cb verbose, struct bpf_verifier_env *env,
const struct bpf_insn *insn, bool allow_ptr_leaks)
{
u8 class = BPF_CLASS(insn->code);
if (class == BPF_ALU || class == BPF_ALU64) {
if (BPF_OP(insn->code) == BPF_END) {
if (class == BPF_ALU64)
verbose(env, "BUG_alu64_%02x\n", insn->code);
else
print_bpf_end_insn(verbose, env, insn);
} else if (BPF_OP(insn->code) == BPF_NEG) {
verbose(env, "(%02x) r%d = %s-r%d\n",
insn->code, insn->dst_reg,
class == BPF_ALU ? "(u32) " : "",
insn->dst_reg);
} else if (BPF_SRC(insn->code) == BPF_X) {
verbose(env, "(%02x) %sr%d %s %sr%d\n",
insn->code, class == BPF_ALU ? "(u32) " : "",
insn->dst_reg,
bpf_alu_string[BPF_OP(insn->code) >> 4],
class == BPF_ALU ? "(u32) " : "",
insn->src_reg);
} else {
verbose(env, "(%02x) %sr%d %s %s%d\n",
insn->code, class == BPF_ALU ? "(u32) " : "",
insn->dst_reg,
bpf_alu_string[BPF_OP(insn->code) >> 4],
class == BPF_ALU ? "(u32) " : "",
insn->imm);
}
} else if (class == BPF_STX) {
if (BPF_MODE(insn->code) == BPF_MEM)
verbose(env, "(%02x) *(%s *)(r%d %+d) = r%d\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->dst_reg,
insn->off, insn->src_reg);
else if (BPF_MODE(insn->code) == BPF_XADD)
verbose(env, "(%02x) lock *(%s *)(r%d %+d) += r%d\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->dst_reg, insn->off,
insn->src_reg);
else
verbose(env, "BUG_%02x\n", insn->code);
} else if (class == BPF_ST) {
if (BPF_MODE(insn->code) != BPF_MEM) {
verbose(env, "BUG_st_%02x\n", insn->code);
return;
}
verbose(env, "(%02x) *(%s *)(r%d %+d) = %d\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->dst_reg,
insn->off, insn->imm);
} else if (class == BPF_LDX) {
if (BPF_MODE(insn->code) != BPF_MEM) {
verbose(env, "BUG_ldx_%02x\n", insn->code);
return;
}
verbose(env, "(%02x) r%d = *(%s *)(r%d %+d)\n",
insn->code, insn->dst_reg,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->src_reg, insn->off);
} else if (class == BPF_LD) {
if (BPF_MODE(insn->code) == BPF_ABS) {
verbose(env, "(%02x) r0 = *(%s *)skb[%d]\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->imm);
} else if (BPF_MODE(insn->code) == BPF_IND) {
verbose(env, "(%02x) r0 = *(%s *)skb[r%d + %d]\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->src_reg, insn->imm);
} else if (BPF_MODE(insn->code) == BPF_IMM &&
BPF_SIZE(insn->code) == BPF_DW) {
/* At this point, we already made sure that the second
* part of the ldimm64 insn is accessible.
*/
u64 imm = ((u64)(insn + 1)->imm << 32) | (u32)insn->imm;
bool map_ptr = insn->src_reg == BPF_PSEUDO_MAP_FD;
if (map_ptr && !allow_ptr_leaks)
imm = 0;
verbose(env, "(%02x) r%d = 0x%llx\n", insn->code,
insn->dst_reg, (unsigned long long)imm);
} else {
verbose(env, "BUG_ld_%02x\n", insn->code);
return;
}
} else if (class == BPF_JMP) {
u8 opcode = BPF_OP(insn->code);
if (opcode == BPF_CALL) {
verbose(env, "(%02x) call %s#%d\n", insn->code,
func_id_name(insn->imm), insn->imm);
} else if (insn->code == (BPF_JMP | BPF_JA)) {
verbose(env, "(%02x) goto pc%+d\n",
insn->code, insn->off);
} else if (insn->code == (BPF_JMP | BPF_EXIT)) {
verbose(env, "(%02x) exit\n", insn->code);
} else if (BPF_SRC(insn->code) == BPF_X) {
verbose(env, "(%02x) if r%d %s r%d goto pc%+d\n",
insn->code, insn->dst_reg,
bpf_jmp_string[BPF_OP(insn->code) >> 4],
insn->src_reg, insn->off);
} else {
verbose(env, "(%02x) if r%d %s 0x%x goto pc%+d\n",
insn->code, insn->dst_reg,
bpf_jmp_string[BPF_OP(insn->code) >> 4],
insn->imm, insn->off);
}
} else {
verbose(env, "(%02x) %s\n",
insn->code, bpf_class_string[class]);
}
}
/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
* Copyright (c) 2016 Facebook
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*/
#ifndef __BPF_DISASM_H__
#define __BPF_DISASM_H__
#include <linux/bpf.h>
#include <linux/kernel.h>
#include <linux/stringify.h>
extern const char *const bpf_alu_string[16];
extern const char *const bpf_class_string[8];
const char *func_id_name(int id);
struct bpf_verifier_env;
typedef void (*bpf_insn_print_cb)(struct bpf_verifier_env *env,
const char *, ...);
void print_bpf_insn(bpf_insn_print_cb verbose, struct bpf_verifier_env *env,
const struct bpf_insn *insn, bool allow_ptr_leaks);
#endif
...@@ -21,6 +21,8 @@ ...@@ -21,6 +21,8 @@
#include <linux/vmalloc.h> #include <linux/vmalloc.h>
#include <linux/stringify.h> #include <linux/stringify.h>
#include "disasm.h"
/* bpf_check() is a static code analyzer that walks eBPF program /* bpf_check() is a static code analyzer that walks eBPF program
* instruction by instruction and updates register/stack state. * instruction by instruction and updates register/stack state.
* All paths of conditional branches are analyzed until 'bpf_exit' insn. * All paths of conditional branches are analyzed until 'bpf_exit' insn.
...@@ -153,28 +155,36 @@ struct bpf_call_arg_meta { ...@@ -153,28 +155,36 @@ struct bpf_call_arg_meta {
int access_size; int access_size;
}; };
/* verbose verifier prints what it's seeing
* bpf_check() is called under lock, so no race to access these global vars
*/
static u32 log_level, log_size, log_len;
static char *log_buf;
static DEFINE_MUTEX(bpf_verifier_lock); static DEFINE_MUTEX(bpf_verifier_lock);
/* log_level controls verbosity level of eBPF verifier. /* log_level controls verbosity level of eBPF verifier.
* verbose() is used to dump the verification trace to the log, so the user * verbose() is used to dump the verification trace to the log, so the user
* can figure out what's wrong with the program * can figure out what's wrong with the program
*/ */
static __printf(1, 2) void verbose(const char *fmt, ...) static __printf(2, 3) void verbose(struct bpf_verifier_env *env,
const char *fmt, ...)
{ {
struct bpf_verifer_log *log = &env->log;
unsigned int n;
va_list args; va_list args;
if (log_level == 0 || log_len >= log_size - 1) if (!log->level || !log->ubuf || bpf_verifier_log_full(log))
return; return;
va_start(args, fmt); va_start(args, fmt);
log_len += vscnprintf(log_buf + log_len, log_size - log_len, fmt, args); n = vscnprintf(log->kbuf, BPF_VERIFIER_TMP_LOG_SIZE, fmt, args);
va_end(args); va_end(args);
WARN_ONCE(n >= BPF_VERIFIER_TMP_LOG_SIZE - 1,
"verifier log line truncated - local buffer too short\n");
n = min(log->len_total - log->len_used - 1, n);
log->kbuf[n] = '\0';
if (!copy_to_user(log->ubuf + log->len_used, log->kbuf, n + 1))
log->len_used += n;
else
log->ubuf = NULL;
} }
static bool type_is_pkt_pointer(enum bpf_reg_type type) static bool type_is_pkt_pointer(enum bpf_reg_type type)
...@@ -197,23 +207,8 @@ static const char * const reg_type_str[] = { ...@@ -197,23 +207,8 @@ static const char * const reg_type_str[] = {
[PTR_TO_PACKET_END] = "pkt_end", [PTR_TO_PACKET_END] = "pkt_end",
}; };
#define __BPF_FUNC_STR_FN(x) [BPF_FUNC_ ## x] = __stringify(bpf_ ## x) static void print_verifier_state(struct bpf_verifier_env *env,
static const char * const func_id_str[] = { struct bpf_verifier_state *state)
__BPF_FUNC_MAPPER(__BPF_FUNC_STR_FN)
};
#undef __BPF_FUNC_STR_FN
static const char *func_id_name(int id)
{
BUILD_BUG_ON(ARRAY_SIZE(func_id_str) != __BPF_FUNC_MAX_ID);
if (id >= 0 && id < __BPF_FUNC_MAX_ID && func_id_str[id])
return func_id_str[id];
else
return "unknown";
}
static void print_verifier_state(struct bpf_verifier_state *state)
{ {
struct bpf_reg_state *reg; struct bpf_reg_state *reg;
enum bpf_reg_type t; enum bpf_reg_type t;
...@@ -224,21 +219,21 @@ static void print_verifier_state(struct bpf_verifier_state *state) ...@@ -224,21 +219,21 @@ static void print_verifier_state(struct bpf_verifier_state *state)
t = reg->type; t = reg->type;
if (t == NOT_INIT) if (t == NOT_INIT)
continue; continue;
verbose(" R%d=%s", i, reg_type_str[t]); verbose(env, " R%d=%s", i, reg_type_str[t]);
if ((t == SCALAR_VALUE || t == PTR_TO_STACK) && if ((t == SCALAR_VALUE || t == PTR_TO_STACK) &&
tnum_is_const(reg->var_off)) { tnum_is_const(reg->var_off)) {
/* reg->off should be 0 for SCALAR_VALUE */ /* reg->off should be 0 for SCALAR_VALUE */
verbose("%lld", reg->var_off.value + reg->off); verbose(env, "%lld", reg->var_off.value + reg->off);
} else { } else {
verbose("(id=%d", reg->id); verbose(env, "(id=%d", reg->id);
if (t != SCALAR_VALUE) if (t != SCALAR_VALUE)
verbose(",off=%d", reg->off); verbose(env, ",off=%d", reg->off);
if (type_is_pkt_pointer(t)) if (type_is_pkt_pointer(t))
verbose(",r=%d", reg->range); verbose(env, ",r=%d", reg->range);
else if (t == CONST_PTR_TO_MAP || else if (t == CONST_PTR_TO_MAP ||
t == PTR_TO_MAP_VALUE || t == PTR_TO_MAP_VALUE ||
t == PTR_TO_MAP_VALUE_OR_NULL) t == PTR_TO_MAP_VALUE_OR_NULL)
verbose(",ks=%d,vs=%d", verbose(env, ",ks=%d,vs=%d",
reg->map_ptr->key_size, reg->map_ptr->key_size,
reg->map_ptr->value_size); reg->map_ptr->value_size);
if (tnum_is_const(reg->var_off)) { if (tnum_is_const(reg->var_off)) {
...@@ -246,218 +241,38 @@ static void print_verifier_state(struct bpf_verifier_state *state) ...@@ -246,218 +241,38 @@ static void print_verifier_state(struct bpf_verifier_state *state)
* could be a pointer whose offset is too big * could be a pointer whose offset is too big
* for reg->off * for reg->off
*/ */
verbose(",imm=%llx", reg->var_off.value); verbose(env, ",imm=%llx", reg->var_off.value);
} else { } else {
if (reg->smin_value != reg->umin_value && if (reg->smin_value != reg->umin_value &&
reg->smin_value != S64_MIN) reg->smin_value != S64_MIN)
verbose(",smin_value=%lld", verbose(env, ",smin_value=%lld",
(long long)reg->smin_value); (long long)reg->smin_value);
if (reg->smax_value != reg->umax_value && if (reg->smax_value != reg->umax_value &&
reg->smax_value != S64_MAX) reg->smax_value != S64_MAX)
verbose(",smax_value=%lld", verbose(env, ",smax_value=%lld",
(long long)reg->smax_value); (long long)reg->smax_value);
if (reg->umin_value != 0) if (reg->umin_value != 0)
verbose(",umin_value=%llu", verbose(env, ",umin_value=%llu",
(unsigned long long)reg->umin_value); (unsigned long long)reg->umin_value);
if (reg->umax_value != U64_MAX) if (reg->umax_value != U64_MAX)
verbose(",umax_value=%llu", verbose(env, ",umax_value=%llu",
(unsigned long long)reg->umax_value); (unsigned long long)reg->umax_value);
if (!tnum_is_unknown(reg->var_off)) { if (!tnum_is_unknown(reg->var_off)) {
char tn_buf[48]; char tn_buf[48];
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
verbose(",var_off=%s", tn_buf); verbose(env, ",var_off=%s", tn_buf);
} }
} }
verbose(")"); verbose(env, ")");
} }
} }
for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) { for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) {
if (state->stack_slot_type[i] == STACK_SPILL) if (state->stack_slot_type[i] == STACK_SPILL)
verbose(" fp%d=%s", -MAX_BPF_STACK + i, verbose(env, " fp%d=%s", -MAX_BPF_STACK + i,
reg_type_str[state->spilled_regs[i / BPF_REG_SIZE].type]); reg_type_str[state->spilled_regs[i / BPF_REG_SIZE].type]);
} }
verbose("\n"); verbose(env, "\n");
}
static const char *const bpf_class_string[] = {
[BPF_LD] = "ld",
[BPF_LDX] = "ldx",
[BPF_ST] = "st",
[BPF_STX] = "stx",
[BPF_ALU] = "alu",
[BPF_JMP] = "jmp",
[BPF_RET] = "BUG",
[BPF_ALU64] = "alu64",
};
static const char *const bpf_alu_string[16] = {
[BPF_ADD >> 4] = "+=",
[BPF_SUB >> 4] = "-=",
[BPF_MUL >> 4] = "*=",
[BPF_DIV >> 4] = "/=",
[BPF_OR >> 4] = "|=",
[BPF_AND >> 4] = "&=",
[BPF_LSH >> 4] = "<<=",
[BPF_RSH >> 4] = ">>=",
[BPF_NEG >> 4] = "neg",
[BPF_MOD >> 4] = "%=",
[BPF_XOR >> 4] = "^=",
[BPF_MOV >> 4] = "=",
[BPF_ARSH >> 4] = "s>>=",
[BPF_END >> 4] = "endian",
};
static const char *const bpf_ldst_string[] = {
[BPF_W >> 3] = "u32",
[BPF_H >> 3] = "u16",
[BPF_B >> 3] = "u8",
[BPF_DW >> 3] = "u64",
};
static const char *const bpf_jmp_string[16] = {
[BPF_JA >> 4] = "jmp",
[BPF_JEQ >> 4] = "==",
[BPF_JGT >> 4] = ">",
[BPF_JLT >> 4] = "<",
[BPF_JGE >> 4] = ">=",
[BPF_JLE >> 4] = "<=",
[BPF_JSET >> 4] = "&",
[BPF_JNE >> 4] = "!=",
[BPF_JSGT >> 4] = "s>",
[BPF_JSLT >> 4] = "s<",
[BPF_JSGE >> 4] = "s>=",
[BPF_JSLE >> 4] = "s<=",
[BPF_CALL >> 4] = "call",
[BPF_EXIT >> 4] = "exit",
};
static void print_bpf_end_insn(const struct bpf_verifier_env *env,
const struct bpf_insn *insn)
{
verbose("(%02x) r%d = %s%d r%d\n", insn->code, insn->dst_reg,
BPF_SRC(insn->code) == BPF_TO_BE ? "be" : "le",
insn->imm, insn->dst_reg);
}
static void print_bpf_insn(const struct bpf_verifier_env *env,
const struct bpf_insn *insn)
{
u8 class = BPF_CLASS(insn->code);
if (class == BPF_ALU || class == BPF_ALU64) {
if (BPF_OP(insn->code) == BPF_END) {
if (class == BPF_ALU64)
verbose("BUG_alu64_%02x\n", insn->code);
else
print_bpf_end_insn(env, insn);
} else if (BPF_OP(insn->code) == BPF_NEG) {
verbose("(%02x) r%d = %s-r%d\n",
insn->code, insn->dst_reg,
class == BPF_ALU ? "(u32) " : "",
insn->dst_reg);
} else if (BPF_SRC(insn->code) == BPF_X) {
verbose("(%02x) %sr%d %s %sr%d\n",
insn->code, class == BPF_ALU ? "(u32) " : "",
insn->dst_reg,
bpf_alu_string[BPF_OP(insn->code) >> 4],
class == BPF_ALU ? "(u32) " : "",
insn->src_reg);
} else {
verbose("(%02x) %sr%d %s %s%d\n",
insn->code, class == BPF_ALU ? "(u32) " : "",
insn->dst_reg,
bpf_alu_string[BPF_OP(insn->code) >> 4],
class == BPF_ALU ? "(u32) " : "",
insn->imm);
}
} else if (class == BPF_STX) {
if (BPF_MODE(insn->code) == BPF_MEM)
verbose("(%02x) *(%s *)(r%d %+d) = r%d\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->dst_reg,
insn->off, insn->src_reg);
else if (BPF_MODE(insn->code) == BPF_XADD)
verbose("(%02x) lock *(%s *)(r%d %+d) += r%d\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->dst_reg, insn->off,
insn->src_reg);
else
verbose("BUG_%02x\n", insn->code);
} else if (class == BPF_ST) {
if (BPF_MODE(insn->code) != BPF_MEM) {
verbose("BUG_st_%02x\n", insn->code);
return;
}
verbose("(%02x) *(%s *)(r%d %+d) = %d\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->dst_reg,
insn->off, insn->imm);
} else if (class == BPF_LDX) {
if (BPF_MODE(insn->code) != BPF_MEM) {
verbose("BUG_ldx_%02x\n", insn->code);
return;
}
verbose("(%02x) r%d = *(%s *)(r%d %+d)\n",
insn->code, insn->dst_reg,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->src_reg, insn->off);
} else if (class == BPF_LD) {
if (BPF_MODE(insn->code) == BPF_ABS) {
verbose("(%02x) r0 = *(%s *)skb[%d]\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->imm);
} else if (BPF_MODE(insn->code) == BPF_IND) {
verbose("(%02x) r0 = *(%s *)skb[r%d + %d]\n",
insn->code,
bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
insn->src_reg, insn->imm);
} else if (BPF_MODE(insn->code) == BPF_IMM &&
BPF_SIZE(insn->code) == BPF_DW) {
/* At this point, we already made sure that the second
* part of the ldimm64 insn is accessible.
*/
u64 imm = ((u64)(insn + 1)->imm << 32) | (u32)insn->imm;
bool map_ptr = insn->src_reg == BPF_PSEUDO_MAP_FD;
if (map_ptr && !env->allow_ptr_leaks)
imm = 0;
verbose("(%02x) r%d = 0x%llx\n", insn->code,
insn->dst_reg, (unsigned long long)imm);
} else {
verbose("BUG_ld_%02x\n", insn->code);
return;
}
} else if (class == BPF_JMP) {
u8 opcode = BPF_OP(insn->code);
if (opcode == BPF_CALL) {
verbose("(%02x) call %s#%d\n", insn->code,
func_id_name(insn->imm), insn->imm);
} else if (insn->code == (BPF_JMP | BPF_JA)) {
verbose("(%02x) goto pc%+d\n",
insn->code, insn->off);
} else if (insn->code == (BPF_JMP | BPF_EXIT)) {
verbose("(%02x) exit\n", insn->code);
} else if (BPF_SRC(insn->code) == BPF_X) {
verbose("(%02x) if r%d %s r%d goto pc%+d\n",
insn->code, insn->dst_reg,
bpf_jmp_string[BPF_OP(insn->code) >> 4],
insn->src_reg, insn->off);
} else {
verbose("(%02x) if r%d %s 0x%x goto pc%+d\n",
insn->code, insn->dst_reg,
bpf_jmp_string[BPF_OP(insn->code) >> 4],
insn->imm, insn->off);
}
} else {
verbose("(%02x) %s\n", insn->code, bpf_class_string[class]);
}
} }
static int pop_stack(struct bpf_verifier_env *env, int *prev_insn_idx) static int pop_stack(struct bpf_verifier_env *env, int *prev_insn_idx)
...@@ -495,7 +310,7 @@ static struct bpf_verifier_state *push_stack(struct bpf_verifier_env *env, ...@@ -495,7 +310,7 @@ static struct bpf_verifier_state *push_stack(struct bpf_verifier_env *env,
env->head = elem; env->head = elem;
env->stack_size++; env->stack_size++;
if (env->stack_size > BPF_COMPLEXITY_LIMIT_STACK) { if (env->stack_size > BPF_COMPLEXITY_LIMIT_STACK) {
verbose("BPF program is too complex\n"); verbose(env, "BPF program is too complex\n");
goto err; goto err;
} }
return &elem->st; return &elem->st;
...@@ -533,10 +348,11 @@ static void __mark_reg_known_zero(struct bpf_reg_state *reg) ...@@ -533,10 +348,11 @@ static void __mark_reg_known_zero(struct bpf_reg_state *reg)
__mark_reg_known(reg, 0); __mark_reg_known(reg, 0);
} }
static void mark_reg_known_zero(struct bpf_reg_state *regs, u32 regno) static void mark_reg_known_zero(struct bpf_verifier_env *env,
struct bpf_reg_state *regs, u32 regno)
{ {
if (WARN_ON(regno >= MAX_BPF_REG)) { if (WARN_ON(regno >= MAX_BPF_REG)) {
verbose("mark_reg_known_zero(regs, %u)\n", regno); verbose(env, "mark_reg_known_zero(regs, %u)\n", regno);
/* Something bad happened, let's kill all regs */ /* Something bad happened, let's kill all regs */
for (regno = 0; regno < MAX_BPF_REG; regno++) for (regno = 0; regno < MAX_BPF_REG; regno++)
__mark_reg_not_init(regs + regno); __mark_reg_not_init(regs + regno);
...@@ -646,10 +462,11 @@ static void __mark_reg_unknown(struct bpf_reg_state *reg) ...@@ -646,10 +462,11 @@ static void __mark_reg_unknown(struct bpf_reg_state *reg)
__mark_reg_unbounded(reg); __mark_reg_unbounded(reg);
} }
static void mark_reg_unknown(struct bpf_reg_state *regs, u32 regno) static void mark_reg_unknown(struct bpf_verifier_env *env,
struct bpf_reg_state *regs, u32 regno)
{ {
if (WARN_ON(regno >= MAX_BPF_REG)) { if (WARN_ON(regno >= MAX_BPF_REG)) {
verbose("mark_reg_unknown(regs, %u)\n", regno); verbose(env, "mark_reg_unknown(regs, %u)\n", regno);
/* Something bad happened, let's kill all regs */ /* Something bad happened, let's kill all regs */
for (regno = 0; regno < MAX_BPF_REG; regno++) for (regno = 0; regno < MAX_BPF_REG; regno++)
__mark_reg_not_init(regs + regno); __mark_reg_not_init(regs + regno);
...@@ -664,10 +481,11 @@ static void __mark_reg_not_init(struct bpf_reg_state *reg) ...@@ -664,10 +481,11 @@ static void __mark_reg_not_init(struct bpf_reg_state *reg)
reg->type = NOT_INIT; reg->type = NOT_INIT;
} }
static void mark_reg_not_init(struct bpf_reg_state *regs, u32 regno) static void mark_reg_not_init(struct bpf_verifier_env *env,
struct bpf_reg_state *regs, u32 regno)
{ {
if (WARN_ON(regno >= MAX_BPF_REG)) { if (WARN_ON(regno >= MAX_BPF_REG)) {
verbose("mark_reg_not_init(regs, %u)\n", regno); verbose(env, "mark_reg_not_init(regs, %u)\n", regno);
/* Something bad happened, let's kill all regs */ /* Something bad happened, let's kill all regs */
for (regno = 0; regno < MAX_BPF_REG; regno++) for (regno = 0; regno < MAX_BPF_REG; regno++)
__mark_reg_not_init(regs + regno); __mark_reg_not_init(regs + regno);
...@@ -676,22 +494,23 @@ static void mark_reg_not_init(struct bpf_reg_state *regs, u32 regno) ...@@ -676,22 +494,23 @@ static void mark_reg_not_init(struct bpf_reg_state *regs, u32 regno)
__mark_reg_not_init(regs + regno); __mark_reg_not_init(regs + regno);
} }
static void init_reg_state(struct bpf_reg_state *regs) static void init_reg_state(struct bpf_verifier_env *env,
struct bpf_reg_state *regs)
{ {
int i; int i;
for (i = 0; i < MAX_BPF_REG; i++) { for (i = 0; i < MAX_BPF_REG; i++) {
mark_reg_not_init(regs, i); mark_reg_not_init(env, regs, i);
regs[i].live = REG_LIVE_NONE; regs[i].live = REG_LIVE_NONE;
} }
/* frame pointer */ /* frame pointer */
regs[BPF_REG_FP].type = PTR_TO_STACK; regs[BPF_REG_FP].type = PTR_TO_STACK;
mark_reg_known_zero(regs, BPF_REG_FP); mark_reg_known_zero(env, regs, BPF_REG_FP);
/* 1st arg to a function */ /* 1st arg to a function */
regs[BPF_REG_1].type = PTR_TO_CTX; regs[BPF_REG_1].type = PTR_TO_CTX;
mark_reg_known_zero(regs, BPF_REG_1); mark_reg_known_zero(env, regs, BPF_REG_1);
} }
enum reg_arg_type { enum reg_arg_type {
...@@ -725,26 +544,26 @@ static int check_reg_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -725,26 +544,26 @@ static int check_reg_arg(struct bpf_verifier_env *env, u32 regno,
struct bpf_reg_state *regs = env->cur_state.regs; struct bpf_reg_state *regs = env->cur_state.regs;
if (regno >= MAX_BPF_REG) { if (regno >= MAX_BPF_REG) {
verbose("R%d is invalid\n", regno); verbose(env, "R%d is invalid\n", regno);
return -EINVAL; return -EINVAL;
} }
if (t == SRC_OP) { if (t == SRC_OP) {
/* check whether register used as source operand can be read */ /* check whether register used as source operand can be read */
if (regs[regno].type == NOT_INIT) { if (regs[regno].type == NOT_INIT) {
verbose("R%d !read_ok\n", regno); verbose(env, "R%d !read_ok\n", regno);
return -EACCES; return -EACCES;
} }
mark_reg_read(&env->cur_state, regno); mark_reg_read(&env->cur_state, regno);
} else { } else {
/* check whether register used as dest operand can be written to */ /* check whether register used as dest operand can be written to */
if (regno == BPF_REG_FP) { if (regno == BPF_REG_FP) {
verbose("frame pointer is read only\n"); verbose(env, "frame pointer is read only\n");
return -EACCES; return -EACCES;
} }
regs[regno].live |= REG_LIVE_WRITTEN; regs[regno].live |= REG_LIVE_WRITTEN;
if (t == DST_OP) if (t == DST_OP)
mark_reg_unknown(regs, regno); mark_reg_unknown(env, regs, regno);
} }
return 0; return 0;
} }
...@@ -769,7 +588,8 @@ static bool is_spillable_regtype(enum bpf_reg_type type) ...@@ -769,7 +588,8 @@ static bool is_spillable_regtype(enum bpf_reg_type type)
/* check_stack_read/write functions track spill/fill of registers, /* check_stack_read/write functions track spill/fill of registers,
* stack boundary and alignment are checked in check_mem_access() * stack boundary and alignment are checked in check_mem_access()
*/ */
static int check_stack_write(struct bpf_verifier_state *state, int off, static int check_stack_write(struct bpf_verifier_env *env,
struct bpf_verifier_state *state, int off,
int size, int value_regno) int size, int value_regno)
{ {
int i, spi = (MAX_BPF_STACK + off) / BPF_REG_SIZE; int i, spi = (MAX_BPF_STACK + off) / BPF_REG_SIZE;
...@@ -782,7 +602,7 @@ static int check_stack_write(struct bpf_verifier_state *state, int off, ...@@ -782,7 +602,7 @@ static int check_stack_write(struct bpf_verifier_state *state, int off,
/* register containing pointer is being spilled into stack */ /* register containing pointer is being spilled into stack */
if (size != BPF_REG_SIZE) { if (size != BPF_REG_SIZE) {
verbose("invalid size of register spill\n"); verbose(env, "invalid size of register spill\n");
return -EACCES; return -EACCES;
} }
...@@ -817,7 +637,8 @@ static void mark_stack_slot_read(const struct bpf_verifier_state *state, int slo ...@@ -817,7 +637,8 @@ static void mark_stack_slot_read(const struct bpf_verifier_state *state, int slo
} }
} }
static int check_stack_read(struct bpf_verifier_state *state, int off, int size, static int check_stack_read(struct bpf_verifier_env *env,
struct bpf_verifier_state *state, int off, int size,
int value_regno) int value_regno)
{ {
u8 *slot_type; u8 *slot_type;
...@@ -827,12 +648,12 @@ static int check_stack_read(struct bpf_verifier_state *state, int off, int size, ...@@ -827,12 +648,12 @@ static int check_stack_read(struct bpf_verifier_state *state, int off, int size,
if (slot_type[0] == STACK_SPILL) { if (slot_type[0] == STACK_SPILL) {
if (size != BPF_REG_SIZE) { if (size != BPF_REG_SIZE) {
verbose("invalid size of register spill\n"); verbose(env, "invalid size of register spill\n");
return -EACCES; return -EACCES;
} }
for (i = 1; i < BPF_REG_SIZE; i++) { for (i = 1; i < BPF_REG_SIZE; i++) {
if (slot_type[i] != STACK_SPILL) { if (slot_type[i] != STACK_SPILL) {
verbose("corrupted spill memory\n"); verbose(env, "corrupted spill memory\n");
return -EACCES; return -EACCES;
} }
} }
...@@ -848,14 +669,14 @@ static int check_stack_read(struct bpf_verifier_state *state, int off, int size, ...@@ -848,14 +669,14 @@ static int check_stack_read(struct bpf_verifier_state *state, int off, int size,
} else { } else {
for (i = 0; i < size; i++) { for (i = 0; i < size; i++) {
if (slot_type[i] != STACK_MISC) { if (slot_type[i] != STACK_MISC) {
verbose("invalid read from stack off %d+%d size %d\n", verbose(env, "invalid read from stack off %d+%d size %d\n",
off, i, size); off, i, size);
return -EACCES; return -EACCES;
} }
} }
if (value_regno >= 0) if (value_regno >= 0)
/* have read misc data from the stack */ /* have read misc data from the stack */
mark_reg_unknown(state->regs, value_regno); mark_reg_unknown(env, state->regs, value_regno);
return 0; return 0;
} }
} }
...@@ -867,7 +688,7 @@ static int __check_map_access(struct bpf_verifier_env *env, u32 regno, int off, ...@@ -867,7 +688,7 @@ static int __check_map_access(struct bpf_verifier_env *env, u32 regno, int off,
struct bpf_map *map = env->cur_state.regs[regno].map_ptr; struct bpf_map *map = env->cur_state.regs[regno].map_ptr;
if (off < 0 || size <= 0 || off + size > map->value_size) { if (off < 0 || size <= 0 || off + size > map->value_size) {
verbose("invalid access to map value, value_size=%d off=%d size=%d\n", verbose(env, "invalid access to map value, value_size=%d off=%d size=%d\n",
map->value_size, off, size); map->value_size, off, size);
return -EACCES; return -EACCES;
} }
...@@ -886,8 +707,8 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno, ...@@ -886,8 +707,8 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno,
* need to try adding each of min_value and max_value to off * need to try adding each of min_value and max_value to off
* to make sure our theoretical access will be safe. * to make sure our theoretical access will be safe.
*/ */
if (log_level) if (env->log.level)
print_verifier_state(state); print_verifier_state(env, state);
/* The minimum value is only important with signed /* The minimum value is only important with signed
* comparisons where we can't assume the floor of a * comparisons where we can't assume the floor of a
* value is 0. If we are using signed variables for our * value is 0. If we are using signed variables for our
...@@ -895,13 +716,14 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno, ...@@ -895,13 +716,14 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno,
* will have a set floor within our range. * will have a set floor within our range.
*/ */
if (reg->smin_value < 0) { if (reg->smin_value < 0) {
verbose("R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n", verbose(env, "R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n",
regno); regno);
return -EACCES; return -EACCES;
} }
err = __check_map_access(env, regno, reg->smin_value + off, size); err = __check_map_access(env, regno, reg->smin_value + off, size);
if (err) { if (err) {
verbose("R%d min value is outside of the array range\n", regno); verbose(env, "R%d min value is outside of the array range\n",
regno);
return err; return err;
} }
...@@ -910,13 +732,14 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno, ...@@ -910,13 +732,14 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno,
* If reg->umax_value + off could overflow, treat that as unbounded too. * If reg->umax_value + off could overflow, treat that as unbounded too.
*/ */
if (reg->umax_value >= BPF_MAX_VAR_OFF) { if (reg->umax_value >= BPF_MAX_VAR_OFF) {
verbose("R%d unbounded memory access, make sure to bounds check any array access into a map\n", verbose(env, "R%d unbounded memory access, make sure to bounds check any array access into a map\n",
regno); regno);
return -EACCES; return -EACCES;
} }
err = __check_map_access(env, regno, reg->umax_value + off, size); err = __check_map_access(env, regno, reg->umax_value + off, size);
if (err) if (err)
verbose("R%d max value is outside of the array range\n", regno); verbose(env, "R%d max value is outside of the array range\n",
regno);
return err; return err;
} }
...@@ -955,7 +778,7 @@ static int __check_packet_access(struct bpf_verifier_env *env, u32 regno, ...@@ -955,7 +778,7 @@ static int __check_packet_access(struct bpf_verifier_env *env, u32 regno,
struct bpf_reg_state *reg = &regs[regno]; struct bpf_reg_state *reg = &regs[regno];
if (off < 0 || size <= 0 || (u64)off + size > reg->range) { if (off < 0 || size <= 0 || (u64)off + size > reg->range) {
verbose("invalid access to packet, off=%d size=%d, R%d(id=%d,off=%d,r=%d)\n", verbose(env, "invalid access to packet, off=%d size=%d, R%d(id=%d,off=%d,r=%d)\n",
off, size, regno, reg->id, reg->off, reg->range); off, size, regno, reg->id, reg->off, reg->range);
return -EACCES; return -EACCES;
} }
...@@ -978,13 +801,13 @@ static int check_packet_access(struct bpf_verifier_env *env, u32 regno, int off, ...@@ -978,13 +801,13 @@ static int check_packet_access(struct bpf_verifier_env *env, u32 regno, int off,
* detail to prove they're safe. * detail to prove they're safe.
*/ */
if (reg->smin_value < 0) { if (reg->smin_value < 0) {
verbose("R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n", verbose(env, "R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n",
regno); regno);
return -EACCES; return -EACCES;
} }
err = __check_packet_access(env, regno, off, size); err = __check_packet_access(env, regno, off, size);
if (err) { if (err) {
verbose("R%d offset is outside of the packet\n", regno); verbose(env, "R%d offset is outside of the packet\n", regno);
return err; return err;
} }
return err; return err;
...@@ -1020,7 +843,7 @@ static int check_ctx_access(struct bpf_verifier_env *env, int insn_idx, int off, ...@@ -1020,7 +843,7 @@ static int check_ctx_access(struct bpf_verifier_env *env, int insn_idx, int off,
return 0; return 0;
} }
verbose("invalid bpf_context access off=%d size=%d\n", off, size); verbose(env, "invalid bpf_context access off=%d size=%d\n", off, size);
return -EACCES; return -EACCES;
} }
...@@ -1038,7 +861,8 @@ static bool is_pointer_value(struct bpf_verifier_env *env, int regno) ...@@ -1038,7 +861,8 @@ static bool is_pointer_value(struct bpf_verifier_env *env, int regno)
return __is_pointer_value(env->allow_ptr_leaks, &env->cur_state.regs[regno]); return __is_pointer_value(env->allow_ptr_leaks, &env->cur_state.regs[regno]);
} }
static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg, static int check_pkt_ptr_alignment(struct bpf_verifier_env *env,
const struct bpf_reg_state *reg,
int off, int size, bool strict) int off, int size, bool strict)
{ {
struct tnum reg_off; struct tnum reg_off;
...@@ -1063,7 +887,8 @@ static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg, ...@@ -1063,7 +887,8 @@ static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg,
char tn_buf[48]; char tn_buf[48];
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
verbose("misaligned packet access off %d+%s+%d+%d size %d\n", verbose(env,
"misaligned packet access off %d+%s+%d+%d size %d\n",
ip_align, tn_buf, reg->off, off, size); ip_align, tn_buf, reg->off, off, size);
return -EACCES; return -EACCES;
} }
...@@ -1071,7 +896,8 @@ static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg, ...@@ -1071,7 +896,8 @@ static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg,
return 0; return 0;
} }
static int check_generic_ptr_alignment(const struct bpf_reg_state *reg, static int check_generic_ptr_alignment(struct bpf_verifier_env *env,
const struct bpf_reg_state *reg,
const char *pointer_desc, const char *pointer_desc,
int off, int size, bool strict) int off, int size, bool strict)
{ {
...@@ -1086,7 +912,7 @@ static int check_generic_ptr_alignment(const struct bpf_reg_state *reg, ...@@ -1086,7 +912,7 @@ static int check_generic_ptr_alignment(const struct bpf_reg_state *reg,
char tn_buf[48]; char tn_buf[48];
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
verbose("misaligned %saccess off %s+%d+%d size %d\n", verbose(env, "misaligned %saccess off %s+%d+%d size %d\n",
pointer_desc, tn_buf, reg->off, off, size); pointer_desc, tn_buf, reg->off, off, size);
return -EACCES; return -EACCES;
} }
...@@ -1107,7 +933,7 @@ static int check_ptr_alignment(struct bpf_verifier_env *env, ...@@ -1107,7 +933,7 @@ static int check_ptr_alignment(struct bpf_verifier_env *env,
/* Special case, because of NET_IP_ALIGN. Given metadata sits /* Special case, because of NET_IP_ALIGN. Given metadata sits
* right in front, treat it the very same way. * right in front, treat it the very same way.
*/ */
return check_pkt_ptr_alignment(reg, off, size, strict); return check_pkt_ptr_alignment(env, reg, off, size, strict);
case PTR_TO_MAP_VALUE: case PTR_TO_MAP_VALUE:
pointer_desc = "value "; pointer_desc = "value ";
break; break;
...@@ -1120,7 +946,8 @@ static int check_ptr_alignment(struct bpf_verifier_env *env, ...@@ -1120,7 +946,8 @@ static int check_ptr_alignment(struct bpf_verifier_env *env,
default: default:
break; break;
} }
return check_generic_ptr_alignment(reg, pointer_desc, off, size, strict); return check_generic_ptr_alignment(env, reg, pointer_desc, off, size,
strict);
} }
/* check whether memory at (regno + off) is accessible for t = (read | write) /* check whether memory at (regno + off) is accessible for t = (read | write)
...@@ -1152,20 +979,20 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn ...@@ -1152,20 +979,20 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
if (reg->type == PTR_TO_MAP_VALUE) { if (reg->type == PTR_TO_MAP_VALUE) {
if (t == BPF_WRITE && value_regno >= 0 && if (t == BPF_WRITE && value_regno >= 0 &&
is_pointer_value(env, value_regno)) { is_pointer_value(env, value_regno)) {
verbose("R%d leaks addr into map\n", value_regno); verbose(env, "R%d leaks addr into map\n", value_regno);
return -EACCES; return -EACCES;
} }
err = check_map_access(env, regno, off, size); err = check_map_access(env, regno, off, size);
if (!err && t == BPF_READ && value_regno >= 0) if (!err && t == BPF_READ && value_regno >= 0)
mark_reg_unknown(state->regs, value_regno); mark_reg_unknown(env, state->regs, value_regno);
} else if (reg->type == PTR_TO_CTX) { } else if (reg->type == PTR_TO_CTX) {
enum bpf_reg_type reg_type = SCALAR_VALUE; enum bpf_reg_type reg_type = SCALAR_VALUE;
if (t == BPF_WRITE && value_regno >= 0 && if (t == BPF_WRITE && value_regno >= 0 &&
is_pointer_value(env, value_regno)) { is_pointer_value(env, value_regno)) {
verbose("R%d leaks addr into ctx\n", value_regno); verbose(env, "R%d leaks addr into ctx\n", value_regno);
return -EACCES; return -EACCES;
} }
/* ctx accesses must be at a fixed offset, so that we can /* ctx accesses must be at a fixed offset, so that we can
...@@ -1175,7 +1002,8 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn ...@@ -1175,7 +1002,8 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
char tn_buf[48]; char tn_buf[48];
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
verbose("variable ctx access var_off=%s off=%d size=%d", verbose(env,
"variable ctx access var_off=%s off=%d size=%d",
tn_buf, off, size); tn_buf, off, size);
return -EACCES; return -EACCES;
} }
...@@ -1187,9 +1015,10 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn ...@@ -1187,9 +1015,10 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
* case, we know the offset is zero. * case, we know the offset is zero.
*/ */
if (reg_type == SCALAR_VALUE) if (reg_type == SCALAR_VALUE)
mark_reg_unknown(state->regs, value_regno); mark_reg_unknown(env, state->regs, value_regno);
else else
mark_reg_known_zero(state->regs, value_regno); mark_reg_known_zero(env, state->regs,
value_regno);
state->regs[value_regno].id = 0; state->regs[value_regno].id = 0;
state->regs[value_regno].off = 0; state->regs[value_regno].off = 0;
state->regs[value_regno].range = 0; state->regs[value_regno].range = 0;
...@@ -1205,13 +1034,14 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn ...@@ -1205,13 +1034,14 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
char tn_buf[48]; char tn_buf[48];
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
verbose("variable stack access var_off=%s off=%d size=%d", verbose(env, "variable stack access var_off=%s off=%d size=%d",
tn_buf, off, size); tn_buf, off, size);
return -EACCES; return -EACCES;
} }
off += reg->var_off.value; off += reg->var_off.value;
if (off >= 0 || off < -MAX_BPF_STACK) { if (off >= 0 || off < -MAX_BPF_STACK) {
verbose("invalid stack off=%d size=%d\n", off, size); verbose(env, "invalid stack off=%d size=%d\n", off,
size);
return -EACCES; return -EACCES;
} }
...@@ -1222,29 +1052,32 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn ...@@ -1222,29 +1052,32 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
if (!env->allow_ptr_leaks && if (!env->allow_ptr_leaks &&
state->stack_slot_type[MAX_BPF_STACK + off] == STACK_SPILL && state->stack_slot_type[MAX_BPF_STACK + off] == STACK_SPILL &&
size != BPF_REG_SIZE) { size != BPF_REG_SIZE) {
verbose("attempt to corrupt spilled pointer on stack\n"); verbose(env, "attempt to corrupt spilled pointer on stack\n");
return -EACCES; return -EACCES;
} }
err = check_stack_write(state, off, size, value_regno); err = check_stack_write(env, state, off, size,
value_regno);
} else { } else {
err = check_stack_read(state, off, size, value_regno); err = check_stack_read(env, state, off, size,
value_regno);
} }
} else if (reg_is_pkt_pointer(reg)) { } else if (reg_is_pkt_pointer(reg)) {
if (t == BPF_WRITE && !may_access_direct_pkt_data(env, NULL, t)) { if (t == BPF_WRITE && !may_access_direct_pkt_data(env, NULL, t)) {
verbose("cannot write into packet\n"); verbose(env, "cannot write into packet\n");
return -EACCES; return -EACCES;
} }
if (t == BPF_WRITE && value_regno >= 0 && if (t == BPF_WRITE && value_regno >= 0 &&
is_pointer_value(env, value_regno)) { is_pointer_value(env, value_regno)) {
verbose("R%d leaks addr into packet\n", value_regno); verbose(env, "R%d leaks addr into packet\n",
value_regno);
return -EACCES; return -EACCES;
} }
err = check_packet_access(env, regno, off, size); err = check_packet_access(env, regno, off, size);
if (!err && t == BPF_READ && value_regno >= 0) if (!err && t == BPF_READ && value_regno >= 0)
mark_reg_unknown(state->regs, value_regno); mark_reg_unknown(env, state->regs, value_regno);
} else { } else {
verbose("R%d invalid mem access '%s'\n", verbose(env, "R%d invalid mem access '%s'\n", regno,
regno, reg_type_str[reg->type]); reg_type_str[reg->type]);
return -EACCES; return -EACCES;
} }
...@@ -1264,7 +1097,7 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins ...@@ -1264,7 +1097,7 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins
if ((BPF_SIZE(insn->code) != BPF_W && BPF_SIZE(insn->code) != BPF_DW) || if ((BPF_SIZE(insn->code) != BPF_W && BPF_SIZE(insn->code) != BPF_DW) ||
insn->imm != 0) { insn->imm != 0) {
verbose("BPF_XADD uses reserved fields\n"); verbose(env, "BPF_XADD uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -1279,7 +1112,7 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins ...@@ -1279,7 +1112,7 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins
return err; return err;
if (is_pointer_value(env, insn->src_reg)) { if (is_pointer_value(env, insn->src_reg)) {
verbose("R%d leaks addr into mem\n", insn->src_reg); verbose(env, "R%d leaks addr into mem\n", insn->src_reg);
return -EACCES; return -EACCES;
} }
...@@ -1320,7 +1153,7 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno, ...@@ -1320,7 +1153,7 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno,
register_is_null(regs[regno])) register_is_null(regs[regno]))
return 0; return 0;
verbose("R%d type=%s expected=%s\n", regno, verbose(env, "R%d type=%s expected=%s\n", regno,
reg_type_str[regs[regno].type], reg_type_str[regs[regno].type],
reg_type_str[PTR_TO_STACK]); reg_type_str[PTR_TO_STACK]);
return -EACCES; return -EACCES;
...@@ -1331,13 +1164,13 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno, ...@@ -1331,13 +1164,13 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno,
char tn_buf[48]; char tn_buf[48];
tnum_strn(tn_buf, sizeof(tn_buf), regs[regno].var_off); tnum_strn(tn_buf, sizeof(tn_buf), regs[regno].var_off);
verbose("invalid variable stack read R%d var_off=%s\n", verbose(env, "invalid variable stack read R%d var_off=%s\n",
regno, tn_buf); regno, tn_buf);
} }
off = regs[regno].off + regs[regno].var_off.value; off = regs[regno].off + regs[regno].var_off.value;
if (off >= 0 || off < -MAX_BPF_STACK || off + access_size > 0 || if (off >= 0 || off < -MAX_BPF_STACK || off + access_size > 0 ||
access_size <= 0) { access_size <= 0) {
verbose("invalid stack type R%d off=%d access_size=%d\n", verbose(env, "invalid stack type R%d off=%d access_size=%d\n",
regno, off, access_size); regno, off, access_size);
return -EACCES; return -EACCES;
} }
...@@ -1353,7 +1186,7 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno, ...@@ -1353,7 +1186,7 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno,
for (i = 0; i < access_size; i++) { for (i = 0; i < access_size; i++) {
if (state->stack_slot_type[MAX_BPF_STACK + off + i] != STACK_MISC) { if (state->stack_slot_type[MAX_BPF_STACK + off + i] != STACK_MISC) {
verbose("invalid indirect read from stack off %d+%d size %d\n", verbose(env, "invalid indirect read from stack off %d+%d size %d\n",
off, i, access_size); off, i, access_size);
return -EACCES; return -EACCES;
} }
...@@ -1396,7 +1229,8 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1396,7 +1229,8 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
if (arg_type == ARG_ANYTHING) { if (arg_type == ARG_ANYTHING) {
if (is_pointer_value(env, regno)) { if (is_pointer_value(env, regno)) {
verbose("R%d leaks addr into helper function\n", regno); verbose(env, "R%d leaks addr into helper function\n",
regno);
return -EACCES; return -EACCES;
} }
return 0; return 0;
...@@ -1404,7 +1238,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1404,7 +1238,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
if (type_is_pkt_pointer(type) && if (type_is_pkt_pointer(type) &&
!may_access_direct_pkt_data(env, meta, BPF_READ)) { !may_access_direct_pkt_data(env, meta, BPF_READ)) {
verbose("helper access to the packet is not allowed\n"); verbose(env, "helper access to the packet is not allowed\n");
return -EACCES; return -EACCES;
} }
...@@ -1442,7 +1276,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1442,7 +1276,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
goto err_type; goto err_type;
meta->raw_mode = arg_type == ARG_PTR_TO_UNINIT_MEM; meta->raw_mode = arg_type == ARG_PTR_TO_UNINIT_MEM;
} else { } else {
verbose("unsupported arg_type %d\n", arg_type); verbose(env, "unsupported arg_type %d\n", arg_type);
return -EFAULT; return -EFAULT;
} }
...@@ -1460,7 +1294,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1460,7 +1294,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
* we have to check map_key here. Otherwise it means * we have to check map_key here. Otherwise it means
* that kernel subsystem misconfigured verifier * that kernel subsystem misconfigured verifier
*/ */
verbose("invalid map_ptr to access map->key\n"); verbose(env, "invalid map_ptr to access map->key\n");
return -EACCES; return -EACCES;
} }
if (type_is_pkt_pointer(type)) if (type_is_pkt_pointer(type))
...@@ -1476,7 +1310,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1476,7 +1310,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
*/ */
if (!meta->map_ptr) { if (!meta->map_ptr) {
/* kernel subsystem misconfigured verifier */ /* kernel subsystem misconfigured verifier */
verbose("invalid map_ptr to access map->value\n"); verbose(env, "invalid map_ptr to access map->value\n");
return -EACCES; return -EACCES;
} }
if (type_is_pkt_pointer(type)) if (type_is_pkt_pointer(type))
...@@ -1496,7 +1330,8 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1496,7 +1330,8 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
*/ */
if (regno == 0) { if (regno == 0) {
/* kernel subsystem misconfigured verifier */ /* kernel subsystem misconfigured verifier */
verbose("ARG_CONST_SIZE cannot be first argument\n"); verbose(env,
"ARG_CONST_SIZE cannot be first argument\n");
return -EACCES; return -EACCES;
} }
...@@ -1513,7 +1348,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1513,7 +1348,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
meta = NULL; meta = NULL;
if (reg->smin_value < 0) { if (reg->smin_value < 0) {
verbose("R%d min value is negative, either use unsigned or 'var &= const'\n", verbose(env, "R%d min value is negative, either use unsigned or 'var &= const'\n",
regno); regno);
return -EACCES; return -EACCES;
} }
...@@ -1527,7 +1362,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1527,7 +1362,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
} }
if (reg->umax_value >= BPF_MAX_VAR_SIZ) { if (reg->umax_value >= BPF_MAX_VAR_SIZ) {
verbose("R%d unbounded memory access, use 'var &= const' or 'if (var < const)'\n", verbose(env, "R%d unbounded memory access, use 'var &= const' or 'if (var < const)'\n",
regno); regno);
return -EACCES; return -EACCES;
} }
...@@ -1538,12 +1373,13 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, ...@@ -1538,12 +1373,13 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno,
return err; return err;
err_type: err_type:
verbose("R%d type=%s expected=%s\n", regno, verbose(env, "R%d type=%s expected=%s\n", regno,
reg_type_str[type], reg_type_str[expected_type]); reg_type_str[type], reg_type_str[expected_type]);
return -EACCES; return -EACCES;
} }
static int check_map_func_compatibility(struct bpf_map *map, int func_id) static int check_map_func_compatibility(struct bpf_verifier_env *env,
struct bpf_map *map, int func_id)
{ {
if (!map) if (!map)
return 0; return 0;
...@@ -1631,7 +1467,7 @@ static int check_map_func_compatibility(struct bpf_map *map, int func_id) ...@@ -1631,7 +1467,7 @@ static int check_map_func_compatibility(struct bpf_map *map, int func_id)
return 0; return 0;
error: error:
verbose("cannot pass map_type %d into func %s#%d\n", verbose(env, "cannot pass map_type %d into func %s#%d\n",
map->map_type, func_id_name(func_id), func_id); map->map_type, func_id_name(func_id), func_id);
return -EINVAL; return -EINVAL;
} }
...@@ -1665,7 +1501,7 @@ static void clear_all_pkt_pointers(struct bpf_verifier_env *env) ...@@ -1665,7 +1501,7 @@ static void clear_all_pkt_pointers(struct bpf_verifier_env *env)
for (i = 0; i < MAX_BPF_REG; i++) for (i = 0; i < MAX_BPF_REG; i++)
if (reg_is_pkt_pointer_any(&regs[i])) if (reg_is_pkt_pointer_any(&regs[i]))
mark_reg_unknown(regs, i); mark_reg_unknown(env, regs, i);
for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) { for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) {
if (state->stack_slot_type[i] != STACK_SPILL) if (state->stack_slot_type[i] != STACK_SPILL)
...@@ -1687,7 +1523,8 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx) ...@@ -1687,7 +1523,8 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
/* find function prototype */ /* find function prototype */
if (func_id < 0 || func_id >= __BPF_FUNC_MAX_ID) { if (func_id < 0 || func_id >= __BPF_FUNC_MAX_ID) {
verbose("invalid func %s#%d\n", func_id_name(func_id), func_id); verbose(env, "invalid func %s#%d\n", func_id_name(func_id),
func_id);
return -EINVAL; return -EINVAL;
} }
...@@ -1695,13 +1532,14 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx) ...@@ -1695,13 +1532,14 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
fn = env->prog->aux->ops->get_func_proto(func_id); fn = env->prog->aux->ops->get_func_proto(func_id);
if (!fn) { if (!fn) {
verbose("unknown func %s#%d\n", func_id_name(func_id), func_id); verbose(env, "unknown func %s#%d\n", func_id_name(func_id),
func_id);
return -EINVAL; return -EINVAL;
} }
/* eBPF programs must be GPL compatible to use GPL-ed functions */ /* eBPF programs must be GPL compatible to use GPL-ed functions */
if (!env->prog->gpl_compatible && fn->gpl_only) { if (!env->prog->gpl_compatible && fn->gpl_only) {
verbose("cannot call GPL only function from proprietary program\n"); verbose(env, "cannot call GPL only function from proprietary program\n");
return -EINVAL; return -EINVAL;
} }
...@@ -1715,7 +1553,7 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx) ...@@ -1715,7 +1553,7 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
*/ */
err = check_raw_mode(fn); err = check_raw_mode(fn);
if (err) { if (err) {
verbose("kernel subsystem misconfigured func %s#%d\n", verbose(env, "kernel subsystem misconfigured func %s#%d\n",
func_id_name(func_id), func_id); func_id_name(func_id), func_id);
return err; return err;
} }
...@@ -1748,14 +1586,14 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx) ...@@ -1748,14 +1586,14 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
/* reset caller saved regs */ /* reset caller saved regs */
for (i = 0; i < CALLER_SAVED_REGS; i++) { for (i = 0; i < CALLER_SAVED_REGS; i++) {
mark_reg_not_init(regs, caller_saved[i]); mark_reg_not_init(env, regs, caller_saved[i]);
check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK); check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK);
} }
/* update return register (already marked as written above) */ /* update return register (already marked as written above) */
if (fn->ret_type == RET_INTEGER) { if (fn->ret_type == RET_INTEGER) {
/* sets type to SCALAR_VALUE */ /* sets type to SCALAR_VALUE */
mark_reg_unknown(regs, BPF_REG_0); mark_reg_unknown(env, regs, BPF_REG_0);
} else if (fn->ret_type == RET_VOID) { } else if (fn->ret_type == RET_VOID) {
regs[BPF_REG_0].type = NOT_INIT; regs[BPF_REG_0].type = NOT_INIT;
} else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL) { } else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL) {
...@@ -1763,14 +1601,15 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx) ...@@ -1763,14 +1601,15 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL; regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL;
/* There is no offset yet applied, variable or fixed */ /* There is no offset yet applied, variable or fixed */
mark_reg_known_zero(regs, BPF_REG_0); mark_reg_known_zero(env, regs, BPF_REG_0);
regs[BPF_REG_0].off = 0; regs[BPF_REG_0].off = 0;
/* remember map_ptr, so that check_map_access() /* remember map_ptr, so that check_map_access()
* can check 'value_size' boundary of memory access * can check 'value_size' boundary of memory access
* to map element returned from bpf_map_lookup_elem() * to map element returned from bpf_map_lookup_elem()
*/ */
if (meta.map_ptr == NULL) { if (meta.map_ptr == NULL) {
verbose("kernel subsystem misconfigured verifier\n"); verbose(env,
"kernel subsystem misconfigured verifier\n");
return -EINVAL; return -EINVAL;
} }
regs[BPF_REG_0].map_ptr = meta.map_ptr; regs[BPF_REG_0].map_ptr = meta.map_ptr;
...@@ -1781,12 +1620,12 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx) ...@@ -1781,12 +1620,12 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
else if (insn_aux->map_ptr != meta.map_ptr) else if (insn_aux->map_ptr != meta.map_ptr)
insn_aux->map_ptr = BPF_MAP_PTR_POISON; insn_aux->map_ptr = BPF_MAP_PTR_POISON;
} else { } else {
verbose("unknown return type %d of func %s#%d\n", verbose(env, "unknown return type %d of func %s#%d\n",
fn->ret_type, func_id_name(func_id), func_id); fn->ret_type, func_id_name(func_id), func_id);
return -EINVAL; return -EINVAL;
} }
err = check_map_func_compatibility(meta.map_ptr, func_id); err = check_map_func_compatibility(env, meta.map_ptr, func_id);
if (err) if (err)
return err; return err;
...@@ -1845,39 +1684,42 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, ...@@ -1845,39 +1684,42 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
dst_reg = &regs[dst]; dst_reg = &regs[dst];
if (WARN_ON_ONCE(known && (smin_val != smax_val))) { if (WARN_ON_ONCE(known && (smin_val != smax_val))) {
print_verifier_state(&env->cur_state); print_verifier_state(env, &env->cur_state);
verbose("verifier internal error: known but bad sbounds\n"); verbose(env,
"verifier internal error: known but bad sbounds\n");
return -EINVAL; return -EINVAL;
} }
if (WARN_ON_ONCE(known && (umin_val != umax_val))) { if (WARN_ON_ONCE(known && (umin_val != umax_val))) {
print_verifier_state(&env->cur_state); print_verifier_state(env, &env->cur_state);
verbose("verifier internal error: known but bad ubounds\n"); verbose(env,
"verifier internal error: known but bad ubounds\n");
return -EINVAL; return -EINVAL;
} }
if (BPF_CLASS(insn->code) != BPF_ALU64) { if (BPF_CLASS(insn->code) != BPF_ALU64) {
/* 32-bit ALU ops on pointers produce (meaningless) scalars */ /* 32-bit ALU ops on pointers produce (meaningless) scalars */
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d 32-bit pointer arithmetic prohibited\n", verbose(env,
"R%d 32-bit pointer arithmetic prohibited\n",
dst); dst);
return -EACCES; return -EACCES;
} }
if (ptr_reg->type == PTR_TO_MAP_VALUE_OR_NULL) { if (ptr_reg->type == PTR_TO_MAP_VALUE_OR_NULL) {
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d pointer arithmetic on PTR_TO_MAP_VALUE_OR_NULL prohibited, null-check it first\n", verbose(env, "R%d pointer arithmetic on PTR_TO_MAP_VALUE_OR_NULL prohibited, null-check it first\n",
dst); dst);
return -EACCES; return -EACCES;
} }
if (ptr_reg->type == CONST_PTR_TO_MAP) { if (ptr_reg->type == CONST_PTR_TO_MAP) {
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d pointer arithmetic on CONST_PTR_TO_MAP prohibited\n", verbose(env, "R%d pointer arithmetic on CONST_PTR_TO_MAP prohibited\n",
dst); dst);
return -EACCES; return -EACCES;
} }
if (ptr_reg->type == PTR_TO_PACKET_END) { if (ptr_reg->type == PTR_TO_PACKET_END) {
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d pointer arithmetic on PTR_TO_PACKET_END prohibited\n", verbose(env, "R%d pointer arithmetic on PTR_TO_PACKET_END prohibited\n",
dst); dst);
return -EACCES; return -EACCES;
} }
...@@ -1942,7 +1784,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, ...@@ -1942,7 +1784,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
if (dst_reg == off_reg) { if (dst_reg == off_reg) {
/* scalar -= pointer. Creates an unknown scalar */ /* scalar -= pointer. Creates an unknown scalar */
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d tried to subtract pointer from scalar\n", verbose(env, "R%d tried to subtract pointer from scalar\n",
dst); dst);
return -EACCES; return -EACCES;
} }
...@@ -1952,7 +1794,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, ...@@ -1952,7 +1794,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
*/ */
if (ptr_reg->type == PTR_TO_STACK) { if (ptr_reg->type == PTR_TO_STACK) {
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d subtraction from stack pointer prohibited\n", verbose(env, "R%d subtraction from stack pointer prohibited\n",
dst); dst);
return -EACCES; return -EACCES;
} }
...@@ -2007,13 +1849,13 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, ...@@ -2007,13 +1849,13 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
* ptr &= ~3 which would reduce min_value by 3.) * ptr &= ~3 which would reduce min_value by 3.)
*/ */
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d bitwise operator %s on pointer prohibited\n", verbose(env, "R%d bitwise operator %s on pointer prohibited\n",
dst, bpf_alu_string[opcode >> 4]); dst, bpf_alu_string[opcode >> 4]);
return -EACCES; return -EACCES;
default: default:
/* other operators (e.g. MUL,LSH) produce non-pointer results */ /* other operators (e.g. MUL,LSH) produce non-pointer results */
if (!env->allow_ptr_leaks) if (!env->allow_ptr_leaks)
verbose("R%d pointer arithmetic with %s operator prohibited\n", verbose(env, "R%d pointer arithmetic with %s operator prohibited\n",
dst, bpf_alu_string[opcode >> 4]); dst, bpf_alu_string[opcode >> 4]);
return -EACCES; return -EACCES;
} }
...@@ -2179,7 +2021,7 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, ...@@ -2179,7 +2021,7 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env,
/* Shifts greater than 63 are undefined. This includes /* Shifts greater than 63 are undefined. This includes
* shifts by a negative number. * shifts by a negative number.
*/ */
mark_reg_unknown(regs, insn->dst_reg); mark_reg_unknown(env, regs, insn->dst_reg);
break; break;
} }
/* We lose all sign bit information (except what we can pick /* We lose all sign bit information (except what we can pick
...@@ -2207,7 +2049,7 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, ...@@ -2207,7 +2049,7 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env,
/* Shifts greater than 63 are undefined. This includes /* Shifts greater than 63 are undefined. This includes
* shifts by a negative number. * shifts by a negative number.
*/ */
mark_reg_unknown(regs, insn->dst_reg); mark_reg_unknown(env, regs, insn->dst_reg);
break; break;
} }
/* BPF_RSH is an unsigned shift, so make the appropriate casts */ /* BPF_RSH is an unsigned shift, so make the appropriate casts */
...@@ -2235,7 +2077,7 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, ...@@ -2235,7 +2077,7 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env,
__update_reg_bounds(dst_reg); __update_reg_bounds(dst_reg);
break; break;
default: default:
mark_reg_unknown(regs, insn->dst_reg); mark_reg_unknown(env, regs, insn->dst_reg);
break; break;
} }
...@@ -2267,12 +2109,12 @@ static int adjust_reg_min_max_vals(struct bpf_verifier_env *env, ...@@ -2267,12 +2109,12 @@ static int adjust_reg_min_max_vals(struct bpf_verifier_env *env,
* an arbitrary scalar. * an arbitrary scalar.
*/ */
if (!env->allow_ptr_leaks) { if (!env->allow_ptr_leaks) {
verbose("R%d pointer %s pointer prohibited\n", verbose(env, "R%d pointer %s pointer prohibited\n",
insn->dst_reg, insn->dst_reg,
bpf_alu_string[opcode >> 4]); bpf_alu_string[opcode >> 4]);
return -EACCES; return -EACCES;
} }
mark_reg_unknown(regs, insn->dst_reg); mark_reg_unknown(env, regs, insn->dst_reg);
return 0; return 0;
} else { } else {
/* scalar += pointer /* scalar += pointer
...@@ -2324,13 +2166,13 @@ static int adjust_reg_min_max_vals(struct bpf_verifier_env *env, ...@@ -2324,13 +2166,13 @@ static int adjust_reg_min_max_vals(struct bpf_verifier_env *env,
/* Got here implies adding two SCALAR_VALUEs */ /* Got here implies adding two SCALAR_VALUEs */
if (WARN_ON_ONCE(ptr_reg)) { if (WARN_ON_ONCE(ptr_reg)) {
print_verifier_state(&env->cur_state); print_verifier_state(env, &env->cur_state);
verbose("verifier internal error: unexpected ptr_reg\n"); verbose(env, "verifier internal error: unexpected ptr_reg\n");
return -EINVAL; return -EINVAL;
} }
if (WARN_ON(!src_reg)) { if (WARN_ON(!src_reg)) {
print_verifier_state(&env->cur_state); print_verifier_state(env, &env->cur_state);
verbose("verifier internal error: no src_reg\n"); verbose(env, "verifier internal error: no src_reg\n");
return -EINVAL; return -EINVAL;
} }
return adjust_scalar_min_max_vals(env, insn, dst_reg, *src_reg); return adjust_scalar_min_max_vals(env, insn, dst_reg, *src_reg);
...@@ -2348,14 +2190,14 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2348,14 +2190,14 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
if (BPF_SRC(insn->code) != 0 || if (BPF_SRC(insn->code) != 0 ||
insn->src_reg != BPF_REG_0 || insn->src_reg != BPF_REG_0 ||
insn->off != 0 || insn->imm != 0) { insn->off != 0 || insn->imm != 0) {
verbose("BPF_NEG uses reserved fields\n"); verbose(env, "BPF_NEG uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
} else { } else {
if (insn->src_reg != BPF_REG_0 || insn->off != 0 || if (insn->src_reg != BPF_REG_0 || insn->off != 0 ||
(insn->imm != 16 && insn->imm != 32 && insn->imm != 64) || (insn->imm != 16 && insn->imm != 32 && insn->imm != 64) ||
BPF_CLASS(insn->code) == BPF_ALU64) { BPF_CLASS(insn->code) == BPF_ALU64) {
verbose("BPF_END uses reserved fields\n"); verbose(env, "BPF_END uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
} }
...@@ -2366,7 +2208,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2366,7 +2208,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
return err; return err;
if (is_pointer_value(env, insn->dst_reg)) { if (is_pointer_value(env, insn->dst_reg)) {
verbose("R%d pointer arithmetic prohibited\n", verbose(env, "R%d pointer arithmetic prohibited\n",
insn->dst_reg); insn->dst_reg);
return -EACCES; return -EACCES;
} }
...@@ -2380,7 +2222,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2380,7 +2222,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
if (BPF_SRC(insn->code) == BPF_X) { if (BPF_SRC(insn->code) == BPF_X) {
if (insn->imm != 0 || insn->off != 0) { if (insn->imm != 0 || insn->off != 0) {
verbose("BPF_MOV uses reserved fields\n"); verbose(env, "BPF_MOV uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -2390,7 +2232,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2390,7 +2232,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
return err; return err;
} else { } else {
if (insn->src_reg != BPF_REG_0 || insn->off != 0) { if (insn->src_reg != BPF_REG_0 || insn->off != 0) {
verbose("BPF_MOV uses reserved fields\n"); verbose(env, "BPF_MOV uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
} }
...@@ -2410,11 +2252,12 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2410,11 +2252,12 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
} else { } else {
/* R1 = (u32) R2 */ /* R1 = (u32) R2 */
if (is_pointer_value(env, insn->src_reg)) { if (is_pointer_value(env, insn->src_reg)) {
verbose("R%d partial copy of pointer\n", verbose(env,
"R%d partial copy of pointer\n",
insn->src_reg); insn->src_reg);
return -EACCES; return -EACCES;
} }
mark_reg_unknown(regs, insn->dst_reg); mark_reg_unknown(env, regs, insn->dst_reg);
/* high 32 bits are known zero. */ /* high 32 bits are known zero. */
regs[insn->dst_reg].var_off = tnum_cast( regs[insn->dst_reg].var_off = tnum_cast(
regs[insn->dst_reg].var_off, 4); regs[insn->dst_reg].var_off, 4);
...@@ -2429,14 +2272,14 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2429,14 +2272,14 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
} }
} else if (opcode > BPF_END) { } else if (opcode > BPF_END) {
verbose("invalid BPF_ALU opcode %x\n", opcode); verbose(env, "invalid BPF_ALU opcode %x\n", opcode);
return -EINVAL; return -EINVAL;
} else { /* all other ALU ops: and, sub, xor, add, ... */ } else { /* all other ALU ops: and, sub, xor, add, ... */
if (BPF_SRC(insn->code) == BPF_X) { if (BPF_SRC(insn->code) == BPF_X) {
if (insn->imm != 0 || insn->off != 0) { if (insn->imm != 0 || insn->off != 0) {
verbose("BPF_ALU uses reserved fields\n"); verbose(env, "BPF_ALU uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
/* check src1 operand */ /* check src1 operand */
...@@ -2445,7 +2288,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2445,7 +2288,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
return err; return err;
} else { } else {
if (insn->src_reg != BPF_REG_0 || insn->off != 0) { if (insn->src_reg != BPF_REG_0 || insn->off != 0) {
verbose("BPF_ALU uses reserved fields\n"); verbose(env, "BPF_ALU uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
} }
...@@ -2457,7 +2300,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2457,7 +2300,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
if ((opcode == BPF_MOD || opcode == BPF_DIV) && if ((opcode == BPF_MOD || opcode == BPF_DIV) &&
BPF_SRC(insn->code) == BPF_K && insn->imm == 0) { BPF_SRC(insn->code) == BPF_K && insn->imm == 0) {
verbose("div by zero\n"); verbose(env, "div by zero\n");
return -EINVAL; return -EINVAL;
} }
...@@ -2466,7 +2309,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2466,7 +2309,7 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
int size = BPF_CLASS(insn->code) == BPF_ALU64 ? 64 : 32; int size = BPF_CLASS(insn->code) == BPF_ALU64 ? 64 : 32;
if (insn->imm < 0 || insn->imm >= size) { if (insn->imm < 0 || insn->imm >= size) {
verbose("invalid shift %d\n", insn->imm); verbose(env, "invalid shift %d\n", insn->imm);
return -EINVAL; return -EINVAL;
} }
} }
...@@ -2819,13 +2662,13 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, ...@@ -2819,13 +2662,13 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
int err; int err;
if (opcode > BPF_JSLE) { if (opcode > BPF_JSLE) {
verbose("invalid BPF_JMP opcode %x\n", opcode); verbose(env, "invalid BPF_JMP opcode %x\n", opcode);
return -EINVAL; return -EINVAL;
} }
if (BPF_SRC(insn->code) == BPF_X) { if (BPF_SRC(insn->code) == BPF_X) {
if (insn->imm != 0) { if (insn->imm != 0) {
verbose("BPF_JMP uses reserved fields\n"); verbose(env, "BPF_JMP uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -2835,13 +2678,13 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, ...@@ -2835,13 +2678,13 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
return err; return err;
if (is_pointer_value(env, insn->src_reg)) { if (is_pointer_value(env, insn->src_reg)) {
verbose("R%d pointer comparison prohibited\n", verbose(env, "R%d pointer comparison prohibited\n",
insn->src_reg); insn->src_reg);
return -EACCES; return -EACCES;
} }
} else { } else {
if (insn->src_reg != BPF_REG_0) { if (insn->src_reg != BPF_REG_0) {
verbose("BPF_JMP uses reserved fields\n"); verbose(env, "BPF_JMP uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
} }
...@@ -2953,11 +2796,12 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, ...@@ -2953,11 +2796,12 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,
find_good_pkt_pointers(this_branch, &regs[insn->src_reg], find_good_pkt_pointers(this_branch, &regs[insn->src_reg],
PTR_TO_PACKET_META); PTR_TO_PACKET_META);
} else if (is_pointer_value(env, insn->dst_reg)) { } else if (is_pointer_value(env, insn->dst_reg)) {
verbose("R%d pointer comparison prohibited\n", insn->dst_reg); verbose(env, "R%d pointer comparison prohibited\n",
insn->dst_reg);
return -EACCES; return -EACCES;
} }
if (log_level) if (env->log.level)
print_verifier_state(this_branch); print_verifier_state(env, this_branch);
return 0; return 0;
} }
...@@ -2976,11 +2820,11 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -2976,11 +2820,11 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn)
int err; int err;
if (BPF_SIZE(insn->code) != BPF_DW) { if (BPF_SIZE(insn->code) != BPF_DW) {
verbose("invalid BPF_LD_IMM insn\n"); verbose(env, "invalid BPF_LD_IMM insn\n");
return -EINVAL; return -EINVAL;
} }
if (insn->off != 0) { if (insn->off != 0) {
verbose("BPF_LD_IMM64 uses reserved fields\n"); verbose(env, "BPF_LD_IMM64 uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -3038,14 +2882,14 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -3038,14 +2882,14 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn)
int i, err; int i, err;
if (!may_access_skb(env->prog->type)) { if (!may_access_skb(env->prog->type)) {
verbose("BPF_LD_[ABS|IND] instructions not allowed for this program type\n"); verbose(env, "BPF_LD_[ABS|IND] instructions not allowed for this program type\n");
return -EINVAL; return -EINVAL;
} }
if (insn->dst_reg != BPF_REG_0 || insn->off != 0 || if (insn->dst_reg != BPF_REG_0 || insn->off != 0 ||
BPF_SIZE(insn->code) == BPF_DW || BPF_SIZE(insn->code) == BPF_DW ||
(mode == BPF_ABS && insn->src_reg != BPF_REG_0)) { (mode == BPF_ABS && insn->src_reg != BPF_REG_0)) {
verbose("BPF_LD_[ABS|IND] uses reserved fields\n"); verbose(env, "BPF_LD_[ABS|IND] uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -3055,7 +2899,8 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -3055,7 +2899,8 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn)
return err; return err;
if (regs[BPF_REG_6].type != PTR_TO_CTX) { if (regs[BPF_REG_6].type != PTR_TO_CTX) {
verbose("at the time of BPF_LD_ABS|IND R6 != pointer to skb\n"); verbose(env,
"at the time of BPF_LD_ABS|IND R6 != pointer to skb\n");
return -EINVAL; return -EINVAL;
} }
...@@ -3068,7 +2913,7 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -3068,7 +2913,7 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn)
/* reset caller saved regs to unreadable */ /* reset caller saved regs to unreadable */
for (i = 0; i < CALLER_SAVED_REGS; i++) { for (i = 0; i < CALLER_SAVED_REGS; i++) {
mark_reg_not_init(regs, caller_saved[i]); mark_reg_not_init(env, regs, caller_saved[i]);
check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK); check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK);
} }
...@@ -3076,7 +2921,7 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn) ...@@ -3076,7 +2921,7 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn)
* the value fetched from the packet. * the value fetched from the packet.
* Already marked as written above. * Already marked as written above.
*/ */
mark_reg_unknown(regs, BPF_REG_0); mark_reg_unknown(env, regs, BPF_REG_0);
return 0; return 0;
} }
...@@ -3096,22 +2941,22 @@ static int check_return_code(struct bpf_verifier_env *env) ...@@ -3096,22 +2941,22 @@ static int check_return_code(struct bpf_verifier_env *env)
reg = &env->cur_state.regs[BPF_REG_0]; reg = &env->cur_state.regs[BPF_REG_0];
if (reg->type != SCALAR_VALUE) { if (reg->type != SCALAR_VALUE) {
verbose("At program exit the register R0 is not a known value (%s)\n", verbose(env, "At program exit the register R0 is not a known value (%s)\n",
reg_type_str[reg->type]); reg_type_str[reg->type]);
return -EINVAL; return -EINVAL;
} }
if (!tnum_in(range, reg->var_off)) { if (!tnum_in(range, reg->var_off)) {
verbose("At program exit the register R0 "); verbose(env, "At program exit the register R0 ");
if (!tnum_is_unknown(reg->var_off)) { if (!tnum_is_unknown(reg->var_off)) {
char tn_buf[48]; char tn_buf[48];
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off); tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
verbose("has value %s", tn_buf); verbose(env, "has value %s", tn_buf);
} else { } else {
verbose("has unknown scalar value"); verbose(env, "has unknown scalar value");
} }
verbose(" should have been 0 or 1\n"); verbose(env, " should have been 0 or 1\n");
return -EINVAL; return -EINVAL;
} }
return 0; return 0;
...@@ -3177,7 +3022,7 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env) ...@@ -3177,7 +3022,7 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env)
return 0; return 0;
if (w < 0 || w >= env->prog->len) { if (w < 0 || w >= env->prog->len) {
verbose("jump out of range from insn %d to %d\n", t, w); verbose(env, "jump out of range from insn %d to %d\n", t, w);
return -EINVAL; return -EINVAL;
} }
...@@ -3194,13 +3039,13 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env) ...@@ -3194,13 +3039,13 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env)
insn_stack[cur_stack++] = w; insn_stack[cur_stack++] = w;
return 1; return 1;
} else if ((insn_state[w] & 0xF0) == DISCOVERED) { } else if ((insn_state[w] & 0xF0) == DISCOVERED) {
verbose("back-edge from insn %d to %d\n", t, w); verbose(env, "back-edge from insn %d to %d\n", t, w);
return -EINVAL; return -EINVAL;
} else if (insn_state[w] == EXPLORED) { } else if (insn_state[w] == EXPLORED) {
/* forward- or cross-edge */ /* forward- or cross-edge */
insn_state[t] = DISCOVERED | e; insn_state[t] = DISCOVERED | e;
} else { } else {
verbose("insn state internal bug\n"); verbose(env, "insn state internal bug\n");
return -EFAULT; return -EFAULT;
} }
return 0; return 0;
...@@ -3294,7 +3139,7 @@ static int check_cfg(struct bpf_verifier_env *env) ...@@ -3294,7 +3139,7 @@ static int check_cfg(struct bpf_verifier_env *env)
mark_explored: mark_explored:
insn_state[t] = EXPLORED; insn_state[t] = EXPLORED;
if (cur_stack-- <= 0) { if (cur_stack-- <= 0) {
verbose("pop stack internal bug\n"); verbose(env, "pop stack internal bug\n");
ret = -EFAULT; ret = -EFAULT;
goto err_free; goto err_free;
} }
...@@ -3303,7 +3148,7 @@ static int check_cfg(struct bpf_verifier_env *env) ...@@ -3303,7 +3148,7 @@ static int check_cfg(struct bpf_verifier_env *env)
check_state: check_state:
for (i = 0; i < insn_cnt; i++) { for (i = 0; i < insn_cnt; i++) {
if (insn_state[i] != EXPLORED) { if (insn_state[i] != EXPLORED) {
verbose("unreachable insn %d\n", i); verbose(env, "unreachable insn %d\n", i);
ret = -EINVAL; ret = -EINVAL;
goto err_free; goto err_free;
} }
...@@ -3684,7 +3529,7 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3684,7 +3529,7 @@ static int do_check(struct bpf_verifier_env *env)
int insn_processed = 0; int insn_processed = 0;
bool do_print_state = false; bool do_print_state = false;
init_reg_state(regs); init_reg_state(env, regs);
state->parent = NULL; state->parent = NULL;
insn_idx = 0; insn_idx = 0;
for (;;) { for (;;) {
...@@ -3693,7 +3538,7 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3693,7 +3538,7 @@ static int do_check(struct bpf_verifier_env *env)
int err; int err;
if (insn_idx >= insn_cnt) { if (insn_idx >= insn_cnt) {
verbose("invalid insn idx %d insn_cnt %d\n", verbose(env, "invalid insn idx %d insn_cnt %d\n",
insn_idx, insn_cnt); insn_idx, insn_cnt);
return -EFAULT; return -EFAULT;
} }
...@@ -3702,7 +3547,8 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3702,7 +3547,8 @@ static int do_check(struct bpf_verifier_env *env)
class = BPF_CLASS(insn->code); class = BPF_CLASS(insn->code);
if (++insn_processed > BPF_COMPLEXITY_LIMIT_INSNS) { if (++insn_processed > BPF_COMPLEXITY_LIMIT_INSNS) {
verbose("BPF program is too large. Processed %d insn\n", verbose(env,
"BPF program is too large. Processed %d insn\n",
insn_processed); insn_processed);
return -E2BIG; return -E2BIG;
} }
...@@ -3712,12 +3558,12 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3712,12 +3558,12 @@ static int do_check(struct bpf_verifier_env *env)
return err; return err;
if (err == 1) { if (err == 1) {
/* found equivalent state, can prune the search */ /* found equivalent state, can prune the search */
if (log_level) { if (env->log.level) {
if (do_print_state) if (do_print_state)
verbose("\nfrom %d to %d: safe\n", verbose(env, "\nfrom %d to %d: safe\n",
prev_insn_idx, insn_idx); prev_insn_idx, insn_idx);
else else
verbose("%d: safe\n", insn_idx); verbose(env, "%d: safe\n", insn_idx);
} }
goto process_bpf_exit; goto process_bpf_exit;
} }
...@@ -3725,19 +3571,20 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3725,19 +3571,20 @@ static int do_check(struct bpf_verifier_env *env)
if (need_resched()) if (need_resched())
cond_resched(); cond_resched();
if (log_level > 1 || (log_level && do_print_state)) { if (env->log.level > 1 || (env->log.level && do_print_state)) {
if (log_level > 1) if (env->log.level > 1)
verbose("%d:", insn_idx); verbose(env, "%d:", insn_idx);
else else
verbose("\nfrom %d to %d:", verbose(env, "\nfrom %d to %d:",
prev_insn_idx, insn_idx); prev_insn_idx, insn_idx);
print_verifier_state(&env->cur_state); print_verifier_state(env, &env->cur_state);
do_print_state = false; do_print_state = false;
} }
if (log_level) { if (env->log.level) {
verbose("%d: ", insn_idx); verbose(env, "%d: ", insn_idx);
print_bpf_insn(env, insn); print_bpf_insn(verbose, env, insn,
env->allow_ptr_leaks);
} }
err = ext_analyzer_insn_hook(env, insn_idx, prev_insn_idx); err = ext_analyzer_insn_hook(env, insn_idx, prev_insn_idx);
...@@ -3793,7 +3640,7 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3793,7 +3640,7 @@ static int do_check(struct bpf_verifier_env *env)
* src_reg == stack|map in some other branch. * src_reg == stack|map in some other branch.
* Reject it. * Reject it.
*/ */
verbose("same insn cannot be used with different pointers\n"); verbose(env, "same insn cannot be used with different pointers\n");
return -EINVAL; return -EINVAL;
} }
...@@ -3833,14 +3680,14 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3833,14 +3680,14 @@ static int do_check(struct bpf_verifier_env *env)
} else if (dst_reg_type != *prev_dst_type && } else if (dst_reg_type != *prev_dst_type &&
(dst_reg_type == PTR_TO_CTX || (dst_reg_type == PTR_TO_CTX ||
*prev_dst_type == PTR_TO_CTX)) { *prev_dst_type == PTR_TO_CTX)) {
verbose("same insn cannot be used with different pointers\n"); verbose(env, "same insn cannot be used with different pointers\n");
return -EINVAL; return -EINVAL;
} }
} else if (class == BPF_ST) { } else if (class == BPF_ST) {
if (BPF_MODE(insn->code) != BPF_MEM || if (BPF_MODE(insn->code) != BPF_MEM ||
insn->src_reg != BPF_REG_0) { insn->src_reg != BPF_REG_0) {
verbose("BPF_ST uses reserved fields\n"); verbose(env, "BPF_ST uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
/* check src operand */ /* check src operand */
...@@ -3863,7 +3710,7 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3863,7 +3710,7 @@ static int do_check(struct bpf_verifier_env *env)
insn->off != 0 || insn->off != 0 ||
insn->src_reg != BPF_REG_0 || insn->src_reg != BPF_REG_0 ||
insn->dst_reg != BPF_REG_0) { insn->dst_reg != BPF_REG_0) {
verbose("BPF_CALL uses reserved fields\n"); verbose(env, "BPF_CALL uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -3876,7 +3723,7 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3876,7 +3723,7 @@ static int do_check(struct bpf_verifier_env *env)
insn->imm != 0 || insn->imm != 0 ||
insn->src_reg != BPF_REG_0 || insn->src_reg != BPF_REG_0 ||
insn->dst_reg != BPF_REG_0) { insn->dst_reg != BPF_REG_0) {
verbose("BPF_JA uses reserved fields\n"); verbose(env, "BPF_JA uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -3888,7 +3735,7 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3888,7 +3735,7 @@ static int do_check(struct bpf_verifier_env *env)
insn->imm != 0 || insn->imm != 0 ||
insn->src_reg != BPF_REG_0 || insn->src_reg != BPF_REG_0 ||
insn->dst_reg != BPF_REG_0) { insn->dst_reg != BPF_REG_0) {
verbose("BPF_EXIT uses reserved fields\n"); verbose(env, "BPF_EXIT uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -3903,7 +3750,7 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3903,7 +3750,7 @@ static int do_check(struct bpf_verifier_env *env)
return err; return err;
if (is_pointer_value(env, BPF_REG_0)) { if (is_pointer_value(env, BPF_REG_0)) {
verbose("R0 leaks addr as return value\n"); verbose(env, "R0 leaks addr as return value\n");
return -EACCES; return -EACCES;
} }
...@@ -3938,19 +3785,19 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -3938,19 +3785,19 @@ static int do_check(struct bpf_verifier_env *env)
insn_idx++; insn_idx++;
} else { } else {
verbose("invalid BPF_LD mode\n"); verbose(env, "invalid BPF_LD mode\n");
return -EINVAL; return -EINVAL;
} }
} else { } else {
verbose("unknown insn class %d\n", class); verbose(env, "unknown insn class %d\n", class);
return -EINVAL; return -EINVAL;
} }
insn_idx++; insn_idx++;
} }
verbose("processed %d insns, stack depth %d\n", verbose(env, "processed %d insns, stack depth %d\n", insn_processed,
insn_processed, env->prog->aux->stack_depth); env->prog->aux->stack_depth);
return 0; return 0;
} }
...@@ -3962,7 +3809,8 @@ static int check_map_prealloc(struct bpf_map *map) ...@@ -3962,7 +3809,8 @@ static int check_map_prealloc(struct bpf_map *map)
!(map->map_flags & BPF_F_NO_PREALLOC); !(map->map_flags & BPF_F_NO_PREALLOC);
} }
static int check_map_prog_compatibility(struct bpf_map *map, static int check_map_prog_compatibility(struct bpf_verifier_env *env,
struct bpf_map *map,
struct bpf_prog *prog) struct bpf_prog *prog)
{ {
...@@ -3973,12 +3821,12 @@ static int check_map_prog_compatibility(struct bpf_map *map, ...@@ -3973,12 +3821,12 @@ static int check_map_prog_compatibility(struct bpf_map *map,
*/ */
if (prog->type == BPF_PROG_TYPE_PERF_EVENT) { if (prog->type == BPF_PROG_TYPE_PERF_EVENT) {
if (!check_map_prealloc(map)) { if (!check_map_prealloc(map)) {
verbose("perf_event programs can only use preallocated hash map\n"); verbose(env, "perf_event programs can only use preallocated hash map\n");
return -EINVAL; return -EINVAL;
} }
if (map->inner_map_meta && if (map->inner_map_meta &&
!check_map_prealloc(map->inner_map_meta)) { !check_map_prealloc(map->inner_map_meta)) {
verbose("perf_event programs can only use preallocated inner hash map\n"); verbose(env, "perf_event programs can only use preallocated inner hash map\n");
return -EINVAL; return -EINVAL;
} }
} }
...@@ -4001,14 +3849,14 @@ static int replace_map_fd_with_map_ptr(struct bpf_verifier_env *env) ...@@ -4001,14 +3849,14 @@ static int replace_map_fd_with_map_ptr(struct bpf_verifier_env *env)
for (i = 0; i < insn_cnt; i++, insn++) { for (i = 0; i < insn_cnt; i++, insn++) {
if (BPF_CLASS(insn->code) == BPF_LDX && if (BPF_CLASS(insn->code) == BPF_LDX &&
(BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) { (BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) {
verbose("BPF_LDX uses reserved fields\n"); verbose(env, "BPF_LDX uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
if (BPF_CLASS(insn->code) == BPF_STX && if (BPF_CLASS(insn->code) == BPF_STX &&
((BPF_MODE(insn->code) != BPF_MEM && ((BPF_MODE(insn->code) != BPF_MEM &&
BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) { BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) {
verbose("BPF_STX uses reserved fields\n"); verbose(env, "BPF_STX uses reserved fields\n");
return -EINVAL; return -EINVAL;
} }
...@@ -4019,7 +3867,7 @@ static int replace_map_fd_with_map_ptr(struct bpf_verifier_env *env) ...@@ -4019,7 +3867,7 @@ static int replace_map_fd_with_map_ptr(struct bpf_verifier_env *env)
if (i == insn_cnt - 1 || insn[1].code != 0 || if (i == insn_cnt - 1 || insn[1].code != 0 ||
insn[1].dst_reg != 0 || insn[1].src_reg != 0 || insn[1].dst_reg != 0 || insn[1].src_reg != 0 ||
insn[1].off != 0) { insn[1].off != 0) {
verbose("invalid bpf_ld_imm64 insn\n"); verbose(env, "invalid bpf_ld_imm64 insn\n");
return -EINVAL; return -EINVAL;
} }
...@@ -4028,19 +3876,20 @@ static int replace_map_fd_with_map_ptr(struct bpf_verifier_env *env) ...@@ -4028,19 +3876,20 @@ static int replace_map_fd_with_map_ptr(struct bpf_verifier_env *env)
goto next_insn; goto next_insn;
if (insn->src_reg != BPF_PSEUDO_MAP_FD) { if (insn->src_reg != BPF_PSEUDO_MAP_FD) {
verbose("unrecognized bpf_ld_imm64 insn\n"); verbose(env,
"unrecognized bpf_ld_imm64 insn\n");
return -EINVAL; return -EINVAL;
} }
f = fdget(insn->imm); f = fdget(insn->imm);
map = __bpf_map_get(f); map = __bpf_map_get(f);
if (IS_ERR(map)) { if (IS_ERR(map)) {
verbose("fd %d is not pointing to valid bpf_map\n", verbose(env, "fd %d is not pointing to valid bpf_map\n",
insn->imm); insn->imm);
return PTR_ERR(map); return PTR_ERR(map);
} }
err = check_map_prog_compatibility(map, env->prog); err = check_map_prog_compatibility(env, map, env->prog);
if (err) { if (err) {
fdput(f); fdput(f);
return err; return err;
...@@ -4162,7 +4011,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) ...@@ -4162,7 +4011,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
cnt = ops->gen_prologue(insn_buf, env->seen_direct_write, cnt = ops->gen_prologue(insn_buf, env->seen_direct_write,
env->prog); env->prog);
if (cnt >= ARRAY_SIZE(insn_buf)) { if (cnt >= ARRAY_SIZE(insn_buf)) {
verbose("bpf verifier is misconfigured\n"); verbose(env, "bpf verifier is misconfigured\n");
return -EINVAL; return -EINVAL;
} else if (cnt) { } else if (cnt) {
new_prog = bpf_patch_insn_data(env, 0, insn_buf, cnt); new_prog = bpf_patch_insn_data(env, 0, insn_buf, cnt);
...@@ -4210,7 +4059,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) ...@@ -4210,7 +4059,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
u8 size_code; u8 size_code;
if (type == BPF_WRITE) { if (type == BPF_WRITE) {
verbose("bpf verifier narrow ctx access misconfigured\n"); verbose(env, "bpf verifier narrow ctx access misconfigured\n");
return -EINVAL; return -EINVAL;
} }
...@@ -4229,7 +4078,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) ...@@ -4229,7 +4078,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
&target_size); &target_size);
if (cnt == 0 || cnt >= ARRAY_SIZE(insn_buf) || if (cnt == 0 || cnt >= ARRAY_SIZE(insn_buf) ||
(ctx_field_size && !target_size)) { (ctx_field_size && !target_size)) {
verbose("bpf verifier is misconfigured\n"); verbose(env, "bpf verifier is misconfigured\n");
return -EINVAL; return -EINVAL;
} }
...@@ -4311,7 +4160,7 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env) ...@@ -4311,7 +4160,7 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
cnt = map_ptr->ops->map_gen_lookup(map_ptr, insn_buf); cnt = map_ptr->ops->map_gen_lookup(map_ptr, insn_buf);
if (cnt == 0 || cnt >= ARRAY_SIZE(insn_buf)) { if (cnt == 0 || cnt >= ARRAY_SIZE(insn_buf)) {
verbose("bpf verifier is misconfigured\n"); verbose(env, "bpf verifier is misconfigured\n");
return -EINVAL; return -EINVAL;
} }
...@@ -4355,7 +4204,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env) ...@@ -4355,7 +4204,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
* programs to call them, must be real in-kernel functions * programs to call them, must be real in-kernel functions
*/ */
if (!fn->func) { if (!fn->func) {
verbose("kernel subsystem misconfigured func %s#%d\n", verbose(env,
"kernel subsystem misconfigured func %s#%d\n",
func_id_name(insn->imm), insn->imm); func_id_name(insn->imm), insn->imm);
return -EFAULT; return -EFAULT;
} }
...@@ -4389,8 +4239,8 @@ static void free_states(struct bpf_verifier_env *env) ...@@ -4389,8 +4239,8 @@ static void free_states(struct bpf_verifier_env *env)
int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
{ {
char __user *log_ubuf = NULL;
struct bpf_verifier_env *env; struct bpf_verifier_env *env;
struct bpf_verifer_log *log;
int ret = -EINVAL; int ret = -EINVAL;
/* 'struct bpf_verifier_env' can be global, but since it's not small, /* 'struct bpf_verifier_env' can be global, but since it's not small,
...@@ -4399,6 +4249,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) ...@@ -4399,6 +4249,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
env = kzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL); env = kzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
if (!env) if (!env)
return -ENOMEM; return -ENOMEM;
log = &env->log;
env->insn_aux_data = vzalloc(sizeof(struct bpf_insn_aux_data) * env->insn_aux_data = vzalloc(sizeof(struct bpf_insn_aux_data) *
(*prog)->len); (*prog)->len);
...@@ -4414,23 +4265,15 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) ...@@ -4414,23 +4265,15 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
/* user requested verbose verifier output /* user requested verbose verifier output
* and supplied buffer to store the verification trace * and supplied buffer to store the verification trace
*/ */
log_level = attr->log_level; log->level = attr->log_level;
log_ubuf = (char __user *) (unsigned long) attr->log_buf; log->ubuf = (char __user *) (unsigned long) attr->log_buf;
log_size = attr->log_size; log->len_total = attr->log_size;
log_len = 0;
ret = -EINVAL; ret = -EINVAL;
/* log_* values have to be sane */ /* log attributes have to be sane */
if (log_size < 128 || log_size > UINT_MAX >> 8 || if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
log_level == 0 || log_ubuf == NULL) !log->level || !log->ubuf)
goto err_unlock;
ret = -ENOMEM;
log_buf = vmalloc(log_size);
if (!log_buf)
goto err_unlock; goto err_unlock;
} else {
log_level = 0;
} }
env->strict_alignment = !!(attr->prog_flags & BPF_F_STRICT_ALIGNMENT); env->strict_alignment = !!(attr->prog_flags & BPF_F_STRICT_ALIGNMENT);
...@@ -4467,17 +4310,11 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) ...@@ -4467,17 +4310,11 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
if (ret == 0) if (ret == 0)
ret = fixup_bpf_calls(env); ret = fixup_bpf_calls(env);
if (log_level && log_len >= log_size - 1) { if (log->level && bpf_verifier_log_full(log))
BUG_ON(log_len >= log_size);
/* verifier log exceeded user supplied buffer */
ret = -ENOSPC; ret = -ENOSPC;
/* fall through to return what was recorded */ if (log->level && !log->ubuf) {
}
/* copy verifier log back to user space including trailing zero */
if (log_level && copy_to_user(log_ubuf, log_buf, log_len + 1) != 0) {
ret = -EFAULT; ret = -EFAULT;
goto free_log_buf; goto err_release_maps;
} }
if (ret == 0 && env->used_map_cnt) { if (ret == 0 && env->used_map_cnt) {
...@@ -4488,7 +4325,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) ...@@ -4488,7 +4325,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
if (!env->prog->aux->used_maps) { if (!env->prog->aux->used_maps) {
ret = -ENOMEM; ret = -ENOMEM;
goto free_log_buf; goto err_release_maps;
} }
memcpy(env->prog->aux->used_maps, env->used_maps, memcpy(env->prog->aux->used_maps, env->used_maps,
...@@ -4501,9 +4338,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) ...@@ -4501,9 +4338,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
convert_pseudo_ld_imm64(env); convert_pseudo_ld_imm64(env);
} }
free_log_buf: err_release_maps:
if (log_level)
vfree(log_buf);
if (!env->prog->aux->used_maps) if (!env->prog->aux->used_maps)
/* if we didn't copy map pointers into bpf_prog_info, release /* if we didn't copy map pointers into bpf_prog_info, release
* them now. Otherwise free_bpf_prog_info() will release them. * them now. Otherwise free_bpf_prog_info() will release them.
...@@ -4540,8 +4375,6 @@ int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops, ...@@ -4540,8 +4375,6 @@ int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
/* grab the mutex to protect few globals used by verifier */ /* grab the mutex to protect few globals used by verifier */
mutex_lock(&bpf_verifier_lock); mutex_lock(&bpf_verifier_lock);
log_level = 0;
env->strict_alignment = false; env->strict_alignment = false;
if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)) if (!IS_ENABLED(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS))
env->strict_alignment = true; env->strict_alignment = true;
......
...@@ -322,3 +322,19 @@ metadata_dst_alloc_percpu(u8 optslen, enum metadata_type type, gfp_t flags) ...@@ -322,3 +322,19 @@ metadata_dst_alloc_percpu(u8 optslen, enum metadata_type type, gfp_t flags)
return md_dst; return md_dst;
} }
EXPORT_SYMBOL_GPL(metadata_dst_alloc_percpu); EXPORT_SYMBOL_GPL(metadata_dst_alloc_percpu);
void metadata_dst_free_percpu(struct metadata_dst __percpu *md_dst)
{
int cpu;
#ifdef CONFIG_DST_CACHE
for_each_possible_cpu(cpu) {
struct metadata_dst *one_md_dst = per_cpu_ptr(md_dst, cpu);
if (one_md_dst->type == METADATA_IP_TUNNEL)
dst_cache_destroy(&one_md_dst->u.tun_info.dst_cache);
}
#endif
free_percpu(md_dst);
}
EXPORT_SYMBOL_GPL(metadata_dst_free_percpu);
...@@ -43,6 +43,7 @@ ...@@ -43,6 +43,7 @@
#include <linux/timer.h> #include <linux/timer.h>
#include <linux/uaccess.h> #include <linux/uaccess.h>
#include <asm/unaligned.h> #include <asm/unaligned.h>
#include <asm/cmpxchg.h>
#include <linux/filter.h> #include <linux/filter.h>
#include <linux/ratelimit.h> #include <linux/ratelimit.h>
#include <linux/seccomp.h> #include <linux/seccomp.h>
...@@ -2987,14 +2988,15 @@ static const struct bpf_func_proto * ...@@ -2987,14 +2988,15 @@ static const struct bpf_func_proto *
bpf_get_skb_set_tunnel_proto(enum bpf_func_id which) bpf_get_skb_set_tunnel_proto(enum bpf_func_id which)
{ {
if (!md_dst) { if (!md_dst) {
/* Race is not possible, since it's called from verifier struct metadata_dst __percpu *tmp;
* that is holding verifier mutex.
*/ tmp = metadata_dst_alloc_percpu(IP_TUNNEL_OPTS_MAX,
md_dst = metadata_dst_alloc_percpu(IP_TUNNEL_OPTS_MAX, METADATA_IP_TUNNEL,
METADATA_IP_TUNNEL, GFP_KERNEL);
GFP_KERNEL); if (!tmp)
if (!md_dst)
return NULL; return NULL;
if (cmpxchg(&md_dst, NULL, tmp))
metadata_dst_free_percpu(tmp);
} }
switch (which) { switch (which) {
......
...@@ -11,7 +11,7 @@ SYNOPSIS ...@@ -11,7 +11,7 @@ SYNOPSIS
======== ========
| **bpftool** prog show [*PROG*] | **bpftool** prog show [*PROG*]
| **bpftool** prog dump xlated *PROG* file *FILE* | **bpftool** prog dump xlated *PROG* [file *FILE*] [opcodes]
| **bpftool** prog dump jited *PROG* [file *FILE*] [opcodes] | **bpftool** prog dump jited *PROG* [file *FILE*] [opcodes]
| **bpftool** prog pin *PROG* *FILE* | **bpftool** prog pin *PROG* *FILE*
| **bpftool** prog help | **bpftool** prog help
...@@ -28,9 +28,12 @@ DESCRIPTION ...@@ -28,9 +28,12 @@ DESCRIPTION
Output will start with program ID followed by program type and Output will start with program ID followed by program type and
zero or more named attributes (depending on kernel version). zero or more named attributes (depending on kernel version).
**bpftool prog dump xlated** *PROG* **file** *FILE* **bpftool prog dump xlated** *PROG* [**file** *FILE*] [**opcodes**]
Dump eBPF instructions of the program from the kernel to a Dump eBPF instructions of the program from the kernel.
file. If *FILE* is specified image will be written to a file,
otherwise it will be disassembled and printed to stdout.
**opcodes** controls if raw opcodes will be printed.
**bpftool prog dump jited** *PROG* [**file** *FILE*] [**opcodes**] **bpftool prog dump jited** *PROG* [**file** *FILE*] [**opcodes**]
Dump jited image (host machine code) of the program. Dump jited image (host machine code) of the program.
......
...@@ -51,7 +51,7 @@ CC = gcc ...@@ -51,7 +51,7 @@ CC = gcc
CFLAGS += -O2 CFLAGS += -O2
CFLAGS += -W -Wall -Wextra -Wno-unused-parameter -Wshadow CFLAGS += -W -Wall -Wextra -Wno-unused-parameter -Wshadow
CFLAGS += -D__EXPORTED_HEADERS__ -I$(srctree)/tools/include/uapi -I$(srctree)/tools/include -I$(srctree)/tools/lib/bpf CFLAGS += -D__EXPORTED_HEADERS__ -I$(srctree)/tools/include/uapi -I$(srctree)/tools/include -I$(srctree)/tools/lib/bpf -I$(srctree)/kernel/bpf/
LIBS = -lelf -lbfd -lopcodes $(LIBBPF) LIBS = -lelf -lbfd -lopcodes $(LIBBPF)
include $(wildcard *.d) include $(wildcard *.d)
...@@ -59,7 +59,10 @@ include $(wildcard *.d) ...@@ -59,7 +59,10 @@ include $(wildcard *.d)
all: $(OUTPUT)bpftool all: $(OUTPUT)bpftool
SRCS=$(wildcard *.c) SRCS=$(wildcard *.c)
OBJS=$(patsubst %.c,$(OUTPUT)%.o,$(SRCS)) OBJS=$(patsubst %.c,$(OUTPUT)%.o,$(SRCS)) $(OUTPUT)disasm.o
$(OUTPUT)disasm.o: $(srctree)/kernel/bpf/disasm.c
$(QUIET_CC)$(COMPILE.c) -MMD -o $@ $<
$(OUTPUT)bpftool: $(OBJS) $(LIBBPF) $(OUTPUT)bpftool: $(OBJS) $(LIBBPF)
$(QUIET_LINK)$(CC) $(CFLAGS) -o $@ $^ $(LIBS) $(QUIET_LINK)$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
......
...@@ -36,11 +36,12 @@ ...@@ -36,11 +36,12 @@
#ifndef __BPF_TOOL_H #ifndef __BPF_TOOL_H
#define __BPF_TOOL_H #define __BPF_TOOL_H
/* BFD and kernel.h both define GCC_VERSION, differently */
#undef GCC_VERSION
#include <stdbool.h> #include <stdbool.h>
#include <stdio.h> #include <stdio.h>
#include <linux/bpf.h> #include <linux/bpf.h>
#include <linux/kernel.h>
#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
#define err(msg...) fprintf(stderr, "Error: " msg) #define err(msg...) fprintf(stderr, "Error: " msg)
#define warn(msg...) fprintf(stderr, "Warning: " msg) #define warn(msg...) fprintf(stderr, "Warning: " msg)
...@@ -48,11 +49,6 @@ ...@@ -48,11 +49,6 @@
#define ptr_to_u64(ptr) ((__u64)(unsigned long)(ptr)) #define ptr_to_u64(ptr) ((__u64)(unsigned long)(ptr))
#define min(a, b) \
({ typeof(a) _a = (a); typeof(b) _b = (b); _a > _b ? _b : _a; })
#define max(a, b) \
({ typeof(a) _a = (a); typeof(b) _b = (b); _a < _b ? _b : _a; })
#define NEXT_ARG() ({ argc--; argv++; if (argc < 0) usage(); }) #define NEXT_ARG() ({ argc--; argv++; if (argc < 0) usage(); })
#define NEXT_ARGP() ({ (*argc)--; (*argv)++; if (*argc < 0) usage(); }) #define NEXT_ARGP() ({ (*argc)--; (*argv)++; if (*argc < 0) usage(); })
#define BAD_ARG() ({ err("what is '%s'?\n", *argv); -1; }) #define BAD_ARG() ({ err("what is '%s'?\n", *argv); -1; })
......
...@@ -35,6 +35,7 @@ ...@@ -35,6 +35,7 @@
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <stdarg.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
...@@ -46,6 +47,7 @@ ...@@ -46,6 +47,7 @@
#include <bpf.h> #include <bpf.h>
#include "main.h" #include "main.h"
#include "disasm.h"
static const char * const prog_type_name[] = { static const char * const prog_type_name[] = {
[BPF_PROG_TYPE_UNSPEC] = "unspec", [BPF_PROG_TYPE_UNSPEC] = "unspec",
...@@ -297,11 +299,39 @@ static int do_show(int argc, char **argv) ...@@ -297,11 +299,39 @@ static int do_show(int argc, char **argv)
return 0; return 0;
} }
static void print_insn(struct bpf_verifier_env *env, const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
vprintf(fmt, args);
va_end(args);
}
static void dump_xlated(void *buf, unsigned int len, bool opcodes)
{
struct bpf_insn *insn = buf;
unsigned int i;
for (i = 0; i < len / sizeof(*insn); i++) {
printf("% 4d: ", i);
print_bpf_insn(print_insn, NULL, insn + i, true);
if (opcodes) {
printf(" ");
print_hex(insn + i, 8, " ");
printf("\n");
}
if (insn[i].code == (BPF_LD | BPF_IMM | BPF_DW))
i++;
}
}
static int do_dump(int argc, char **argv) static int do_dump(int argc, char **argv)
{ {
struct bpf_prog_info info = {}; struct bpf_prog_info info = {};
__u32 len = sizeof(info); __u32 len = sizeof(info);
bool can_disasm = false;
unsigned int buf_size; unsigned int buf_size;
char *filepath = NULL; char *filepath = NULL;
bool opcodes = false; bool opcodes = false;
...@@ -315,7 +345,6 @@ static int do_dump(int argc, char **argv) ...@@ -315,7 +345,6 @@ static int do_dump(int argc, char **argv)
if (is_prefix(*argv, "jited")) { if (is_prefix(*argv, "jited")) {
member_len = &info.jited_prog_len; member_len = &info.jited_prog_len;
member_ptr = &info.jited_prog_insns; member_ptr = &info.jited_prog_insns;
can_disasm = true;
} else if (is_prefix(*argv, "xlated")) { } else if (is_prefix(*argv, "xlated")) {
member_len = &info.xlated_prog_len; member_len = &info.xlated_prog_len;
member_ptr = &info.xlated_prog_insns; member_ptr = &info.xlated_prog_insns;
...@@ -346,10 +375,6 @@ static int do_dump(int argc, char **argv) ...@@ -346,10 +375,6 @@ static int do_dump(int argc, char **argv)
NEXT_ARG(); NEXT_ARG();
} }
if (!filepath && !can_disasm) {
err("expected 'file' got %s\n", *argv);
return -1;
}
if (argc) { if (argc) {
usage(); usage();
return -1; return -1;
...@@ -409,7 +434,10 @@ static int do_dump(int argc, char **argv) ...@@ -409,7 +434,10 @@ static int do_dump(int argc, char **argv)
goto err_free; goto err_free;
} }
} else { } else {
disasm_print_insn(buf, *member_len, opcodes); if (member_len == &info.jited_prog_len)
disasm_print_insn(buf, *member_len, opcodes);
else
dump_xlated(buf, *member_len, opcodes);
} }
free(buf); free(buf);
...@@ -430,7 +458,7 @@ static int do_help(int argc, char **argv) ...@@ -430,7 +458,7 @@ static int do_help(int argc, char **argv)
{ {
fprintf(stderr, fprintf(stderr,
"Usage: %s %s show [PROG]\n" "Usage: %s %s show [PROG]\n"
" %s %s dump xlated PROG file FILE\n" " %s %s dump xlated PROG [file FILE] [opcodes]\n"
" %s %s dump jited PROG [file FILE] [opcodes]\n" " %s %s dump jited PROG [file FILE] [opcodes]\n"
" %s %s pin PROG FILE\n" " %s %s pin PROG FILE\n"
" %s %s help\n" " %s %s help\n"
......
...@@ -12,7 +12,7 @@ CFLAGS += -Wall -O2 -I$(APIDIR) -I$(LIBDIR) -I$(GENDIR) $(GENFLAGS) -I../../../i ...@@ -12,7 +12,7 @@ CFLAGS += -Wall -O2 -I$(APIDIR) -I$(LIBDIR) -I$(GENDIR) $(GENFLAGS) -I../../../i
LDLIBS += -lcap -lelf LDLIBS += -lcap -lelf
TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test_progs \ TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test_progs \
test_align test_align test_verifier_log
TEST_GEN_FILES = test_pkt_access.o test_xdp.o test_l4lb.o test_tcp_estats.o test_obj_id.o \ TEST_GEN_FILES = test_pkt_access.o test_xdp.o test_l4lb.o test_tcp_estats.o test_obj_id.o \
test_pkt_md_access.o test_xdp_redirect.o test_xdp_meta.o sockmap_parse_prog.o \ test_pkt_md_access.o test_xdp_redirect.o test_xdp_meta.o sockmap_parse_prog.o \
......
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <linux/bpf.h>
#include <linux/filter.h>
#include <linux/unistd.h>
#include <bpf/bpf.h>
#define LOG_SIZE (1 << 20)
#define err(str...) printf("ERROR: " str)
static const struct bpf_insn code_sample[] = {
/* We need a few instructions to pass the min log length */
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
BPF_FUNC_map_lookup_elem),
BPF_EXIT_INSN(),
};
static inline __u64 ptr_to_u64(const void *ptr)
{
return (__u64) (unsigned long) ptr;
}
static int load(char *log, size_t log_len, int log_level)
{
union bpf_attr attr;
bzero(&attr, sizeof(attr));
attr.prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
attr.insn_cnt = (__u32)(sizeof(code_sample) / sizeof(struct bpf_insn));
attr.insns = ptr_to_u64(code_sample);
attr.license = ptr_to_u64("GPL");
attr.log_buf = ptr_to_u64(log);
attr.log_size = log_len;
attr.log_level = log_level;
return syscall(__NR_bpf, BPF_PROG_LOAD, &attr, sizeof(attr));
}
static void check_ret(int ret, int exp_errno)
{
if (ret > 0) {
close(ret);
err("broken sample loaded successfully!?\n");
exit(1);
}
if (!ret || errno != exp_errno) {
err("Program load returned: ret:%d/errno:%d, expected ret:%d/errno:%d\n",
ret, errno, -1, exp_errno);
exit(1);
}
}
static void check_ones(const char *buf, size_t len, const char *msg)
{
while (len--)
if (buf[len] != 1) {
err("%s", msg);
exit(1);
}
}
static void test_log_good(char *log, size_t buf_len, size_t log_len,
size_t exp_len, int exp_errno, const char *full_log)
{
size_t len;
int ret;
memset(log, 1, buf_len);
ret = load(log, log_len, 1);
check_ret(ret, exp_errno);
len = strnlen(log, buf_len);
if (len == buf_len) {
err("verifier did not NULL terminate the log\n");
exit(1);
}
if (exp_len && len != exp_len) {
err("incorrect log length expected:%zd have:%zd\n",
exp_len, len);
exit(1);
}
if (strchr(log, 1)) {
err("verifier leaked a byte through\n");
exit(1);
}
check_ones(log + len + 1, buf_len - len - 1,
"verifier wrote bytes past NULL termination\n");
if (memcmp(full_log, log, LOG_SIZE)) {
err("log did not match expected output\n");
exit(1);
}
}
static void test_log_bad(char *log, size_t log_len, int log_level)
{
int ret;
ret = load(log, log_len, log_level);
check_ret(ret, EINVAL);
if (log)
check_ones(log, LOG_SIZE,
"verifier touched log with bad parameters\n");
}
int main(int argc, char **argv)
{
char full_log[LOG_SIZE];
char log[LOG_SIZE];
size_t want_len;
int i;
memset(log, 1, LOG_SIZE);
/* Test incorrect attr */
printf("Test log_level 0...\n");
test_log_bad(log, LOG_SIZE, 0);
printf("Test log_size < 128...\n");
test_log_bad(log, 15, 1);
printf("Test log_buff = NULL...\n");
test_log_bad(NULL, LOG_SIZE, 1);
/* Test with log big enough */
printf("Test oversized buffer...\n");
test_log_good(full_log, LOG_SIZE, LOG_SIZE, 0, EACCES, full_log);
want_len = strlen(full_log);
printf("Test exact buffer...\n");
test_log_good(log, LOG_SIZE, want_len + 2, want_len, EACCES, full_log);
printf("Test undersized buffers...\n");
for (i = 0; i < 64; i++) {
full_log[want_len - i + 1] = 1;
full_log[want_len - i] = 0;
test_log_good(log, LOG_SIZE, want_len + 1 - i, want_len - i,
ENOSPC, full_log);
}
printf("test_verifier_log: OK\n");
return 0;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment