/* SPDX-License-Identifier: GPL-2.0-only */ /* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com */ #ifndef _LINUX_BPF_VERIFIER_H #define _LINUX_BPF_VERIFIER_H … #include <linux/bpf.h> /* for enum bpf_reg_type */ #include <linux/btf.h> /* for struct btf and btf_id() */ #include <linux/filter.h> /* for MAX_BPF_STACK */ #include <linux/tnum.h> /* Maximum variable offset umax_value permitted when resolving memory accesses. * In practice this is far bigger than any realistic pointer offset; this limit * ensures that umax_value + (int)off + (int)size cannot overflow a u64. */ #define BPF_MAX_VAR_OFF … /* Maximum variable size permitted for ARG_CONST_SIZE[_OR_ZERO]. This ensures * that converting umax_value to int cannot overflow. */ #define BPF_MAX_VAR_SIZ … /* size of tmp_str_buf in bpf_verifier. * we need at least 306 bytes to fit full stack mask representation * (in the "-8,-16,...,-512" form) */ #define TMP_STR_BUF_LEN … /* Liveness marks, used for registers and spilled-regs (in stack slots). * Read marks propagate upwards until they find a write mark; they record that * "one of this state's descendants read this reg" (and therefore the reg is * relevant for states_equal() checks). * Write marks collect downwards and do not propagate; they record that "the * straight-line code that reached this state (from its parent) wrote this reg" * (and therefore that reads propagated from this state or its descendants * should not propagate to its parent). * A state with a write mark can receive read marks; it just won't propagate * them to its parent, since the write mark is a property, not of the state, * but of the link between it and its parent. See mark_reg_read() and * mark_stack_slot_read() in kernel/bpf/verifier.c. */ enum bpf_reg_liveness { … }; /* For every reg representing a map value or allocated object pointer, * we consider the tuple of (ptr, id) for them to be unique in verifier * context and conside them to not alias each other for the purposes of * tracking lock state. */ struct bpf_active_lock { … }; #define ITER_PREFIX … enum bpf_iter_state { … }; struct bpf_reg_state { … }; enum bpf_stack_slot_type { … }; #define BPF_REG_SIZE … #define BPF_REGMASK_ARGS … #define BPF_DYNPTR_SIZE … #define BPF_DYNPTR_NR_SLOTS … struct bpf_stack_state { … }; struct bpf_reference_state { … }; struct bpf_retval_range { … }; /* state of the program: * type of all registers and stack info */ struct bpf_func_state { … }; #define MAX_CALL_FRAMES … /* instruction history flags, used in bpf_jmp_history_entry.flags field */ enum { … }; static_assert(…); static_assert(…); struct bpf_jmp_history_entry { … }; /* Maximum number of register states that can exist at once */ #define BPF_ID_MAP_SIZE … struct bpf_verifier_state { … }; #define bpf_get_spilled_reg(slot, frame, mask) … /* Iterate over 'frame', setting 'reg' to either NULL or a spilled register. */ #define bpf_for_each_spilled_reg(iter, frame, reg, mask) … #define bpf_for_each_reg_in_vstate_mask(__vst, __state, __reg, __mask, __expr) … /* Invoke __expr over regsiters in __vst, setting __state and __reg */ #define bpf_for_each_reg_in_vstate(__vst, __state, __reg, __expr) … /* linked list of verifier states used to prune search */ struct bpf_verifier_state_list { … }; struct bpf_loop_inline_state { … }; /* pointer and state for maps */ struct bpf_map_ptr_state { … }; /* Possible states for alu_state member. */ #define BPF_ALU_SANITIZE_SRC … #define BPF_ALU_SANITIZE_DST … #define BPF_ALU_NEG_VALUE … #define BPF_ALU_NON_POINTER … #define BPF_ALU_IMMEDIATE … #define BPF_ALU_SANITIZE … struct bpf_insn_aux_data { … }; #define MAX_USED_MAPS … #define MAX_USED_BTFS … #define BPF_VERIFIER_TMP_LOG_SIZE … struct bpf_verifier_log { … }; #define BPF_LOG_LEVEL1 … #define BPF_LOG_LEVEL2 … #define BPF_LOG_STATS … #define BPF_LOG_FIXED … #define BPF_LOG_LEVEL … #define BPF_LOG_MASK … #define BPF_LOG_KERNEL … #define BPF_LOG_MIN_ALIGNMENT … #define BPF_LOG_ALIGNMENT … static inline bool bpf_verifier_log_needed(const struct bpf_verifier_log *log) { … } #define BPF_MAX_SUBPROGS … struct bpf_subprog_arg_info { … }; struct bpf_subprog_info { … }; struct bpf_verifier_env; struct backtrack_state { … }; struct bpf_id_pair { … }; struct bpf_idmap { … }; struct bpf_idset { … }; /* single container for all structs * one verifier_env per bpf_check() call */ struct bpf_verifier_env { … }; static inline struct bpf_func_info_aux *subprog_aux(struct bpf_verifier_env *env, int subprog) { … } static inline struct bpf_subprog_info *subprog_info(struct bpf_verifier_env *env, int subprog) { … } __printf(2, 0) void bpf_verifier_vlog(struct bpf_verifier_log *log, const char *fmt, va_list args); __printf(2, 3) void bpf_verifier_log_write(struct bpf_verifier_env *env, const char *fmt, ...); __printf(2, 3) void bpf_log(struct bpf_verifier_log *log, const char *fmt, ...); int bpf_vlog_init(struct bpf_verifier_log *log, u32 log_level, char __user *log_buf, u32 log_size); void bpf_vlog_reset(struct bpf_verifier_log *log, u64 new_pos); int bpf_vlog_finalize(struct bpf_verifier_log *log, u32 *log_size_actual); __printf(3, 4) void verbose_linfo(struct bpf_verifier_env *env, u32 insn_off, const char *prefix_fmt, ...); static inline struct bpf_func_state *cur_func(struct bpf_verifier_env *env) { … } static inline struct bpf_reg_state *cur_regs(struct bpf_verifier_env *env) { … } int bpf_prog_offload_verifier_prep(struct bpf_prog *prog); int bpf_prog_offload_verify_insn(struct bpf_verifier_env *env, int insn_idx, int prev_insn_idx); int bpf_prog_offload_finalize(struct bpf_verifier_env *env); void bpf_prog_offload_replace_insn(struct bpf_verifier_env *env, u32 off, struct bpf_insn *insn); void bpf_prog_offload_remove_insns(struct bpf_verifier_env *env, u32 off, u32 cnt); /* this lives here instead of in bpf.h because it needs to dereference tgt_prog */ static inline u64 bpf_trampoline_compute_key(const struct bpf_prog *tgt_prog, struct btf *btf, u32 btf_id) { … } /* unpack the IDs from the key as constructed above */ static inline void bpf_trampoline_unpack_key(u64 key, u32 *obj_id, u32 *btf_id) { … } int bpf_check_attach_target(struct bpf_verifier_log *log, const struct bpf_prog *prog, const struct bpf_prog *tgt_prog, u32 btf_id, struct bpf_attach_target_info *tgt_info); void bpf_free_kfunc_btf_tab(struct bpf_kfunc_btf_tab *tab); int mark_chain_precision(struct bpf_verifier_env *env, int regno); #define BPF_BASE_TYPE_MASK … /* extract base type from bpf_{arg, return, reg}_type. */ static inline u32 base_type(u32 type) { … } /* extract flags from an extended type. See bpf_type_flag in bpf.h. */ static inline u32 type_flag(u32 type) { … } /* only use after check_attach_btf_id() */ static inline enum bpf_prog_type resolve_prog_type(const struct bpf_prog *prog) { … } static inline bool bpf_prog_check_recur(const struct bpf_prog *prog) { … } #define BPF_REG_TRUSTED_MODIFIERS … static inline bool bpf_type_has_unsafe_modifiers(u32 type) { … } static inline bool type_is_ptr_alloc_obj(u32 type) { … } static inline bool type_is_non_owning_ref(u32 type) { … } static inline bool type_is_pkt_pointer(enum bpf_reg_type type) { … } static inline bool type_is_sk_pointer(enum bpf_reg_type type) { … } static inline void mark_reg_scratched(struct bpf_verifier_env *env, u32 regno) { … } static inline void mark_stack_slot_scratched(struct bpf_verifier_env *env, u32 spi) { … } static inline bool reg_scratched(const struct bpf_verifier_env *env, u32 regno) { … } static inline bool stack_slot_scratched(const struct bpf_verifier_env *env, u64 regno) { … } static inline bool verifier_state_scratched(const struct bpf_verifier_env *env) { … } static inline void mark_verifier_state_clean(struct bpf_verifier_env *env) { … } /* Used for printing the entire verifier state. */ static inline void mark_verifier_state_scratched(struct bpf_verifier_env *env) { … } static inline bool bpf_stack_narrow_access_ok(int off, int fill_size, int spill_size) { … } const char *reg_type_str(struct bpf_verifier_env *env, enum bpf_reg_type type); const char *dynptr_type_str(enum bpf_dynptr_type type); const char *iter_type_str(const struct btf *btf, u32 btf_id); const char *iter_state_str(enum bpf_iter_state state); void print_verifier_state(struct bpf_verifier_env *env, const struct bpf_func_state *state, bool print_all); void print_insn_state(struct bpf_verifier_env *env, const struct bpf_func_state *state); #endif /* _LINUX_BPF_VERIFIER_H */
Codebase Browser
linux