lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202212241916.xNK8bz7d-lkp@intel.com>
Date:   Sat, 24 Dec 2022 20:04:13 +0800
From:   kernel test robot <lkp@...el.com>
To:     Tiezhu Yang <yangtiezhu@...ngson.cn>
Cc:     llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev,
        linux-kernel@...r.kernel.org,
        Thomas Bogendoerfer <tsbogend@...ha.franken.de>
Subject: kernel/bpf/verifier.c:9383:12: warning: stack frame size (2624)
 exceeds limit (2048) in 'do_check'

Hi Tiezhu,

FYI, the error/warning still remains.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   72a85e2b0a1e1e6fb4ee51ae902730212b2de25c
commit: 198688edbf77c6fc0e65f5d062f810d83d090166 MIPS: Fix inline asm input/output type mismatch in checksum.h used with Clang
date:   1 year, 11 months ago
config: mips-randconfig-r026-20221224
compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project f5700e7b69048de958172fb513b336564e7f8709)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install mips cross compiling tool for clang build
        # apt-get install binutils-mips64el-linux-gnuabi64
        # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=198688edbf77c6fc0e65f5d062f810d83d090166
        git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
        git fetch --no-tags linus master
        git checkout 198688edbf77c6fc0e65f5d062f810d83d090166
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=mips olddefconfig
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=mips SHELL=/bin/bash kernel/bpf/

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

>> kernel/bpf/verifier.c:9383:12: warning: stack frame size (2624) exceeds limit (2048) in 'do_check' [-Wframe-larger-than]
   static int do_check(struct bpf_verifier_env *env)
              ^
   2548/2624 (97.10%) spills, 76/2624 (2.90%) variables
   1 warning generated.


vim +/do_check +9383 kernel/bpf/verifier.c

c64b7983288e63 Joe Stringer       2018-10-02  9382  
58e2af8b3a6b58 Jakub Kicinski     2016-09-21 @9383  static int do_check(struct bpf_verifier_env *env)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9384  {
6f8a57ccf85117 Andrii Nakryiko    2020-04-23  9385  	bool pop_log = !(env->log.level & BPF_LOG_LEVEL2);
51c39bb1d5d105 Alexei Starovoitov 2020-01-09  9386  	struct bpf_verifier_state *state = env->cur_state;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9387  	struct bpf_insn *insns = env->prog->insnsi;
638f5b90d46016 Alexei Starovoitov 2017-10-31  9388  	struct bpf_reg_state *regs;
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9389  	int insn_cnt = env->prog->len;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9390  	bool do_print_state = false;
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15  9391  	int prev_insn_idx = -1;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9392  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9393  	for (;;) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9394  		struct bpf_insn *insn;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9395  		u8 class;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9396  		int err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9397  
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15  9398  		env->prev_insn_idx = prev_insn_idx;
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9399  		if (env->insn_idx >= insn_cnt) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9400  			verbose(env, "invalid insn idx %d insn_cnt %d\n",
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9401  				env->insn_idx, insn_cnt);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9402  			return -EFAULT;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9403  		}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9404  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9405  		insn = &insns[env->insn_idx];
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9406  		class = BPF_CLASS(insn->code);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9407  
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9408  		if (++env->insn_processed > BPF_COMPLEXITY_LIMIT_INSNS) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9409  			verbose(env,
61bd5218eef349 Jakub Kicinski     2017-10-09  9410  				"BPF program is too large. Processed %d insn\n",
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9411  				env->insn_processed);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9412  			return -E2BIG;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9413  		}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9414  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9415  		err = is_state_visited(env, env->insn_idx);
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9416  		if (err < 0)
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9417  			return err;
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9418  		if (err == 1) {
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9419  			/* found equivalent state, can prune the search */
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9420  			if (env->log.level & BPF_LOG_LEVEL) {
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9421  				if (do_print_state)
979d63d50c0c0f Daniel Borkmann    2019-01-03  9422  					verbose(env, "\nfrom %d to %d%s: safe\n",
979d63d50c0c0f Daniel Borkmann    2019-01-03  9423  						env->prev_insn_idx, env->insn_idx,
979d63d50c0c0f Daniel Borkmann    2019-01-03  9424  						env->cur_state->speculative ?
979d63d50c0c0f Daniel Borkmann    2019-01-03  9425  						" (speculative execution)" : "");
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9426  				else
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9427  					verbose(env, "%d: safe\n", env->insn_idx);
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9428  			}
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9429  			goto process_bpf_exit;
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9430  		}
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9431  
c3494801cd1785 Alexei Starovoitov 2018-12-03  9432  		if (signal_pending(current))
c3494801cd1785 Alexei Starovoitov 2018-12-03  9433  			return -EAGAIN;
c3494801cd1785 Alexei Starovoitov 2018-12-03  9434  
3c2ce60bdd3d57 Daniel Borkmann    2017-05-18  9435  		if (need_resched())
3c2ce60bdd3d57 Daniel Borkmann    2017-05-18  9436  			cond_resched();
3c2ce60bdd3d57 Daniel Borkmann    2017-05-18  9437  
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9438  		if (env->log.level & BPF_LOG_LEVEL2 ||
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9439  		    (env->log.level & BPF_LOG_LEVEL && do_print_state)) {
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9440  			if (env->log.level & BPF_LOG_LEVEL2)
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9441  				verbose(env, "%d:", env->insn_idx);
c5fc9692d101d1 David S. Miller    2017-05-10  9442  			else
979d63d50c0c0f Daniel Borkmann    2019-01-03  9443  				verbose(env, "\nfrom %d to %d%s:",
979d63d50c0c0f Daniel Borkmann    2019-01-03  9444  					env->prev_insn_idx, env->insn_idx,
979d63d50c0c0f Daniel Borkmann    2019-01-03  9445  					env->cur_state->speculative ?
979d63d50c0c0f Daniel Borkmann    2019-01-03  9446  					" (speculative execution)" : "");
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9447  			print_verifier_state(env, state->frame[state->curframe]);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9448  			do_print_state = false;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9449  		}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9450  
06ee7115b0d174 Alexei Starovoitov 2019-04-01  9451  		if (env->log.level & BPF_LOG_LEVEL) {
7105e828c087de Daniel Borkmann    2017-12-20  9452  			const struct bpf_insn_cbs cbs = {
7105e828c087de Daniel Borkmann    2017-12-20  9453  				.cb_print	= verbose,
abe0884011f1a5 Jiri Olsa          2018-03-23  9454  				.private_data	= env,
7105e828c087de Daniel Borkmann    2017-12-20  9455  			};
7105e828c087de Daniel Borkmann    2017-12-20  9456  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9457  			verbose_linfo(env, env->insn_idx, "; ");
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9458  			verbose(env, "%d: ", env->insn_idx);
abe0884011f1a5 Jiri Olsa          2018-03-23  9459  			print_bpf_insn(&cbs, insn, env->allow_ptr_leaks);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9460  		}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9461  
cae1927c0b4a93 Jakub Kicinski     2017-12-27  9462  		if (bpf_prog_is_dev_bound(env->prog->aux)) {
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9463  			err = bpf_prog_offload_verify_insn(env, env->insn_idx,
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9464  							   env->prev_insn_idx);
13a27dfc669724 Jakub Kicinski     2016-09-21  9465  			if (err)
13a27dfc669724 Jakub Kicinski     2016-09-21  9466  				return err;
cae1927c0b4a93 Jakub Kicinski     2017-12-27  9467  		}
13a27dfc669724 Jakub Kicinski     2016-09-21  9468  
638f5b90d46016 Alexei Starovoitov 2017-10-31  9469  		regs = cur_regs(env);
51c39bb1d5d105 Alexei Starovoitov 2020-01-09  9470  		env->insn_aux_data[env->insn_idx].seen = env->pass_cnt;
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15  9471  		prev_insn_idx = env->insn_idx;
fd978bf7fd3125 Joe Stringer       2018-10-02  9472  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9473  		if (class == BPF_ALU || class == BPF_ALU64) {
1be7f75d1668d6 Alexei Starovoitov 2015-10-07  9474  			err = check_alu_op(env, insn);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9475  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9476  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9477  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9478  		} else if (class == BPF_LDX) {
3df126f35f88dc Jakub Kicinski     2016-09-21  9479  			enum bpf_reg_type *prev_src_type, src_reg_type;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9480  
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9481  			/* check for reserved fields is already done */
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9482  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9483  			/* check src operand */
dc503a8ad98474 Edward Cree        2017-08-15  9484  			err = check_reg_arg(env, insn->src_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9485  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9486  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9487  
dc503a8ad98474 Edward Cree        2017-08-15  9488  			err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9489  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9490  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9491  
725f9dcd58dedf Alexei Starovoitov 2015-04-15  9492  			src_reg_type = regs[insn->src_reg].type;
725f9dcd58dedf Alexei Starovoitov 2015-04-15  9493  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9494  			/* check that memory (src_reg + off) is readable,
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9495  			 * the state of dst_reg will be updated by this func
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9496  			 */
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9497  			err = check_mem_access(env, env->insn_idx, insn->src_reg,
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9498  					       insn->off, BPF_SIZE(insn->code),
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9499  					       BPF_READ, insn->dst_reg, false);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9500  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9501  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9502  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9503  			prev_src_type = &env->insn_aux_data[env->insn_idx].ptr_type;
3df126f35f88dc Jakub Kicinski     2016-09-21  9504  
3df126f35f88dc Jakub Kicinski     2016-09-21  9505  			if (*prev_src_type == NOT_INIT) {
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9506  				/* saw a valid insn
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9507  				 * dst_reg = *(u32 *)(src_reg + off)
3df126f35f88dc Jakub Kicinski     2016-09-21  9508  				 * save type to validate intersecting paths
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9509  				 */
3df126f35f88dc Jakub Kicinski     2016-09-21  9510  				*prev_src_type = src_reg_type;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9511  
c64b7983288e63 Joe Stringer       2018-10-02  9512  			} else if (reg_type_mismatch(src_reg_type, *prev_src_type)) {
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9513  				/* ABuser program is trying to use the same insn
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9514  				 * dst_reg = *(u32*) (src_reg + off)
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9515  				 * with different pointer types:
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9516  				 * src_reg == ctx in one branch and
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9517  				 * src_reg == stack|map in some other branch.
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9518  				 * Reject it.
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9519  				 */
61bd5218eef349 Jakub Kicinski     2017-10-09  9520  				verbose(env, "same insn cannot be used with different pointers\n");
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9521  				return -EINVAL;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9522  			}
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9523  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9524  		} else if (class == BPF_STX) {
3df126f35f88dc Jakub Kicinski     2016-09-21  9525  			enum bpf_reg_type *prev_dst_type, dst_reg_type;
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9526  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9527  			if (BPF_MODE(insn->code) == BPF_XADD) {
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9528  				err = check_xadd(env, env->insn_idx, insn);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9529  				if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9530  					return err;
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9531  				env->insn_idx++;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9532  				continue;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9533  			}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9534  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9535  			/* check src1 operand */
dc503a8ad98474 Edward Cree        2017-08-15  9536  			err = check_reg_arg(env, insn->src_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9537  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9538  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9539  			/* check src2 operand */
dc503a8ad98474 Edward Cree        2017-08-15  9540  			err = check_reg_arg(env, insn->dst_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9541  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9542  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9543  
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9544  			dst_reg_type = regs[insn->dst_reg].type;
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9545  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9546  			/* check that memory (dst_reg + off) is writeable */
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9547  			err = check_mem_access(env, env->insn_idx, insn->dst_reg,
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9548  					       insn->off, BPF_SIZE(insn->code),
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9549  					       BPF_WRITE, insn->src_reg, false);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9550  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9551  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9552  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9553  			prev_dst_type = &env->insn_aux_data[env->insn_idx].ptr_type;
3df126f35f88dc Jakub Kicinski     2016-09-21  9554  
3df126f35f88dc Jakub Kicinski     2016-09-21  9555  			if (*prev_dst_type == NOT_INIT) {
3df126f35f88dc Jakub Kicinski     2016-09-21  9556  				*prev_dst_type = dst_reg_type;
c64b7983288e63 Joe Stringer       2018-10-02  9557  			} else if (reg_type_mismatch(dst_reg_type, *prev_dst_type)) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9558  				verbose(env, "same insn cannot be used with different pointers\n");
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9559  				return -EINVAL;
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9560  			}
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9561  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9562  		} else if (class == BPF_ST) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9563  			if (BPF_MODE(insn->code) != BPF_MEM ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9564  			    insn->src_reg != BPF_REG_0) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9565  				verbose(env, "BPF_ST uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9566  				return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9567  			}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9568  			/* check src operand */
dc503a8ad98474 Edward Cree        2017-08-15  9569  			err = check_reg_arg(env, insn->dst_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9570  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9571  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9572  
f37a8cb84cce18 Daniel Borkmann    2018-01-16  9573  			if (is_ctx_reg(env, insn->dst_reg)) {
9d2be44a7f33d5 Joe Stringer       2018-10-02  9574  				verbose(env, "BPF_ST stores into R%d %s is not allowed\n",
2a159c6f82381a Daniel Borkmann    2018-10-21  9575  					insn->dst_reg,
2a159c6f82381a Daniel Borkmann    2018-10-21  9576  					reg_type_str[reg_state(env, insn->dst_reg)->type]);
f37a8cb84cce18 Daniel Borkmann    2018-01-16  9577  				return -EACCES;
f37a8cb84cce18 Daniel Borkmann    2018-01-16  9578  			}
f37a8cb84cce18 Daniel Borkmann    2018-01-16  9579  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9580  			/* check that memory (dst_reg + off) is writeable */
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9581  			err = check_mem_access(env, env->insn_idx, insn->dst_reg,
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9582  					       insn->off, BPF_SIZE(insn->code),
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9583  					       BPF_WRITE, -1, false);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9584  			if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9585  				return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9586  
092ed0968bb648 Jiong Wang         2019-01-26  9587  		} else if (class == BPF_JMP || class == BPF_JMP32) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9588  			u8 opcode = BPF_OP(insn->code);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9589  
2589726d12a1b1 Alexei Starovoitov 2019-06-15  9590  			env->jmps_processed++;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9591  			if (opcode == BPF_CALL) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9592  				if (BPF_SRC(insn->code) != BPF_K ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9593  				    insn->off != 0 ||
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9594  				    (insn->src_reg != BPF_REG_0 &&
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9595  				     insn->src_reg != BPF_PSEUDO_CALL) ||
092ed0968bb648 Jiong Wang         2019-01-26  9596  				    insn->dst_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang         2019-01-26  9597  				    class == BPF_JMP32) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9598  					verbose(env, "BPF_CALL uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9599  					return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9600  				}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9601  
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9602  				if (env->cur_state->active_spin_lock &&
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9603  				    (insn->src_reg == BPF_PSEUDO_CALL ||
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9604  				     insn->imm != BPF_FUNC_spin_unlock)) {
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9605  					verbose(env, "function calls are not allowed while holding a lock\n");
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9606  					return -EINVAL;
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9607  				}
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9608  				if (insn->src_reg == BPF_PSEUDO_CALL)
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9609  					err = check_func_call(env, insn, &env->insn_idx);
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9610  				else
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9611  					err = check_helper_call(env, insn->imm, env->insn_idx);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9612  				if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9613  					return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9614  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9615  			} else if (opcode == BPF_JA) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9616  				if (BPF_SRC(insn->code) != BPF_K ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9617  				    insn->imm != 0 ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9618  				    insn->src_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang         2019-01-26  9619  				    insn->dst_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang         2019-01-26  9620  				    class == BPF_JMP32) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9621  					verbose(env, "BPF_JA uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9622  					return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9623  				}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9624  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9625  				env->insn_idx += insn->off + 1;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9626  				continue;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9627  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9628  			} else if (opcode == BPF_EXIT) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9629  				if (BPF_SRC(insn->code) != BPF_K ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9630  				    insn->imm != 0 ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9631  				    insn->src_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang         2019-01-26  9632  				    insn->dst_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang         2019-01-26  9633  				    class == BPF_JMP32) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9634  					verbose(env, "BPF_EXIT uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9635  					return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9636  				}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9637  
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9638  				if (env->cur_state->active_spin_lock) {
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9639  					verbose(env, "bpf_spin_unlock is missing\n");
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9640  					return -EINVAL;
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9641  				}
d83525ca62cf8e Alexei Starovoitov 2019-01-31  9642  
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9643  				if (state->curframe) {
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9644  					/* exit from nested function */
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9645  					err = prepare_func_exit(env, &env->insn_idx);
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9646  					if (err)
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9647  						return err;
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9648  					do_print_state = true;
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9649  					continue;
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9650  				}
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14  9651  
fd978bf7fd3125 Joe Stringer       2018-10-02  9652  				err = check_reference_leak(env);
fd978bf7fd3125 Joe Stringer       2018-10-02  9653  				if (err)
fd978bf7fd3125 Joe Stringer       2018-10-02  9654  					return err;
fd978bf7fd3125 Joe Stringer       2018-10-02  9655  
390ee7e29fc8e6 Alexei Starovoitov 2017-10-02  9656  				err = check_return_code(env);
390ee7e29fc8e6 Alexei Starovoitov 2017-10-02  9657  				if (err)
390ee7e29fc8e6 Alexei Starovoitov 2017-10-02  9658  					return err;
f1bca824dabba4 Alexei Starovoitov 2014-09-29  9659  process_bpf_exit:
2589726d12a1b1 Alexei Starovoitov 2019-06-15  9660  				update_branch_counts(env, env->cur_state);
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15  9661  				err = pop_stack(env, &prev_insn_idx,
6f8a57ccf85117 Andrii Nakryiko    2020-04-23  9662  						&env->insn_idx, pop_log);
638f5b90d46016 Alexei Starovoitov 2017-10-31  9663  				if (err < 0) {
638f5b90d46016 Alexei Starovoitov 2017-10-31  9664  					if (err != -ENOENT)
638f5b90d46016 Alexei Starovoitov 2017-10-31  9665  						return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9666  					break;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9667  				} else {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9668  					do_print_state = true;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9669  					continue;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9670  				}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9671  			} else {
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9672  				err = check_cond_jmp_op(env, insn, &env->insn_idx);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9673  				if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9674  					return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9675  			}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9676  		} else if (class == BPF_LD) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9677  			u8 mode = BPF_MODE(insn->code);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9678  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9679  			if (mode == BPF_ABS || mode == BPF_IND) {
ddd872bc3098f9 Alexei Starovoitov 2014-12-01  9680  				err = check_ld_abs(env, insn);
ddd872bc3098f9 Alexei Starovoitov 2014-12-01  9681  				if (err)
ddd872bc3098f9 Alexei Starovoitov 2014-12-01  9682  					return err;
ddd872bc3098f9 Alexei Starovoitov 2014-12-01  9683  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9684  			} else if (mode == BPF_IMM) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9685  				err = check_ld_imm(env, insn);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9686  				if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9687  					return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9688  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9689  				env->insn_idx++;
51c39bb1d5d105 Alexei Starovoitov 2020-01-09  9690  				env->insn_aux_data[env->insn_idx].seen = env->pass_cnt;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9691  			} else {
61bd5218eef349 Jakub Kicinski     2017-10-09  9692  				verbose(env, "invalid BPF_LD mode\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9693  				return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9694  			}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9695  		} else {
61bd5218eef349 Jakub Kicinski     2017-10-09  9696  			verbose(env, "unknown insn class %d\n", class);
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9697  			return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9698  		}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9699  
c08435ec7f2bc8 Daniel Borkmann    2019-01-03  9700  		env->insn_idx++;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9701  	}
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9702  
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9703  	return 0;
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9704  }
17a5267067f3c3 Alexei Starovoitov 2014-09-26  9705  

:::::: The code at line 9383 was first introduced by commit
:::::: 58e2af8b3a6b587e4ac8414343581da4349d3c0f bpf: expose internal verfier structures

:::::: TO: Jakub Kicinski <jakub.kicinski@...ronome.com>
:::::: CC: David S. Miller <davem@...emloft.net>

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config" of type "text/plain" (161037 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ