1 /* SPDX-License-Identifier: GPL-2.0 */
2 /* Copyright (c) 2018 Facebook */
4 #include <uapi/linux/btf.h>
5 #include <uapi/linux/bpf.h>
6 #include <uapi/linux/bpf_perf_event.h>
7 #include <uapi/linux/types.h>
8 #include <linux/seq_file.h>
9 #include <linux/compiler.h>
10 #include <linux/ctype.h>
11 #include <linux/errno.h>
12 #include <linux/slab.h>
13 #include <linux/anon_inodes.h>
14 #include <linux/file.h>
15 #include <linux/uaccess.h>
16 #include <linux/kernel.h>
17 #include <linux/idr.h>
18 #include <linux/sort.h>
19 #include <linux/bpf_verifier.h>
20 #include <linux/btf.h>
21 #include <linux/btf_ids.h>
22 #include <linux/skmsg.h>
23 #include <linux/perf_event.h>
24 #include <linux/bsearch.h>
27 /* BTF (BPF Type Format) is the meta data format which describes
28 * the data types of BPF program/map. Hence, it basically focus
29 * on the C programming language which the modern BPF is primary
34 * The BTF data is stored under the ".BTF" ELF section
38 * Each 'struct btf_type' object describes a C data type.
39 * Depending on the type it is describing, a 'struct btf_type'
40 * object may be followed by more data. F.e.
41 * To describe an array, 'struct btf_type' is followed by
44 * 'struct btf_type' and any extra data following it are
49 * The BTF type section contains a list of 'struct btf_type' objects.
50 * Each one describes a C type. Recall from the above section
51 * that a 'struct btf_type' object could be immediately followed by extra
52 * data in order to desribe some particular C types.
56 * Each btf_type object is identified by a type_id. The type_id
57 * is implicitly implied by the location of the btf_type object in
58 * the BTF type section. The first one has type_id 1. The second
59 * one has type_id 2...etc. Hence, an earlier btf_type has
62 * A btf_type object may refer to another btf_type object by using
63 * type_id (i.e. the "type" in the "struct btf_type").
65 * NOTE that we cannot assume any reference-order.
66 * A btf_type object can refer to an earlier btf_type object
67 * but it can also refer to a later btf_type object.
69 * For example, to describe "const void *". A btf_type
70 * object describing "const" may refer to another btf_type
71 * object describing "void *". This type-reference is done
72 * by specifying type_id:
74 * [1] CONST (anon) type_id=2
75 * [2] PTR (anon) type_id=0
77 * The above is the btf_verifier debug log:
78 * - Each line started with "[?]" is a btf_type object
79 * - [?] is the type_id of the btf_type object.
80 * - CONST/PTR is the BTF_KIND_XXX
81 * - "(anon)" is the name of the type. It just
82 * happens that CONST and PTR has no name.
83 * - type_id=XXX is the 'u32 type' in btf_type
85 * NOTE: "void" has type_id 0
89 * The BTF string section contains the names used by the type section.
90 * Each string is referred by an "offset" from the beginning of the
93 * Each string is '\0' terminated.
95 * The first character in the string section must be '\0'
96 * which is used to mean 'anonymous'. Some btf_type may not
102 * To verify BTF data, two passes are needed.
106 * The first pass is to collect all btf_type objects to
107 * an array: "btf->types".
109 * Depending on the C type that a btf_type is describing,
110 * a btf_type may be followed by extra data. We don't know
111 * how many btf_type is there, and more importantly we don't
112 * know where each btf_type is located in the type section.
114 * Without knowing the location of each type_id, most verifications
115 * cannot be done. e.g. an earlier btf_type may refer to a later
116 * btf_type (recall the "const void *" above), so we cannot
117 * check this type-reference in the first pass.
119 * In the first pass, it still does some verifications (e.g.
120 * checking the name is a valid offset to the string section).
124 * The main focus is to resolve a btf_type that is referring
127 * We have to ensure the referring type:
128 * 1) does exist in the BTF (i.e. in btf->types[])
129 * 2) does not cause a loop:
138 * btf_type_needs_resolve() decides if a btf_type needs
141 * The needs_resolve type implements the "resolve()" ops which
142 * essentially does a DFS and detects backedge.
144 * During resolve (or DFS), different C types have different
145 * "RESOLVED" conditions.
147 * When resolving a BTF_KIND_STRUCT, we need to resolve all its
148 * members because a member is always referring to another
149 * type. A struct's member can be treated as "RESOLVED" if
150 * it is referring to a BTF_KIND_PTR. Otherwise, the
151 * following valid C struct would be rejected:
158 * When resolving a BTF_KIND_PTR, it needs to keep resolving if
159 * it is referring to another BTF_KIND_PTR. Otherwise, we cannot
160 * detect a pointer loop, e.g.:
161 * BTF_KIND_CONST -> BTF_KIND_PTR -> BTF_KIND_CONST -> BTF_KIND_PTR +
163 * +-----------------------------------------+
167 #define BITS_PER_U128 (sizeof(u64) * BITS_PER_BYTE * 2)
168 #define BITS_PER_BYTE_MASK (BITS_PER_BYTE - 1)
169 #define BITS_PER_BYTE_MASKED(bits) ((bits) & BITS_PER_BYTE_MASK)
170 #define BITS_ROUNDDOWN_BYTES(bits) ((bits) >> 3)
171 #define BITS_ROUNDUP_BYTES(bits) \
172 (BITS_ROUNDDOWN_BYTES(bits) + !!BITS_PER_BYTE_MASKED(bits))
174 #define BTF_INFO_MASK 0x8f00ffff
175 #define BTF_INT_MASK 0x0fffffff
176 #define BTF_TYPE_ID_VALID(type_id) ((type_id) <= BTF_MAX_TYPE)
177 #define BTF_STR_OFFSET_VALID(name_off) ((name_off) <= BTF_MAX_NAME_OFFSET)
179 /* 16MB for 64k structs and each has 16 members and
180 * a few MB spaces for the string section.
181 * The hard limit is S32_MAX.
183 #define BTF_MAX_SIZE (16 * 1024 * 1024)
185 #define for_each_member_from(i, from, struct_type, member) \
186 for (i = from, member = btf_type_member(struct_type) + from; \
187 i < btf_type_vlen(struct_type); \
190 #define for_each_vsi_from(i, from, struct_type, member) \
191 for (i = from, member = btf_type_var_secinfo(struct_type) + from; \
192 i < btf_type_vlen(struct_type); \
196 DEFINE_SPINLOCK(btf_idr_lock);
200 struct btf_type **types;
205 struct btf_header hdr;
206 u32 nr_types; /* includes VOID for base BTF */
213 /* split BTF support */
214 struct btf *base_btf;
215 u32 start_id; /* first type ID in this BTF (0 for base BTF) */
216 u32 start_str_off; /* first string offset (0 for base BTF) */
219 enum verifier_phase {
224 struct resolve_vertex {
225 const struct btf_type *t;
237 RESOLVE_TBD, /* To Be Determined */
238 RESOLVE_PTR, /* Resolving for Pointer */
239 RESOLVE_STRUCT_OR_ARRAY, /* Resolving for struct/union
244 #define MAX_RESOLVE_DEPTH 32
246 struct btf_sec_info {
251 struct btf_verifier_env {
254 struct resolve_vertex stack[MAX_RESOLVE_DEPTH];
255 struct bpf_verifier_log log;
258 enum verifier_phase phase;
259 enum resolve_mode resolve_mode;
262 static const char * const btf_kind_str[NR_BTF_KINDS] = {
263 [BTF_KIND_UNKN] = "UNKNOWN",
264 [BTF_KIND_INT] = "INT",
265 [BTF_KIND_PTR] = "PTR",
266 [BTF_KIND_ARRAY] = "ARRAY",
267 [BTF_KIND_STRUCT] = "STRUCT",
268 [BTF_KIND_UNION] = "UNION",
269 [BTF_KIND_ENUM] = "ENUM",
270 [BTF_KIND_FWD] = "FWD",
271 [BTF_KIND_TYPEDEF] = "TYPEDEF",
272 [BTF_KIND_VOLATILE] = "VOLATILE",
273 [BTF_KIND_CONST] = "CONST",
274 [BTF_KIND_RESTRICT] = "RESTRICT",
275 [BTF_KIND_FUNC] = "FUNC",
276 [BTF_KIND_FUNC_PROTO] = "FUNC_PROTO",
277 [BTF_KIND_VAR] = "VAR",
278 [BTF_KIND_DATASEC] = "DATASEC",
281 static const char *btf_type_str(const struct btf_type *t)
283 return btf_kind_str[BTF_INFO_KIND(t->info)];
286 /* Chunk size we use in safe copy of data to be shown. */
287 #define BTF_SHOW_OBJ_SAFE_SIZE 32
290 * This is the maximum size of a base type value (equivalent to a
291 * 128-bit int); if we are at the end of our safe buffer and have
292 * less than 16 bytes space we can't be assured of being able
293 * to copy the next type safely, so in such cases we will initiate
296 #define BTF_SHOW_OBJ_BASE_TYPE_SIZE 16
299 #define BTF_SHOW_NAME_SIZE 80
302 * Common data to all BTF show operations. Private show functions can add
303 * their own data to a structure containing a struct btf_show and consult it
304 * in the show callback. See btf_type_show() below.
306 * One challenge with showing nested data is we want to skip 0-valued
307 * data, but in order to figure out whether a nested object is all zeros
308 * we need to walk through it. As a result, we need to make two passes
309 * when handling structs, unions and arrays; the first path simply looks
310 * for nonzero data, while the second actually does the display. The first
311 * pass is signalled by show->state.depth_check being set, and if we
312 * encounter a non-zero value we set show->state.depth_to_show to
313 * the depth at which we encountered it. When we have completed the
314 * first pass, we will know if anything needs to be displayed if
315 * depth_to_show > depth. See btf_[struct,array]_show() for the
316 * implementation of this.
318 * Another problem is we want to ensure the data for display is safe to
319 * access. To support this, the anonymous "struct {} obj" tracks the data
320 * object and our safe copy of it. We copy portions of the data needed
321 * to the object "copy" buffer, but because its size is limited to
322 * BTF_SHOW_OBJ_COPY_LEN bytes, multiple copies may be required as we
323 * traverse larger objects for display.
325 * The various data type show functions all start with a call to
326 * btf_show_start_type() which returns a pointer to the safe copy
327 * of the data needed (or if BTF_SHOW_UNSAFE is specified, to the
328 * raw data itself). btf_show_obj_safe() is responsible for
329 * using copy_from_kernel_nofault() to update the safe data if necessary
330 * as we traverse the object's data. skbuff-like semantics are
333 * - obj.head points to the start of the toplevel object for display
334 * - obj.size is the size of the toplevel object
335 * - obj.data points to the current point in the original data at
336 * which our safe data starts. obj.data will advance as we copy
337 * portions of the data.
339 * In most cases a single copy will suffice, but larger data structures
340 * such as "struct task_struct" will require many copies. The logic in
341 * btf_show_obj_safe() handles the logic that determines if a new
342 * copy_from_kernel_nofault() is needed.
346 void *target; /* target of show operation (seq file, buffer) */
347 void (*showfn)(struct btf_show *show, const char *fmt, va_list args);
348 const struct btf *btf;
349 /* below are used during iteration */
358 int status; /* non-zero for error */
359 const struct btf_type *type;
360 const struct btf_member *member;
361 char name[BTF_SHOW_NAME_SIZE]; /* space for member name/type */
367 u8 safe[BTF_SHOW_OBJ_SAFE_SIZE];
371 struct btf_kind_operations {
372 s32 (*check_meta)(struct btf_verifier_env *env,
373 const struct btf_type *t,
375 int (*resolve)(struct btf_verifier_env *env,
376 const struct resolve_vertex *v);
377 int (*check_member)(struct btf_verifier_env *env,
378 const struct btf_type *struct_type,
379 const struct btf_member *member,
380 const struct btf_type *member_type);
381 int (*check_kflag_member)(struct btf_verifier_env *env,
382 const struct btf_type *struct_type,
383 const struct btf_member *member,
384 const struct btf_type *member_type);
385 void (*log_details)(struct btf_verifier_env *env,
386 const struct btf_type *t);
387 void (*show)(const struct btf *btf, const struct btf_type *t,
388 u32 type_id, void *data, u8 bits_offsets,
389 struct btf_show *show);
392 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS];
393 static struct btf_type btf_void;
395 static int btf_resolve(struct btf_verifier_env *env,
396 const struct btf_type *t, u32 type_id);
398 static bool btf_type_is_modifier(const struct btf_type *t)
400 /* Some of them is not strictly a C modifier
401 * but they are grouped into the same bucket
403 * A type (t) that refers to another
404 * type through t->type AND its size cannot
405 * be determined without following the t->type.
407 * ptr does not fall into this bucket
408 * because its size is always sizeof(void *).
410 switch (BTF_INFO_KIND(t->info)) {
411 case BTF_KIND_TYPEDEF:
412 case BTF_KIND_VOLATILE:
414 case BTF_KIND_RESTRICT:
421 bool btf_type_is_void(const struct btf_type *t)
423 return t == &btf_void;
426 static bool btf_type_is_fwd(const struct btf_type *t)
428 return BTF_INFO_KIND(t->info) == BTF_KIND_FWD;
431 static bool btf_type_nosize(const struct btf_type *t)
433 return btf_type_is_void(t) || btf_type_is_fwd(t) ||
434 btf_type_is_func(t) || btf_type_is_func_proto(t);
437 static bool btf_type_nosize_or_null(const struct btf_type *t)
439 return !t || btf_type_nosize(t);
442 static bool __btf_type_is_struct(const struct btf_type *t)
444 return BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT;
447 static bool btf_type_is_array(const struct btf_type *t)
449 return BTF_INFO_KIND(t->info) == BTF_KIND_ARRAY;
452 static bool btf_type_is_datasec(const struct btf_type *t)
454 return BTF_INFO_KIND(t->info) == BTF_KIND_DATASEC;
457 static u32 btf_nr_types_total(const struct btf *btf)
462 total += btf->nr_types;
469 s32 btf_find_by_name_kind(const struct btf *btf, const char *name, u8 kind)
471 const struct btf_type *t;
475 total = btf_nr_types_total(btf);
476 for (i = 1; i < total; i++) {
477 t = btf_type_by_id(btf, i);
478 if (BTF_INFO_KIND(t->info) != kind)
481 tname = btf_name_by_offset(btf, t->name_off);
482 if (!strcmp(tname, name))
489 const struct btf_type *btf_type_skip_modifiers(const struct btf *btf,
492 const struct btf_type *t = btf_type_by_id(btf, id);
494 while (btf_type_is_modifier(t)) {
496 t = btf_type_by_id(btf, t->type);
505 const struct btf_type *btf_type_resolve_ptr(const struct btf *btf,
508 const struct btf_type *t;
510 t = btf_type_skip_modifiers(btf, id, NULL);
511 if (!btf_type_is_ptr(t))
514 return btf_type_skip_modifiers(btf, t->type, res_id);
517 const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf,
520 const struct btf_type *ptype;
522 ptype = btf_type_resolve_ptr(btf, id, res_id);
523 if (ptype && btf_type_is_func_proto(ptype))
529 /* Types that act only as a source, not sink or intermediate
530 * type when resolving.
532 static bool btf_type_is_resolve_source_only(const struct btf_type *t)
534 return btf_type_is_var(t) ||
535 btf_type_is_datasec(t);
538 /* What types need to be resolved?
540 * btf_type_is_modifier() is an obvious one.
542 * btf_type_is_struct() because its member refers to
543 * another type (through member->type).
545 * btf_type_is_var() because the variable refers to
546 * another type. btf_type_is_datasec() holds multiple
547 * btf_type_is_var() types that need resolving.
549 * btf_type_is_array() because its element (array->type)
550 * refers to another type. Array can be thought of a
551 * special case of struct while array just has the same
552 * member-type repeated by array->nelems of times.
554 static bool btf_type_needs_resolve(const struct btf_type *t)
556 return btf_type_is_modifier(t) ||
557 btf_type_is_ptr(t) ||
558 btf_type_is_struct(t) ||
559 btf_type_is_array(t) ||
560 btf_type_is_var(t) ||
561 btf_type_is_datasec(t);
564 /* t->size can be used */
565 static bool btf_type_has_size(const struct btf_type *t)
567 switch (BTF_INFO_KIND(t->info)) {
569 case BTF_KIND_STRUCT:
572 case BTF_KIND_DATASEC:
579 static const char *btf_int_encoding_str(u8 encoding)
583 else if (encoding == BTF_INT_SIGNED)
585 else if (encoding == BTF_INT_CHAR)
587 else if (encoding == BTF_INT_BOOL)
593 static u32 btf_type_int(const struct btf_type *t)
595 return *(u32 *)(t + 1);
598 static const struct btf_array *btf_type_array(const struct btf_type *t)
600 return (const struct btf_array *)(t + 1);
603 static const struct btf_enum *btf_type_enum(const struct btf_type *t)
605 return (const struct btf_enum *)(t + 1);
608 static const struct btf_var *btf_type_var(const struct btf_type *t)
610 return (const struct btf_var *)(t + 1);
613 static const struct btf_kind_operations *btf_type_ops(const struct btf_type *t)
615 return kind_ops[BTF_INFO_KIND(t->info)];
618 static bool btf_name_offset_valid(const struct btf *btf, u32 offset)
620 if (!BTF_STR_OFFSET_VALID(offset))
623 while (offset < btf->start_str_off)
626 offset -= btf->start_str_off;
627 return offset < btf->hdr.str_len;
630 static bool __btf_name_char_ok(char c, bool first, bool dot_ok)
632 if ((first ? !isalpha(c) :
635 ((c == '.' && !dot_ok) ||
641 static const char *btf_str_by_offset(const struct btf *btf, u32 offset)
643 while (offset < btf->start_str_off)
646 offset -= btf->start_str_off;
647 if (offset < btf->hdr.str_len)
648 return &btf->strings[offset];
653 static bool __btf_name_valid(const struct btf *btf, u32 offset, bool dot_ok)
655 /* offset must be valid */
656 const char *src = btf_str_by_offset(btf, offset);
657 const char *src_limit;
659 if (!__btf_name_char_ok(*src, true, dot_ok))
662 /* set a limit on identifier length */
663 src_limit = src + KSYM_NAME_LEN;
665 while (*src && src < src_limit) {
666 if (!__btf_name_char_ok(*src, false, dot_ok))
674 /* Only C-style identifier is permitted. This can be relaxed if
677 static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
679 return __btf_name_valid(btf, offset, false);
682 static bool btf_name_valid_section(const struct btf *btf, u32 offset)
684 return __btf_name_valid(btf, offset, true);
687 static const char *__btf_name_by_offset(const struct btf *btf, u32 offset)
694 name = btf_str_by_offset(btf, offset);
695 return name ?: "(invalid-name-offset)";
698 const char *btf_name_by_offset(const struct btf *btf, u32 offset)
700 return btf_str_by_offset(btf, offset);
703 const struct btf_type *btf_type_by_id(const struct btf *btf, u32 type_id)
705 while (type_id < btf->start_id)
708 type_id -= btf->start_id;
709 if (type_id >= btf->nr_types)
711 return btf->types[type_id];
715 * Regular int is not a bit field and it must be either
716 * u8/u16/u32/u64 or __int128.
718 static bool btf_type_int_is_regular(const struct btf_type *t)
720 u8 nr_bits, nr_bytes;
723 int_data = btf_type_int(t);
724 nr_bits = BTF_INT_BITS(int_data);
725 nr_bytes = BITS_ROUNDUP_BYTES(nr_bits);
726 if (BITS_PER_BYTE_MASKED(nr_bits) ||
727 BTF_INT_OFFSET(int_data) ||
728 (nr_bytes != sizeof(u8) && nr_bytes != sizeof(u16) &&
729 nr_bytes != sizeof(u32) && nr_bytes != sizeof(u64) &&
730 nr_bytes != (2 * sizeof(u64)))) {
738 * Check that given struct member is a regular int with expected
741 bool btf_member_is_reg_int(const struct btf *btf, const struct btf_type *s,
742 const struct btf_member *m,
743 u32 expected_offset, u32 expected_size)
745 const struct btf_type *t;
750 t = btf_type_id_size(btf, &id, NULL);
751 if (!t || !btf_type_is_int(t))
754 int_data = btf_type_int(t);
755 nr_bits = BTF_INT_BITS(int_data);
756 if (btf_type_kflag(s)) {
757 u32 bitfield_size = BTF_MEMBER_BITFIELD_SIZE(m->offset);
758 u32 bit_offset = BTF_MEMBER_BIT_OFFSET(m->offset);
760 /* if kflag set, int should be a regular int and
761 * bit offset should be at byte boundary.
763 return !bitfield_size &&
764 BITS_ROUNDUP_BYTES(bit_offset) == expected_offset &&
765 BITS_ROUNDUP_BYTES(nr_bits) == expected_size;
768 if (BTF_INT_OFFSET(int_data) ||
769 BITS_PER_BYTE_MASKED(m->offset) ||
770 BITS_ROUNDUP_BYTES(m->offset) != expected_offset ||
771 BITS_PER_BYTE_MASKED(nr_bits) ||
772 BITS_ROUNDUP_BYTES(nr_bits) != expected_size)
778 /* Similar to btf_type_skip_modifiers() but does not skip typedefs. */
779 static const struct btf_type *btf_type_skip_qualifiers(const struct btf *btf,
782 const struct btf_type *t = btf_type_by_id(btf, id);
784 while (btf_type_is_modifier(t) &&
785 BTF_INFO_KIND(t->info) != BTF_KIND_TYPEDEF) {
787 t = btf_type_by_id(btf, t->type);
793 #define BTF_SHOW_MAX_ITER 10
795 #define BTF_KIND_BIT(kind) (1ULL << kind)
798 * Populate show->state.name with type name information.
799 * Format of type name is
801 * [.member_name = ] (type_name)
803 static const char *btf_show_name(struct btf_show *show)
805 /* BTF_MAX_ITER array suffixes "[]" */
806 const char *array_suffixes = "[][][][][][][][][][]";
807 const char *array_suffix = &array_suffixes[strlen(array_suffixes)];
808 /* BTF_MAX_ITER pointer suffixes "*" */
809 const char *ptr_suffixes = "**********";
810 const char *ptr_suffix = &ptr_suffixes[strlen(ptr_suffixes)];
811 const char *name = NULL, *prefix = "", *parens = "";
812 const struct btf_member *m = show->state.member;
813 const struct btf_type *t = show->state.type;
814 const struct btf_array *array;
815 u32 id = show->state.type_id;
816 const char *member = NULL;
817 bool show_member = false;
821 show->state.name[0] = '\0';
824 * Don't show type name if we're showing an array member;
825 * in that case we show the array type so don't need to repeat
826 * ourselves for each member.
828 if (show->state.array_member)
831 /* Retrieve member name, if any. */
833 member = btf_name_by_offset(show->btf, m->name_off);
834 show_member = strlen(member) > 0;
839 * Start with type_id, as we have resolved the struct btf_type *
840 * via btf_modifier_show() past the parent typedef to the child
841 * struct, int etc it is defined as. In such cases, the type_id
842 * still represents the starting type while the struct btf_type *
843 * in our show->state points at the resolved type of the typedef.
845 t = btf_type_by_id(show->btf, id);
850 * The goal here is to build up the right number of pointer and
851 * array suffixes while ensuring the type name for a typedef
852 * is represented. Along the way we accumulate a list of
853 * BTF kinds we have encountered, since these will inform later
854 * display; for example, pointer types will not require an
855 * opening "{" for struct, we will just display the pointer value.
857 * We also want to accumulate the right number of pointer or array
858 * indices in the format string while iterating until we get to
859 * the typedef/pointee/array member target type.
861 * We start by pointing at the end of pointer and array suffix
862 * strings; as we accumulate pointers and arrays we move the pointer
863 * or array string backwards so it will show the expected number of
864 * '*' or '[]' for the type. BTF_SHOW_MAX_ITER of nesting of pointers
865 * and/or arrays and typedefs are supported as a precaution.
867 * We also want to get typedef name while proceeding to resolve
868 * type it points to so that we can add parentheses if it is a
869 * "typedef struct" etc.
871 for (i = 0; i < BTF_SHOW_MAX_ITER; i++) {
873 switch (BTF_INFO_KIND(t->info)) {
874 case BTF_KIND_TYPEDEF:
876 name = btf_name_by_offset(show->btf,
878 kinds |= BTF_KIND_BIT(BTF_KIND_TYPEDEF);
882 kinds |= BTF_KIND_BIT(BTF_KIND_ARRAY);
886 array = btf_type_array(t);
887 if (array_suffix > array_suffixes)
892 kinds |= BTF_KIND_BIT(BTF_KIND_PTR);
893 if (ptr_suffix > ptr_suffixes)
903 t = btf_type_skip_qualifiers(show->btf, id);
905 /* We may not be able to represent this type; bail to be safe */
906 if (i == BTF_SHOW_MAX_ITER)
910 name = btf_name_by_offset(show->btf, t->name_off);
912 switch (BTF_INFO_KIND(t->info)) {
913 case BTF_KIND_STRUCT:
915 prefix = BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT ?
917 /* if it's an array of struct/union, parens is already set */
918 if (!(kinds & (BTF_KIND_BIT(BTF_KIND_ARRAY))))
928 /* pointer does not require parens */
929 if (kinds & BTF_KIND_BIT(BTF_KIND_PTR))
931 /* typedef does not require struct/union/enum prefix */
932 if (kinds & BTF_KIND_BIT(BTF_KIND_TYPEDEF))
938 /* Even if we don't want type name info, we want parentheses etc */
939 if (show->flags & BTF_SHOW_NONAME)
940 snprintf(show->state.name, sizeof(show->state.name), "%s",
943 snprintf(show->state.name, sizeof(show->state.name),
944 "%s%s%s(%s%s%s%s%s%s)%s",
945 /* first 3 strings comprise ".member = " */
946 show_member ? "." : "",
947 show_member ? member : "",
948 show_member ? " = " : "",
949 /* ...next is our prefix (struct, enum, etc) */
951 strlen(prefix) > 0 && strlen(name) > 0 ? " " : "",
952 /* ...this is the type name itself */
954 /* ...suffixed by the appropriate '*', '[]' suffixes */
955 strlen(ptr_suffix) > 0 ? " " : "", ptr_suffix,
956 array_suffix, parens);
958 return show->state.name;
961 static const char *__btf_show_indent(struct btf_show *show)
963 const char *indents = " ";
964 const char *indent = &indents[strlen(indents)];
966 if ((indent - show->state.depth) >= indents)
967 return indent - show->state.depth;
971 static const char *btf_show_indent(struct btf_show *show)
973 return show->flags & BTF_SHOW_COMPACT ? "" : __btf_show_indent(show);
976 static const char *btf_show_newline(struct btf_show *show)
978 return show->flags & BTF_SHOW_COMPACT ? "" : "\n";
981 static const char *btf_show_delim(struct btf_show *show)
983 if (show->state.depth == 0)
986 if ((show->flags & BTF_SHOW_COMPACT) && show->state.type &&
987 BTF_INFO_KIND(show->state.type->info) == BTF_KIND_UNION)
993 __printf(2, 3) static void btf_show(struct btf_show *show, const char *fmt, ...)
997 if (!show->state.depth_check) {
999 show->showfn(show, fmt, args);
1004 /* Macros are used here as btf_show_type_value[s]() prepends and appends
1005 * format specifiers to the format specifier passed in; these do the work of
1006 * adding indentation, delimiters etc while the caller simply has to specify
1007 * the type value(s) in the format specifier + value(s).
1009 #define btf_show_type_value(show, fmt, value) \
1011 if ((value) != 0 || (show->flags & BTF_SHOW_ZERO) || \
1012 show->state.depth == 0) { \
1013 btf_show(show, "%s%s" fmt "%s%s", \
1014 btf_show_indent(show), \
1015 btf_show_name(show), \
1016 value, btf_show_delim(show), \
1017 btf_show_newline(show)); \
1018 if (show->state.depth > show->state.depth_to_show) \
1019 show->state.depth_to_show = show->state.depth; \
1023 #define btf_show_type_values(show, fmt, ...) \
1025 btf_show(show, "%s%s" fmt "%s%s", btf_show_indent(show), \
1026 btf_show_name(show), \
1027 __VA_ARGS__, btf_show_delim(show), \
1028 btf_show_newline(show)); \
1029 if (show->state.depth > show->state.depth_to_show) \
1030 show->state.depth_to_show = show->state.depth; \
1033 /* How much is left to copy to safe buffer after @data? */
1034 static int btf_show_obj_size_left(struct btf_show *show, void *data)
1036 return show->obj.head + show->obj.size - data;
1039 /* Is object pointed to by @data of @size already copied to our safe buffer? */
1040 static bool btf_show_obj_is_safe(struct btf_show *show, void *data, int size)
1042 return data >= show->obj.data &&
1043 (data + size) < (show->obj.data + BTF_SHOW_OBJ_SAFE_SIZE);
1047 * If object pointed to by @data of @size falls within our safe buffer, return
1048 * the equivalent pointer to the same safe data. Assumes
1049 * copy_from_kernel_nofault() has already happened and our safe buffer is
1052 static void *__btf_show_obj_safe(struct btf_show *show, void *data, int size)
1054 if (btf_show_obj_is_safe(show, data, size))
1055 return show->obj.safe + (data - show->obj.data);
1060 * Return a safe-to-access version of data pointed to by @data.
1061 * We do this by copying the relevant amount of information
1062 * to the struct btf_show obj.safe buffer using copy_from_kernel_nofault().
1064 * If BTF_SHOW_UNSAFE is specified, just return data as-is; no
1065 * safe copy is needed.
1067 * Otherwise we need to determine if we have the required amount
1068 * of data (determined by the @data pointer and the size of the
1069 * largest base type we can encounter (represented by
1070 * BTF_SHOW_OBJ_BASE_TYPE_SIZE). Having that much data ensures
1071 * that we will be able to print some of the current object,
1072 * and if more is needed a copy will be triggered.
1073 * Some objects such as structs will not fit into the buffer;
1074 * in such cases additional copies when we iterate over their
1075 * members may be needed.
1077 * btf_show_obj_safe() is used to return a safe buffer for
1078 * btf_show_start_type(); this ensures that as we recurse into
1079 * nested types we always have safe data for the given type.
1080 * This approach is somewhat wasteful; it's possible for example
1081 * that when iterating over a large union we'll end up copying the
1082 * same data repeatedly, but the goal is safety not performance.
1083 * We use stack data as opposed to per-CPU buffers because the
1084 * iteration over a type can take some time, and preemption handling
1085 * would greatly complicate use of the safe buffer.
1087 static void *btf_show_obj_safe(struct btf_show *show,
1088 const struct btf_type *t,
1091 const struct btf_type *rt;
1092 int size_left, size;
1095 if (show->flags & BTF_SHOW_UNSAFE)
1098 rt = btf_resolve_size(show->btf, t, &size);
1100 show->state.status = PTR_ERR(rt);
1105 * Is this toplevel object? If so, set total object size and
1106 * initialize pointers. Otherwise check if we still fall within
1107 * our safe object data.
1109 if (show->state.depth == 0) {
1110 show->obj.size = size;
1111 show->obj.head = data;
1114 * If the size of the current object is > our remaining
1115 * safe buffer we _may_ need to do a new copy. However
1116 * consider the case of a nested struct; it's size pushes
1117 * us over the safe buffer limit, but showing any individual
1118 * struct members does not. In such cases, we don't need
1119 * to initiate a fresh copy yet; however we definitely need
1120 * at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes left
1121 * in our buffer, regardless of the current object size.
1122 * The logic here is that as we resolve types we will
1123 * hit a base type at some point, and we need to be sure
1124 * the next chunk of data is safely available to display
1125 * that type info safely. We cannot rely on the size of
1126 * the current object here because it may be much larger
1127 * than our current buffer (e.g. task_struct is 8k).
1128 * All we want to do here is ensure that we can print the
1129 * next basic type, which we can if either
1130 * - the current type size is within the safe buffer; or
1131 * - at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes are left in
1134 safe = __btf_show_obj_safe(show, data,
1136 BTF_SHOW_OBJ_BASE_TYPE_SIZE));
1140 * We need a new copy to our safe object, either because we haven't
1141 * yet copied and are intializing safe data, or because the data
1142 * we want falls outside the boundaries of the safe object.
1145 size_left = btf_show_obj_size_left(show, data);
1146 if (size_left > BTF_SHOW_OBJ_SAFE_SIZE)
1147 size_left = BTF_SHOW_OBJ_SAFE_SIZE;
1148 show->state.status = copy_from_kernel_nofault(show->obj.safe,
1150 if (!show->state.status) {
1151 show->obj.data = data;
1152 safe = show->obj.safe;
1160 * Set the type we are starting to show and return a safe data pointer
1161 * to be used for showing the associated data.
1163 static void *btf_show_start_type(struct btf_show *show,
1164 const struct btf_type *t,
1165 u32 type_id, void *data)
1167 show->state.type = t;
1168 show->state.type_id = type_id;
1169 show->state.name[0] = '\0';
1171 return btf_show_obj_safe(show, t, data);
1174 static void btf_show_end_type(struct btf_show *show)
1176 show->state.type = NULL;
1177 show->state.type_id = 0;
1178 show->state.name[0] = '\0';
1181 static void *btf_show_start_aggr_type(struct btf_show *show,
1182 const struct btf_type *t,
1183 u32 type_id, void *data)
1185 void *safe_data = btf_show_start_type(show, t, type_id, data);
1190 btf_show(show, "%s%s%s", btf_show_indent(show),
1191 btf_show_name(show),
1192 btf_show_newline(show));
1193 show->state.depth++;
1197 static void btf_show_end_aggr_type(struct btf_show *show,
1200 show->state.depth--;
1201 btf_show(show, "%s%s%s%s", btf_show_indent(show), suffix,
1202 btf_show_delim(show), btf_show_newline(show));
1203 btf_show_end_type(show);
1206 static void btf_show_start_member(struct btf_show *show,
1207 const struct btf_member *m)
1209 show->state.member = m;
1212 static void btf_show_start_array_member(struct btf_show *show)
1214 show->state.array_member = 1;
1215 btf_show_start_member(show, NULL);
1218 static void btf_show_end_member(struct btf_show *show)
1220 show->state.member = NULL;
1223 static void btf_show_end_array_member(struct btf_show *show)
1225 show->state.array_member = 0;
1226 btf_show_end_member(show);
1229 static void *btf_show_start_array_type(struct btf_show *show,
1230 const struct btf_type *t,
1235 show->state.array_encoding = array_encoding;
1236 show->state.array_terminated = 0;
1237 return btf_show_start_aggr_type(show, t, type_id, data);
1240 static void btf_show_end_array_type(struct btf_show *show)
1242 show->state.array_encoding = 0;
1243 show->state.array_terminated = 0;
1244 btf_show_end_aggr_type(show, "]");
1247 static void *btf_show_start_struct_type(struct btf_show *show,
1248 const struct btf_type *t,
1252 return btf_show_start_aggr_type(show, t, type_id, data);
1255 static void btf_show_end_struct_type(struct btf_show *show)
1257 btf_show_end_aggr_type(show, "}");
1260 __printf(2, 3) static void __btf_verifier_log(struct bpf_verifier_log *log,
1261 const char *fmt, ...)
1265 va_start(args, fmt);
1266 bpf_verifier_vlog(log, fmt, args);
1270 __printf(2, 3) static void btf_verifier_log(struct btf_verifier_env *env,
1271 const char *fmt, ...)
1273 struct bpf_verifier_log *log = &env->log;
1276 if (!bpf_verifier_log_needed(log))
1279 va_start(args, fmt);
1280 bpf_verifier_vlog(log, fmt, args);
1284 __printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,
1285 const struct btf_type *t,
1287 const char *fmt, ...)
1289 struct bpf_verifier_log *log = &env->log;
1290 u8 kind = BTF_INFO_KIND(t->info);
1291 struct btf *btf = env->btf;
1294 if (!bpf_verifier_log_needed(log))
1297 /* btf verifier prints all types it is processing via
1298 * btf_verifier_log_type(..., fmt = NULL).
1299 * Skip those prints for in-kernel BTF verification.
1301 if (log->level == BPF_LOG_KERNEL && !fmt)
1304 __btf_verifier_log(log, "[%u] %s %s%s",
1307 __btf_name_by_offset(btf, t->name_off),
1308 log_details ? " " : "");
1311 btf_type_ops(t)->log_details(env, t);
1314 __btf_verifier_log(log, " ");
1315 va_start(args, fmt);
1316 bpf_verifier_vlog(log, fmt, args);
1320 __btf_verifier_log(log, "\n");
1323 #define btf_verifier_log_type(env, t, ...) \
1324 __btf_verifier_log_type((env), (t), true, __VA_ARGS__)
1325 #define btf_verifier_log_basic(env, t, ...) \
1326 __btf_verifier_log_type((env), (t), false, __VA_ARGS__)
1329 static void btf_verifier_log_member(struct btf_verifier_env *env,
1330 const struct btf_type *struct_type,
1331 const struct btf_member *member,
1332 const char *fmt, ...)
1334 struct bpf_verifier_log *log = &env->log;
1335 struct btf *btf = env->btf;
1338 if (!bpf_verifier_log_needed(log))
1341 if (log->level == BPF_LOG_KERNEL && !fmt)
1343 /* The CHECK_META phase already did a btf dump.
1345 * If member is logged again, it must hit an error in
1346 * parsing this member. It is useful to print out which
1347 * struct this member belongs to.
1349 if (env->phase != CHECK_META)
1350 btf_verifier_log_type(env, struct_type, NULL);
1352 if (btf_type_kflag(struct_type))
1353 __btf_verifier_log(log,
1354 "\t%s type_id=%u bitfield_size=%u bits_offset=%u",
1355 __btf_name_by_offset(btf, member->name_off),
1357 BTF_MEMBER_BITFIELD_SIZE(member->offset),
1358 BTF_MEMBER_BIT_OFFSET(member->offset));
1360 __btf_verifier_log(log, "\t%s type_id=%u bits_offset=%u",
1361 __btf_name_by_offset(btf, member->name_off),
1362 member->type, member->offset);
1365 __btf_verifier_log(log, " ");
1366 va_start(args, fmt);
1367 bpf_verifier_vlog(log, fmt, args);
1371 __btf_verifier_log(log, "\n");
1375 static void btf_verifier_log_vsi(struct btf_verifier_env *env,
1376 const struct btf_type *datasec_type,
1377 const struct btf_var_secinfo *vsi,
1378 const char *fmt, ...)
1380 struct bpf_verifier_log *log = &env->log;
1383 if (!bpf_verifier_log_needed(log))
1385 if (log->level == BPF_LOG_KERNEL && !fmt)
1387 if (env->phase != CHECK_META)
1388 btf_verifier_log_type(env, datasec_type, NULL);
1390 __btf_verifier_log(log, "\t type_id=%u offset=%u size=%u",
1391 vsi->type, vsi->offset, vsi->size);
1393 __btf_verifier_log(log, " ");
1394 va_start(args, fmt);
1395 bpf_verifier_vlog(log, fmt, args);
1399 __btf_verifier_log(log, "\n");
1402 static void btf_verifier_log_hdr(struct btf_verifier_env *env,
1405 struct bpf_verifier_log *log = &env->log;
1406 const struct btf *btf = env->btf;
1407 const struct btf_header *hdr;
1409 if (!bpf_verifier_log_needed(log))
1412 if (log->level == BPF_LOG_KERNEL)
1415 __btf_verifier_log(log, "magic: 0x%x\n", hdr->magic);
1416 __btf_verifier_log(log, "version: %u\n", hdr->version);
1417 __btf_verifier_log(log, "flags: 0x%x\n", hdr->flags);
1418 __btf_verifier_log(log, "hdr_len: %u\n", hdr->hdr_len);
1419 __btf_verifier_log(log, "type_off: %u\n", hdr->type_off);
1420 __btf_verifier_log(log, "type_len: %u\n", hdr->type_len);
1421 __btf_verifier_log(log, "str_off: %u\n", hdr->str_off);
1422 __btf_verifier_log(log, "str_len: %u\n", hdr->str_len);
1423 __btf_verifier_log(log, "btf_total_size: %u\n", btf_data_size);
1426 static int btf_add_type(struct btf_verifier_env *env, struct btf_type *t)
1428 struct btf *btf = env->btf;
1430 if (btf->types_size == btf->nr_types) {
1431 /* Expand 'types' array */
1433 struct btf_type **new_types;
1434 u32 expand_by, new_size;
1436 if (btf->start_id + btf->types_size == BTF_MAX_TYPE) {
1437 btf_verifier_log(env, "Exceeded max num of types");
1441 expand_by = max_t(u32, btf->types_size >> 2, 16);
1442 new_size = min_t(u32, BTF_MAX_TYPE,
1443 btf->types_size + expand_by);
1445 new_types = kvcalloc(new_size, sizeof(*new_types),
1446 GFP_KERNEL | __GFP_NOWARN);
1450 if (btf->nr_types == 0) {
1451 if (!btf->base_btf) {
1452 /* lazily init VOID type */
1453 new_types[0] = &btf_void;
1457 memcpy(new_types, btf->types,
1458 sizeof(*btf->types) * btf->nr_types);
1462 btf->types = new_types;
1463 btf->types_size = new_size;
1466 btf->types[btf->nr_types++] = t;
1471 static int btf_alloc_id(struct btf *btf)
1475 idr_preload(GFP_KERNEL);
1476 spin_lock_bh(&btf_idr_lock);
1477 id = idr_alloc_cyclic(&btf_idr, btf, 1, INT_MAX, GFP_ATOMIC);
1480 spin_unlock_bh(&btf_idr_lock);
1483 if (WARN_ON_ONCE(!id))
1486 return id > 0 ? 0 : id;
1489 static void btf_free_id(struct btf *btf)
1491 unsigned long flags;
1494 * In map-in-map, calling map_delete_elem() on outer
1495 * map will call bpf_map_put on the inner map.
1496 * It will then eventually call btf_free_id()
1497 * on the inner map. Some of the map_delete_elem()
1498 * implementation may have irq disabled, so
1499 * we need to use the _irqsave() version instead
1500 * of the _bh() version.
1502 spin_lock_irqsave(&btf_idr_lock, flags);
1503 idr_remove(&btf_idr, btf->id);
1504 spin_unlock_irqrestore(&btf_idr_lock, flags);
1507 static void btf_free(struct btf *btf)
1510 kvfree(btf->resolved_sizes);
1511 kvfree(btf->resolved_ids);
1516 static void btf_free_rcu(struct rcu_head *rcu)
1518 struct btf *btf = container_of(rcu, struct btf, rcu);
1523 void btf_put(struct btf *btf)
1525 if (btf && refcount_dec_and_test(&btf->refcnt)) {
1527 call_rcu(&btf->rcu, btf_free_rcu);
1531 static int env_resolve_init(struct btf_verifier_env *env)
1533 struct btf *btf = env->btf;
1534 u32 nr_types = btf->nr_types;
1535 u32 *resolved_sizes = NULL;
1536 u32 *resolved_ids = NULL;
1537 u8 *visit_states = NULL;
1539 resolved_sizes = kvcalloc(nr_types, sizeof(*resolved_sizes),
1540 GFP_KERNEL | __GFP_NOWARN);
1541 if (!resolved_sizes)
1544 resolved_ids = kvcalloc(nr_types, sizeof(*resolved_ids),
1545 GFP_KERNEL | __GFP_NOWARN);
1549 visit_states = kvcalloc(nr_types, sizeof(*visit_states),
1550 GFP_KERNEL | __GFP_NOWARN);
1554 btf->resolved_sizes = resolved_sizes;
1555 btf->resolved_ids = resolved_ids;
1556 env->visit_states = visit_states;
1561 kvfree(resolved_sizes);
1562 kvfree(resolved_ids);
1563 kvfree(visit_states);
1567 static void btf_verifier_env_free(struct btf_verifier_env *env)
1569 kvfree(env->visit_states);
1573 static bool env_type_is_resolve_sink(const struct btf_verifier_env *env,
1574 const struct btf_type *next_type)
1576 switch (env->resolve_mode) {
1578 /* int, enum or void is a sink */
1579 return !btf_type_needs_resolve(next_type);
1581 /* int, enum, void, struct, array, func or func_proto is a sink
1584 return !btf_type_is_modifier(next_type) &&
1585 !btf_type_is_ptr(next_type);
1586 case RESOLVE_STRUCT_OR_ARRAY:
1587 /* int, enum, void, ptr, func or func_proto is a sink
1588 * for struct and array
1590 return !btf_type_is_modifier(next_type) &&
1591 !btf_type_is_array(next_type) &&
1592 !btf_type_is_struct(next_type);
1598 static bool env_type_is_resolved(const struct btf_verifier_env *env,
1601 /* base BTF types should be resolved by now */
1602 if (type_id < env->btf->start_id)
1605 return env->visit_states[type_id - env->btf->start_id] == RESOLVED;
1608 static int env_stack_push(struct btf_verifier_env *env,
1609 const struct btf_type *t, u32 type_id)
1611 const struct btf *btf = env->btf;
1612 struct resolve_vertex *v;
1614 if (env->top_stack == MAX_RESOLVE_DEPTH)
1617 if (type_id < btf->start_id
1618 || env->visit_states[type_id - btf->start_id] != NOT_VISITED)
1621 env->visit_states[type_id - btf->start_id] = VISITED;
1623 v = &env->stack[env->top_stack++];
1625 v->type_id = type_id;
1628 if (env->resolve_mode == RESOLVE_TBD) {
1629 if (btf_type_is_ptr(t))
1630 env->resolve_mode = RESOLVE_PTR;
1631 else if (btf_type_is_struct(t) || btf_type_is_array(t))
1632 env->resolve_mode = RESOLVE_STRUCT_OR_ARRAY;
1638 static void env_stack_set_next_member(struct btf_verifier_env *env,
1641 env->stack[env->top_stack - 1].next_member = next_member;
1644 static void env_stack_pop_resolved(struct btf_verifier_env *env,
1645 u32 resolved_type_id,
1648 u32 type_id = env->stack[--(env->top_stack)].type_id;
1649 struct btf *btf = env->btf;
1651 type_id -= btf->start_id; /* adjust to local type id */
1652 btf->resolved_sizes[type_id] = resolved_size;
1653 btf->resolved_ids[type_id] = resolved_type_id;
1654 env->visit_states[type_id] = RESOLVED;
1657 static const struct resolve_vertex *env_stack_peak(struct btf_verifier_env *env)
1659 return env->top_stack ? &env->stack[env->top_stack - 1] : NULL;
1662 /* Resolve the size of a passed-in "type"
1664 * type: is an array (e.g. u32 array[x][y])
1665 * return type: type "u32[x][y]", i.e. BTF_KIND_ARRAY,
1666 * *type_size: (x * y * sizeof(u32)). Hence, *type_size always
1667 * corresponds to the return type.
1669 * *elem_id: id of u32
1670 * *total_nelems: (x * y). Hence, individual elem size is
1671 * (*type_size / *total_nelems)
1672 * *type_id: id of type if it's changed within the function, 0 if not
1674 * type: is not an array (e.g. const struct X)
1675 * return type: type "struct X"
1676 * *type_size: sizeof(struct X)
1677 * *elem_type: same as return type ("struct X")
1680 * *type_id: id of type if it's changed within the function, 0 if not
1682 static const struct btf_type *
1683 __btf_resolve_size(const struct btf *btf, const struct btf_type *type,
1684 u32 *type_size, const struct btf_type **elem_type,
1685 u32 *elem_id, u32 *total_nelems, u32 *type_id)
1687 const struct btf_type *array_type = NULL;
1688 const struct btf_array *array = NULL;
1689 u32 i, size, nelems = 1, id = 0;
1691 for (i = 0; i < MAX_RESOLVE_DEPTH; i++) {
1692 switch (BTF_INFO_KIND(type->info)) {
1693 /* type->size can be used */
1695 case BTF_KIND_STRUCT:
1696 case BTF_KIND_UNION:
1702 size = sizeof(void *);
1706 case BTF_KIND_TYPEDEF:
1707 case BTF_KIND_VOLATILE:
1708 case BTF_KIND_CONST:
1709 case BTF_KIND_RESTRICT:
1711 type = btf_type_by_id(btf, type->type);
1714 case BTF_KIND_ARRAY:
1717 array = btf_type_array(type);
1718 if (nelems && array->nelems > U32_MAX / nelems)
1719 return ERR_PTR(-EINVAL);
1720 nelems *= array->nelems;
1721 type = btf_type_by_id(btf, array->type);
1724 /* type without size */
1726 return ERR_PTR(-EINVAL);
1730 return ERR_PTR(-EINVAL);
1733 if (nelems && size > U32_MAX / nelems)
1734 return ERR_PTR(-EINVAL);
1736 *type_size = nelems * size;
1738 *total_nelems = nelems;
1742 *elem_id = array ? array->type : 0;
1746 return array_type ? : type;
1749 const struct btf_type *
1750 btf_resolve_size(const struct btf *btf, const struct btf_type *type,
1753 return __btf_resolve_size(btf, type, type_size, NULL, NULL, NULL, NULL);
1756 static u32 btf_resolved_type_id(const struct btf *btf, u32 type_id)
1758 while (type_id < btf->start_id)
1759 btf = btf->base_btf;
1761 return btf->resolved_ids[type_id - btf->start_id];
1764 /* The input param "type_id" must point to a needs_resolve type */
1765 static const struct btf_type *btf_type_id_resolve(const struct btf *btf,
1768 *type_id = btf_resolved_type_id(btf, *type_id);
1769 return btf_type_by_id(btf, *type_id);
1772 static u32 btf_resolved_type_size(const struct btf *btf, u32 type_id)
1774 while (type_id < btf->start_id)
1775 btf = btf->base_btf;
1777 return btf->resolved_sizes[type_id - btf->start_id];
1780 const struct btf_type *btf_type_id_size(const struct btf *btf,
1781 u32 *type_id, u32 *ret_size)
1783 const struct btf_type *size_type;
1784 u32 size_type_id = *type_id;
1787 size_type = btf_type_by_id(btf, size_type_id);
1788 if (btf_type_nosize_or_null(size_type))
1791 if (btf_type_has_size(size_type)) {
1792 size = size_type->size;
1793 } else if (btf_type_is_array(size_type)) {
1794 size = btf_resolved_type_size(btf, size_type_id);
1795 } else if (btf_type_is_ptr(size_type)) {
1796 size = sizeof(void *);
1798 if (WARN_ON_ONCE(!btf_type_is_modifier(size_type) &&
1799 !btf_type_is_var(size_type)))
1802 size_type_id = btf_resolved_type_id(btf, size_type_id);
1803 size_type = btf_type_by_id(btf, size_type_id);
1804 if (btf_type_nosize_or_null(size_type))
1806 else if (btf_type_has_size(size_type))
1807 size = size_type->size;
1808 else if (btf_type_is_array(size_type))
1809 size = btf_resolved_type_size(btf, size_type_id);
1810 else if (btf_type_is_ptr(size_type))
1811 size = sizeof(void *);
1816 *type_id = size_type_id;
1823 static int btf_df_check_member(struct btf_verifier_env *env,
1824 const struct btf_type *struct_type,
1825 const struct btf_member *member,
1826 const struct btf_type *member_type)
1828 btf_verifier_log_basic(env, struct_type,
1829 "Unsupported check_member");
1833 static int btf_df_check_kflag_member(struct btf_verifier_env *env,
1834 const struct btf_type *struct_type,
1835 const struct btf_member *member,
1836 const struct btf_type *member_type)
1838 btf_verifier_log_basic(env, struct_type,
1839 "Unsupported check_kflag_member");
1843 /* Used for ptr, array and struct/union type members.
1844 * int, enum and modifier types have their specific callback functions.
1846 static int btf_generic_check_kflag_member(struct btf_verifier_env *env,
1847 const struct btf_type *struct_type,
1848 const struct btf_member *member,
1849 const struct btf_type *member_type)
1851 if (BTF_MEMBER_BITFIELD_SIZE(member->offset)) {
1852 btf_verifier_log_member(env, struct_type, member,
1853 "Invalid member bitfield_size");
1857 /* bitfield size is 0, so member->offset represents bit offset only.
1858 * It is safe to call non kflag check_member variants.
1860 return btf_type_ops(member_type)->check_member(env, struct_type,
1865 static int btf_df_resolve(struct btf_verifier_env *env,
1866 const struct resolve_vertex *v)
1868 btf_verifier_log_basic(env, v->t, "Unsupported resolve");
1872 static void btf_df_show(const struct btf *btf, const struct btf_type *t,
1873 u32 type_id, void *data, u8 bits_offsets,
1874 struct btf_show *show)
1876 btf_show(show, "<unsupported kind:%u>", BTF_INFO_KIND(t->info));
1879 static int btf_int_check_member(struct btf_verifier_env *env,
1880 const struct btf_type *struct_type,
1881 const struct btf_member *member,
1882 const struct btf_type *member_type)
1884 u32 int_data = btf_type_int(member_type);
1885 u32 struct_bits_off = member->offset;
1886 u32 struct_size = struct_type->size;
1890 if (U32_MAX - struct_bits_off < BTF_INT_OFFSET(int_data)) {
1891 btf_verifier_log_member(env, struct_type, member,
1892 "bits_offset exceeds U32_MAX");
1896 struct_bits_off += BTF_INT_OFFSET(int_data);
1897 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1898 nr_copy_bits = BTF_INT_BITS(int_data) +
1899 BITS_PER_BYTE_MASKED(struct_bits_off);
1901 if (nr_copy_bits > BITS_PER_U128) {
1902 btf_verifier_log_member(env, struct_type, member,
1903 "nr_copy_bits exceeds 128");
1907 if (struct_size < bytes_offset ||
1908 struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
1909 btf_verifier_log_member(env, struct_type, member,
1910 "Member exceeds struct_size");
1917 static int btf_int_check_kflag_member(struct btf_verifier_env *env,
1918 const struct btf_type *struct_type,
1919 const struct btf_member *member,
1920 const struct btf_type *member_type)
1922 u32 struct_bits_off, nr_bits, nr_int_data_bits, bytes_offset;
1923 u32 int_data = btf_type_int(member_type);
1924 u32 struct_size = struct_type->size;
1927 /* a regular int type is required for the kflag int member */
1928 if (!btf_type_int_is_regular(member_type)) {
1929 btf_verifier_log_member(env, struct_type, member,
1930 "Invalid member base type");
1934 /* check sanity of bitfield size */
1935 nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
1936 struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
1937 nr_int_data_bits = BTF_INT_BITS(int_data);
1939 /* Not a bitfield member, member offset must be at byte
1942 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
1943 btf_verifier_log_member(env, struct_type, member,
1944 "Invalid member offset");
1948 nr_bits = nr_int_data_bits;
1949 } else if (nr_bits > nr_int_data_bits) {
1950 btf_verifier_log_member(env, struct_type, member,
1951 "Invalid member bitfield_size");
1955 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1956 nr_copy_bits = nr_bits + BITS_PER_BYTE_MASKED(struct_bits_off);
1957 if (nr_copy_bits > BITS_PER_U128) {
1958 btf_verifier_log_member(env, struct_type, member,
1959 "nr_copy_bits exceeds 128");
1963 if (struct_size < bytes_offset ||
1964 struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
1965 btf_verifier_log_member(env, struct_type, member,
1966 "Member exceeds struct_size");
1973 static s32 btf_int_check_meta(struct btf_verifier_env *env,
1974 const struct btf_type *t,
1977 u32 int_data, nr_bits, meta_needed = sizeof(int_data);
1980 if (meta_left < meta_needed) {
1981 btf_verifier_log_basic(env, t,
1982 "meta_left:%u meta_needed:%u",
1983 meta_left, meta_needed);
1987 if (btf_type_vlen(t)) {
1988 btf_verifier_log_type(env, t, "vlen != 0");
1992 if (btf_type_kflag(t)) {
1993 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
1997 int_data = btf_type_int(t);
1998 if (int_data & ~BTF_INT_MASK) {
1999 btf_verifier_log_basic(env, t, "Invalid int_data:%x",
2004 nr_bits = BTF_INT_BITS(int_data) + BTF_INT_OFFSET(int_data);
2006 if (nr_bits > BITS_PER_U128) {
2007 btf_verifier_log_type(env, t, "nr_bits exceeds %zu",
2012 if (BITS_ROUNDUP_BYTES(nr_bits) > t->size) {
2013 btf_verifier_log_type(env, t, "nr_bits exceeds type_size");
2018 * Only one of the encoding bits is allowed and it
2019 * should be sufficient for the pretty print purpose (i.e. decoding).
2020 * Multiple bits can be allowed later if it is found
2021 * to be insufficient.
2023 encoding = BTF_INT_ENCODING(int_data);
2025 encoding != BTF_INT_SIGNED &&
2026 encoding != BTF_INT_CHAR &&
2027 encoding != BTF_INT_BOOL) {
2028 btf_verifier_log_type(env, t, "Unsupported encoding");
2032 btf_verifier_log_type(env, t, NULL);
2037 static void btf_int_log(struct btf_verifier_env *env,
2038 const struct btf_type *t)
2040 int int_data = btf_type_int(t);
2042 btf_verifier_log(env,
2043 "size=%u bits_offset=%u nr_bits=%u encoding=%s",
2044 t->size, BTF_INT_OFFSET(int_data),
2045 BTF_INT_BITS(int_data),
2046 btf_int_encoding_str(BTF_INT_ENCODING(int_data)));
2049 static void btf_int128_print(struct btf_show *show, void *data)
2051 /* data points to a __int128 number.
2053 * int128_num = *(__int128 *)data;
2054 * The below formulas shows what upper_num and lower_num represents:
2055 * upper_num = int128_num >> 64;
2056 * lower_num = int128_num & 0xffffffffFFFFFFFFULL;
2058 u64 upper_num, lower_num;
2060 #ifdef __BIG_ENDIAN_BITFIELD
2061 upper_num = *(u64 *)data;
2062 lower_num = *(u64 *)(data + 8);
2064 upper_num = *(u64 *)(data + 8);
2065 lower_num = *(u64 *)data;
2068 btf_show_type_value(show, "0x%llx", lower_num);
2070 btf_show_type_values(show, "0x%llx%016llx", upper_num,
2074 static void btf_int128_shift(u64 *print_num, u16 left_shift_bits,
2075 u16 right_shift_bits)
2077 u64 upper_num, lower_num;
2079 #ifdef __BIG_ENDIAN_BITFIELD
2080 upper_num = print_num[0];
2081 lower_num = print_num[1];
2083 upper_num = print_num[1];
2084 lower_num = print_num[0];
2087 /* shake out un-needed bits by shift/or operations */
2088 if (left_shift_bits >= 64) {
2089 upper_num = lower_num << (left_shift_bits - 64);
2092 upper_num = (upper_num << left_shift_bits) |
2093 (lower_num >> (64 - left_shift_bits));
2094 lower_num = lower_num << left_shift_bits;
2097 if (right_shift_bits >= 64) {
2098 lower_num = upper_num >> (right_shift_bits - 64);
2101 lower_num = (lower_num >> right_shift_bits) |
2102 (upper_num << (64 - right_shift_bits));
2103 upper_num = upper_num >> right_shift_bits;
2106 #ifdef __BIG_ENDIAN_BITFIELD
2107 print_num[0] = upper_num;
2108 print_num[1] = lower_num;
2110 print_num[0] = lower_num;
2111 print_num[1] = upper_num;
2115 static void btf_bitfield_show(void *data, u8 bits_offset,
2116 u8 nr_bits, struct btf_show *show)
2118 u16 left_shift_bits, right_shift_bits;
2121 u64 print_num[2] = {};
2123 nr_copy_bits = nr_bits + bits_offset;
2124 nr_copy_bytes = BITS_ROUNDUP_BYTES(nr_copy_bits);
2126 memcpy(print_num, data, nr_copy_bytes);
2128 #ifdef __BIG_ENDIAN_BITFIELD
2129 left_shift_bits = bits_offset;
2131 left_shift_bits = BITS_PER_U128 - nr_copy_bits;
2133 right_shift_bits = BITS_PER_U128 - nr_bits;
2135 btf_int128_shift(print_num, left_shift_bits, right_shift_bits);
2136 btf_int128_print(show, print_num);
2140 static void btf_int_bits_show(const struct btf *btf,
2141 const struct btf_type *t,
2142 void *data, u8 bits_offset,
2143 struct btf_show *show)
2145 u32 int_data = btf_type_int(t);
2146 u8 nr_bits = BTF_INT_BITS(int_data);
2147 u8 total_bits_offset;
2150 * bits_offset is at most 7.
2151 * BTF_INT_OFFSET() cannot exceed 128 bits.
2153 total_bits_offset = bits_offset + BTF_INT_OFFSET(int_data);
2154 data += BITS_ROUNDDOWN_BYTES(total_bits_offset);
2155 bits_offset = BITS_PER_BYTE_MASKED(total_bits_offset);
2156 btf_bitfield_show(data, bits_offset, nr_bits, show);
2159 static void btf_int_show(const struct btf *btf, const struct btf_type *t,
2160 u32 type_id, void *data, u8 bits_offset,
2161 struct btf_show *show)
2163 u32 int_data = btf_type_int(t);
2164 u8 encoding = BTF_INT_ENCODING(int_data);
2165 bool sign = encoding & BTF_INT_SIGNED;
2166 u8 nr_bits = BTF_INT_BITS(int_data);
2169 safe_data = btf_show_start_type(show, t, type_id, data);
2173 if (bits_offset || BTF_INT_OFFSET(int_data) ||
2174 BITS_PER_BYTE_MASKED(nr_bits)) {
2175 btf_int_bits_show(btf, t, safe_data, bits_offset, show);
2181 btf_int128_print(show, safe_data);
2185 btf_show_type_value(show, "%lld", *(s64 *)safe_data);
2187 btf_show_type_value(show, "%llu", *(u64 *)safe_data);
2191 btf_show_type_value(show, "%d", *(s32 *)safe_data);
2193 btf_show_type_value(show, "%u", *(u32 *)safe_data);
2197 btf_show_type_value(show, "%d", *(s16 *)safe_data);
2199 btf_show_type_value(show, "%u", *(u16 *)safe_data);
2202 if (show->state.array_encoding == BTF_INT_CHAR) {
2203 /* check for null terminator */
2204 if (show->state.array_terminated)
2206 if (*(char *)data == '\0') {
2207 show->state.array_terminated = 1;
2210 if (isprint(*(char *)data)) {
2211 btf_show_type_value(show, "'%c'",
2212 *(char *)safe_data);
2217 btf_show_type_value(show, "%d", *(s8 *)safe_data);
2219 btf_show_type_value(show, "%u", *(u8 *)safe_data);
2222 btf_int_bits_show(btf, t, safe_data, bits_offset, show);
2226 btf_show_end_type(show);
2229 static const struct btf_kind_operations int_ops = {
2230 .check_meta = btf_int_check_meta,
2231 .resolve = btf_df_resolve,
2232 .check_member = btf_int_check_member,
2233 .check_kflag_member = btf_int_check_kflag_member,
2234 .log_details = btf_int_log,
2235 .show = btf_int_show,
2238 static int btf_modifier_check_member(struct btf_verifier_env *env,
2239 const struct btf_type *struct_type,
2240 const struct btf_member *member,
2241 const struct btf_type *member_type)
2243 const struct btf_type *resolved_type;
2244 u32 resolved_type_id = member->type;
2245 struct btf_member resolved_member;
2246 struct btf *btf = env->btf;
2248 resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
2249 if (!resolved_type) {
2250 btf_verifier_log_member(env, struct_type, member,
2255 resolved_member = *member;
2256 resolved_member.type = resolved_type_id;
2258 return btf_type_ops(resolved_type)->check_member(env, struct_type,
2263 static int btf_modifier_check_kflag_member(struct btf_verifier_env *env,
2264 const struct btf_type *struct_type,
2265 const struct btf_member *member,
2266 const struct btf_type *member_type)
2268 const struct btf_type *resolved_type;
2269 u32 resolved_type_id = member->type;
2270 struct btf_member resolved_member;
2271 struct btf *btf = env->btf;
2273 resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
2274 if (!resolved_type) {
2275 btf_verifier_log_member(env, struct_type, member,
2280 resolved_member = *member;
2281 resolved_member.type = resolved_type_id;
2283 return btf_type_ops(resolved_type)->check_kflag_member(env, struct_type,
2288 static int btf_ptr_check_member(struct btf_verifier_env *env,
2289 const struct btf_type *struct_type,
2290 const struct btf_member *member,
2291 const struct btf_type *member_type)
2293 u32 struct_size, struct_bits_off, bytes_offset;
2295 struct_size = struct_type->size;
2296 struct_bits_off = member->offset;
2297 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2299 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2300 btf_verifier_log_member(env, struct_type, member,
2301 "Member is not byte aligned");
2305 if (struct_size - bytes_offset < sizeof(void *)) {
2306 btf_verifier_log_member(env, struct_type, member,
2307 "Member exceeds struct_size");
2314 static int btf_ref_type_check_meta(struct btf_verifier_env *env,
2315 const struct btf_type *t,
2318 if (btf_type_vlen(t)) {
2319 btf_verifier_log_type(env, t, "vlen != 0");
2323 if (btf_type_kflag(t)) {
2324 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
2328 if (!BTF_TYPE_ID_VALID(t->type)) {
2329 btf_verifier_log_type(env, t, "Invalid type_id");
2333 /* typedef type must have a valid name, and other ref types,
2334 * volatile, const, restrict, should have a null name.
2336 if (BTF_INFO_KIND(t->info) == BTF_KIND_TYPEDEF) {
2338 !btf_name_valid_identifier(env->btf, t->name_off)) {
2339 btf_verifier_log_type(env, t, "Invalid name");
2344 btf_verifier_log_type(env, t, "Invalid name");
2349 btf_verifier_log_type(env, t, NULL);
2354 static int btf_modifier_resolve(struct btf_verifier_env *env,
2355 const struct resolve_vertex *v)
2357 const struct btf_type *t = v->t;
2358 const struct btf_type *next_type;
2359 u32 next_type_id = t->type;
2360 struct btf *btf = env->btf;
2362 next_type = btf_type_by_id(btf, next_type_id);
2363 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2364 btf_verifier_log_type(env, v->t, "Invalid type_id");
2368 if (!env_type_is_resolve_sink(env, next_type) &&
2369 !env_type_is_resolved(env, next_type_id))
2370 return env_stack_push(env, next_type, next_type_id);
2372 /* Figure out the resolved next_type_id with size.
2373 * They will be stored in the current modifier's
2374 * resolved_ids and resolved_sizes such that it can
2375 * save us a few type-following when we use it later (e.g. in
2378 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2379 if (env_type_is_resolved(env, next_type_id))
2380 next_type = btf_type_id_resolve(btf, &next_type_id);
2382 /* "typedef void new_void", "const void"...etc */
2383 if (!btf_type_is_void(next_type) &&
2384 !btf_type_is_fwd(next_type) &&
2385 !btf_type_is_func_proto(next_type)) {
2386 btf_verifier_log_type(env, v->t, "Invalid type_id");
2391 env_stack_pop_resolved(env, next_type_id, 0);
2396 static int btf_var_resolve(struct btf_verifier_env *env,
2397 const struct resolve_vertex *v)
2399 const struct btf_type *next_type;
2400 const struct btf_type *t = v->t;
2401 u32 next_type_id = t->type;
2402 struct btf *btf = env->btf;
2404 next_type = btf_type_by_id(btf, next_type_id);
2405 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2406 btf_verifier_log_type(env, v->t, "Invalid type_id");
2410 if (!env_type_is_resolve_sink(env, next_type) &&
2411 !env_type_is_resolved(env, next_type_id))
2412 return env_stack_push(env, next_type, next_type_id);
2414 if (btf_type_is_modifier(next_type)) {
2415 const struct btf_type *resolved_type;
2416 u32 resolved_type_id;
2418 resolved_type_id = next_type_id;
2419 resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
2421 if (btf_type_is_ptr(resolved_type) &&
2422 !env_type_is_resolve_sink(env, resolved_type) &&
2423 !env_type_is_resolved(env, resolved_type_id))
2424 return env_stack_push(env, resolved_type,
2428 /* We must resolve to something concrete at this point, no
2429 * forward types or similar that would resolve to size of
2432 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2433 btf_verifier_log_type(env, v->t, "Invalid type_id");
2437 env_stack_pop_resolved(env, next_type_id, 0);
2442 static int btf_ptr_resolve(struct btf_verifier_env *env,
2443 const struct resolve_vertex *v)
2445 const struct btf_type *next_type;
2446 const struct btf_type *t = v->t;
2447 u32 next_type_id = t->type;
2448 struct btf *btf = env->btf;
2450 next_type = btf_type_by_id(btf, next_type_id);
2451 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2452 btf_verifier_log_type(env, v->t, "Invalid type_id");
2456 if (!env_type_is_resolve_sink(env, next_type) &&
2457 !env_type_is_resolved(env, next_type_id))
2458 return env_stack_push(env, next_type, next_type_id);
2460 /* If the modifier was RESOLVED during RESOLVE_STRUCT_OR_ARRAY,
2461 * the modifier may have stopped resolving when it was resolved
2462 * to a ptr (last-resolved-ptr).
2464 * We now need to continue from the last-resolved-ptr to
2465 * ensure the last-resolved-ptr will not referring back to
2466 * the currenct ptr (t).
2468 if (btf_type_is_modifier(next_type)) {
2469 const struct btf_type *resolved_type;
2470 u32 resolved_type_id;
2472 resolved_type_id = next_type_id;
2473 resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
2475 if (btf_type_is_ptr(resolved_type) &&
2476 !env_type_is_resolve_sink(env, resolved_type) &&
2477 !env_type_is_resolved(env, resolved_type_id))
2478 return env_stack_push(env, resolved_type,
2482 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2483 if (env_type_is_resolved(env, next_type_id))
2484 next_type = btf_type_id_resolve(btf, &next_type_id);
2486 if (!btf_type_is_void(next_type) &&
2487 !btf_type_is_fwd(next_type) &&
2488 !btf_type_is_func_proto(next_type)) {
2489 btf_verifier_log_type(env, v->t, "Invalid type_id");
2494 env_stack_pop_resolved(env, next_type_id, 0);
2499 static void btf_modifier_show(const struct btf *btf,
2500 const struct btf_type *t,
2501 u32 type_id, void *data,
2502 u8 bits_offset, struct btf_show *show)
2504 if (btf->resolved_ids)
2505 t = btf_type_id_resolve(btf, &type_id);
2507 t = btf_type_skip_modifiers(btf, type_id, NULL);
2509 btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
2512 static void btf_var_show(const struct btf *btf, const struct btf_type *t,
2513 u32 type_id, void *data, u8 bits_offset,
2514 struct btf_show *show)
2516 t = btf_type_id_resolve(btf, &type_id);
2518 btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
2521 static void btf_ptr_show(const struct btf *btf, const struct btf_type *t,
2522 u32 type_id, void *data, u8 bits_offset,
2523 struct btf_show *show)
2527 safe_data = btf_show_start_type(show, t, type_id, data);
2531 /* It is a hashed value unless BTF_SHOW_PTR_RAW is specified */
2532 if (show->flags & BTF_SHOW_PTR_RAW)
2533 btf_show_type_value(show, "0x%px", *(void **)safe_data);
2535 btf_show_type_value(show, "0x%p", *(void **)safe_data);
2536 btf_show_end_type(show);
2539 static void btf_ref_type_log(struct btf_verifier_env *env,
2540 const struct btf_type *t)
2542 btf_verifier_log(env, "type_id=%u", t->type);
2545 static struct btf_kind_operations modifier_ops = {
2546 .check_meta = btf_ref_type_check_meta,
2547 .resolve = btf_modifier_resolve,
2548 .check_member = btf_modifier_check_member,
2549 .check_kflag_member = btf_modifier_check_kflag_member,
2550 .log_details = btf_ref_type_log,
2551 .show = btf_modifier_show,
2554 static struct btf_kind_operations ptr_ops = {
2555 .check_meta = btf_ref_type_check_meta,
2556 .resolve = btf_ptr_resolve,
2557 .check_member = btf_ptr_check_member,
2558 .check_kflag_member = btf_generic_check_kflag_member,
2559 .log_details = btf_ref_type_log,
2560 .show = btf_ptr_show,
2563 static s32 btf_fwd_check_meta(struct btf_verifier_env *env,
2564 const struct btf_type *t,
2567 if (btf_type_vlen(t)) {
2568 btf_verifier_log_type(env, t, "vlen != 0");
2573 btf_verifier_log_type(env, t, "type != 0");
2577 /* fwd type must have a valid name */
2579 !btf_name_valid_identifier(env->btf, t->name_off)) {
2580 btf_verifier_log_type(env, t, "Invalid name");
2584 btf_verifier_log_type(env, t, NULL);
2589 static void btf_fwd_type_log(struct btf_verifier_env *env,
2590 const struct btf_type *t)
2592 btf_verifier_log(env, "%s", btf_type_kflag(t) ? "union" : "struct");
2595 static struct btf_kind_operations fwd_ops = {
2596 .check_meta = btf_fwd_check_meta,
2597 .resolve = btf_df_resolve,
2598 .check_member = btf_df_check_member,
2599 .check_kflag_member = btf_df_check_kflag_member,
2600 .log_details = btf_fwd_type_log,
2601 .show = btf_df_show,
2604 static int btf_array_check_member(struct btf_verifier_env *env,
2605 const struct btf_type *struct_type,
2606 const struct btf_member *member,
2607 const struct btf_type *member_type)
2609 u32 struct_bits_off = member->offset;
2610 u32 struct_size, bytes_offset;
2611 u32 array_type_id, array_size;
2612 struct btf *btf = env->btf;
2614 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2615 btf_verifier_log_member(env, struct_type, member,
2616 "Member is not byte aligned");
2620 array_type_id = member->type;
2621 btf_type_id_size(btf, &array_type_id, &array_size);
2622 struct_size = struct_type->size;
2623 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2624 if (struct_size - bytes_offset < array_size) {
2625 btf_verifier_log_member(env, struct_type, member,
2626 "Member exceeds struct_size");
2633 static s32 btf_array_check_meta(struct btf_verifier_env *env,
2634 const struct btf_type *t,
2637 const struct btf_array *array = btf_type_array(t);
2638 u32 meta_needed = sizeof(*array);
2640 if (meta_left < meta_needed) {
2641 btf_verifier_log_basic(env, t,
2642 "meta_left:%u meta_needed:%u",
2643 meta_left, meta_needed);
2647 /* array type should not have a name */
2649 btf_verifier_log_type(env, t, "Invalid name");
2653 if (btf_type_vlen(t)) {
2654 btf_verifier_log_type(env, t, "vlen != 0");
2658 if (btf_type_kflag(t)) {
2659 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
2664 btf_verifier_log_type(env, t, "size != 0");
2668 /* Array elem type and index type cannot be in type void,
2669 * so !array->type and !array->index_type are not allowed.
2671 if (!array->type || !BTF_TYPE_ID_VALID(array->type)) {
2672 btf_verifier_log_type(env, t, "Invalid elem");
2676 if (!array->index_type || !BTF_TYPE_ID_VALID(array->index_type)) {
2677 btf_verifier_log_type(env, t, "Invalid index");
2681 btf_verifier_log_type(env, t, NULL);
2686 static int btf_array_resolve(struct btf_verifier_env *env,
2687 const struct resolve_vertex *v)
2689 const struct btf_array *array = btf_type_array(v->t);
2690 const struct btf_type *elem_type, *index_type;
2691 u32 elem_type_id, index_type_id;
2692 struct btf *btf = env->btf;
2695 /* Check array->index_type */
2696 index_type_id = array->index_type;
2697 index_type = btf_type_by_id(btf, index_type_id);
2698 if (btf_type_nosize_or_null(index_type) ||
2699 btf_type_is_resolve_source_only(index_type)) {
2700 btf_verifier_log_type(env, v->t, "Invalid index");
2704 if (!env_type_is_resolve_sink(env, index_type) &&
2705 !env_type_is_resolved(env, index_type_id))
2706 return env_stack_push(env, index_type, index_type_id);
2708 index_type = btf_type_id_size(btf, &index_type_id, NULL);
2709 if (!index_type || !btf_type_is_int(index_type) ||
2710 !btf_type_int_is_regular(index_type)) {
2711 btf_verifier_log_type(env, v->t, "Invalid index");
2715 /* Check array->type */
2716 elem_type_id = array->type;
2717 elem_type = btf_type_by_id(btf, elem_type_id);
2718 if (btf_type_nosize_or_null(elem_type) ||
2719 btf_type_is_resolve_source_only(elem_type)) {
2720 btf_verifier_log_type(env, v->t,
2725 if (!env_type_is_resolve_sink(env, elem_type) &&
2726 !env_type_is_resolved(env, elem_type_id))
2727 return env_stack_push(env, elem_type, elem_type_id);
2729 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
2731 btf_verifier_log_type(env, v->t, "Invalid elem");
2735 if (btf_type_is_int(elem_type) && !btf_type_int_is_regular(elem_type)) {
2736 btf_verifier_log_type(env, v->t, "Invalid array of int");
2740 if (array->nelems && elem_size > U32_MAX / array->nelems) {
2741 btf_verifier_log_type(env, v->t,
2742 "Array size overflows U32_MAX");
2746 env_stack_pop_resolved(env, elem_type_id, elem_size * array->nelems);
2751 static void btf_array_log(struct btf_verifier_env *env,
2752 const struct btf_type *t)
2754 const struct btf_array *array = btf_type_array(t);
2756 btf_verifier_log(env, "type_id=%u index_type_id=%u nr_elems=%u",
2757 array->type, array->index_type, array->nelems);
2760 static void __btf_array_show(const struct btf *btf, const struct btf_type *t,
2761 u32 type_id, void *data, u8 bits_offset,
2762 struct btf_show *show)
2764 const struct btf_array *array = btf_type_array(t);
2765 const struct btf_kind_operations *elem_ops;
2766 const struct btf_type *elem_type;
2767 u32 i, elem_size = 0, elem_type_id;
2770 elem_type_id = array->type;
2771 elem_type = btf_type_skip_modifiers(btf, elem_type_id, NULL);
2772 if (elem_type && btf_type_has_size(elem_type))
2773 elem_size = elem_type->size;
2775 if (elem_type && btf_type_is_int(elem_type)) {
2776 u32 int_type = btf_type_int(elem_type);
2778 encoding = BTF_INT_ENCODING(int_type);
2781 * BTF_INT_CHAR encoding never seems to be set for
2782 * char arrays, so if size is 1 and element is
2783 * printable as a char, we'll do that.
2786 encoding = BTF_INT_CHAR;
2789 if (!btf_show_start_array_type(show, t, type_id, encoding, data))
2794 elem_ops = btf_type_ops(elem_type);
2796 for (i = 0; i < array->nelems; i++) {
2798 btf_show_start_array_member(show);
2800 elem_ops->show(btf, elem_type, elem_type_id, data,
2804 btf_show_end_array_member(show);
2806 if (show->state.array_terminated)
2810 btf_show_end_array_type(show);
2813 static void btf_array_show(const struct btf *btf, const struct btf_type *t,
2814 u32 type_id, void *data, u8 bits_offset,
2815 struct btf_show *show)
2817 const struct btf_member *m = show->state.member;
2820 * First check if any members would be shown (are non-zero).
2821 * See comments above "struct btf_show" definition for more
2822 * details on how this works at a high-level.
2824 if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
2825 if (!show->state.depth_check) {
2826 show->state.depth_check = show->state.depth + 1;
2827 show->state.depth_to_show = 0;
2829 __btf_array_show(btf, t, type_id, data, bits_offset, show);
2830 show->state.member = m;
2832 if (show->state.depth_check != show->state.depth + 1)
2834 show->state.depth_check = 0;
2836 if (show->state.depth_to_show <= show->state.depth)
2839 * Reaching here indicates we have recursed and found
2840 * non-zero array member(s).
2843 __btf_array_show(btf, t, type_id, data, bits_offset, show);
2846 static struct btf_kind_operations array_ops = {
2847 .check_meta = btf_array_check_meta,
2848 .resolve = btf_array_resolve,
2849 .check_member = btf_array_check_member,
2850 .check_kflag_member = btf_generic_check_kflag_member,
2851 .log_details = btf_array_log,
2852 .show = btf_array_show,
2855 static int btf_struct_check_member(struct btf_verifier_env *env,
2856 const struct btf_type *struct_type,
2857 const struct btf_member *member,
2858 const struct btf_type *member_type)
2860 u32 struct_bits_off = member->offset;
2861 u32 struct_size, bytes_offset;
2863 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2864 btf_verifier_log_member(env, struct_type, member,
2865 "Member is not byte aligned");
2869 struct_size = struct_type->size;
2870 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2871 if (struct_size - bytes_offset < member_type->size) {
2872 btf_verifier_log_member(env, struct_type, member,
2873 "Member exceeds struct_size");
2880 static s32 btf_struct_check_meta(struct btf_verifier_env *env,
2881 const struct btf_type *t,
2884 bool is_union = BTF_INFO_KIND(t->info) == BTF_KIND_UNION;
2885 const struct btf_member *member;
2886 u32 meta_needed, last_offset;
2887 struct btf *btf = env->btf;
2888 u32 struct_size = t->size;
2892 meta_needed = btf_type_vlen(t) * sizeof(*member);
2893 if (meta_left < meta_needed) {
2894 btf_verifier_log_basic(env, t,
2895 "meta_left:%u meta_needed:%u",
2896 meta_left, meta_needed);
2900 /* struct type either no name or a valid one */
2902 !btf_name_valid_identifier(env->btf, t->name_off)) {
2903 btf_verifier_log_type(env, t, "Invalid name");
2907 btf_verifier_log_type(env, t, NULL);
2910 for_each_member(i, t, member) {
2911 if (!btf_name_offset_valid(btf, member->name_off)) {
2912 btf_verifier_log_member(env, t, member,
2913 "Invalid member name_offset:%u",
2918 /* struct member either no name or a valid one */
2919 if (member->name_off &&
2920 !btf_name_valid_identifier(btf, member->name_off)) {
2921 btf_verifier_log_member(env, t, member, "Invalid name");
2924 /* A member cannot be in type void */
2925 if (!member->type || !BTF_TYPE_ID_VALID(member->type)) {
2926 btf_verifier_log_member(env, t, member,
2931 offset = btf_member_bit_offset(t, member);
2932 if (is_union && offset) {
2933 btf_verifier_log_member(env, t, member,
2934 "Invalid member bits_offset");
2939 * ">" instead of ">=" because the last member could be
2942 if (last_offset > offset) {
2943 btf_verifier_log_member(env, t, member,
2944 "Invalid member bits_offset");
2948 if (BITS_ROUNDUP_BYTES(offset) > struct_size) {
2949 btf_verifier_log_member(env, t, member,
2950 "Member bits_offset exceeds its struct size");
2954 btf_verifier_log_member(env, t, member, NULL);
2955 last_offset = offset;
2961 static int btf_struct_resolve(struct btf_verifier_env *env,
2962 const struct resolve_vertex *v)
2964 const struct btf_member *member;
2968 /* Before continue resolving the next_member,
2969 * ensure the last member is indeed resolved to a
2970 * type with size info.
2972 if (v->next_member) {
2973 const struct btf_type *last_member_type;
2974 const struct btf_member *last_member;
2975 u16 last_member_type_id;
2977 last_member = btf_type_member(v->t) + v->next_member - 1;
2978 last_member_type_id = last_member->type;
2979 if (WARN_ON_ONCE(!env_type_is_resolved(env,
2980 last_member_type_id)))
2983 last_member_type = btf_type_by_id(env->btf,
2984 last_member_type_id);
2985 if (btf_type_kflag(v->t))
2986 err = btf_type_ops(last_member_type)->check_kflag_member(env, v->t,
2990 err = btf_type_ops(last_member_type)->check_member(env, v->t,
2997 for_each_member_from(i, v->next_member, v->t, member) {
2998 u32 member_type_id = member->type;
2999 const struct btf_type *member_type = btf_type_by_id(env->btf,
3002 if (btf_type_nosize_or_null(member_type) ||
3003 btf_type_is_resolve_source_only(member_type)) {
3004 btf_verifier_log_member(env, v->t, member,
3009 if (!env_type_is_resolve_sink(env, member_type) &&
3010 !env_type_is_resolved(env, member_type_id)) {
3011 env_stack_set_next_member(env, i + 1);
3012 return env_stack_push(env, member_type, member_type_id);
3015 if (btf_type_kflag(v->t))
3016 err = btf_type_ops(member_type)->check_kflag_member(env, v->t,
3020 err = btf_type_ops(member_type)->check_member(env, v->t,
3027 env_stack_pop_resolved(env, 0, 0);
3032 static void btf_struct_log(struct btf_verifier_env *env,
3033 const struct btf_type *t)
3035 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3038 /* find 'struct bpf_spin_lock' in map value.
3039 * return >= 0 offset if found
3040 * and < 0 in case of error
3042 int btf_find_spin_lock(const struct btf *btf, const struct btf_type *t)
3044 const struct btf_member *member;
3045 u32 i, off = -ENOENT;
3047 if (!__btf_type_is_struct(t))
3050 for_each_member(i, t, member) {
3051 const struct btf_type *member_type = btf_type_by_id(btf,
3053 if (!__btf_type_is_struct(member_type))
3055 if (member_type->size != sizeof(struct bpf_spin_lock))
3057 if (strcmp(__btf_name_by_offset(btf, member_type->name_off),
3061 /* only one 'struct bpf_spin_lock' is allowed */
3063 off = btf_member_bit_offset(t, member);
3065 /* valid C code cannot generate such BTF */
3068 if (off % __alignof__(struct bpf_spin_lock))
3069 /* valid struct bpf_spin_lock will be 4 byte aligned */
3075 static void __btf_struct_show(const struct btf *btf, const struct btf_type *t,
3076 u32 type_id, void *data, u8 bits_offset,
3077 struct btf_show *show)
3079 const struct btf_member *member;
3083 safe_data = btf_show_start_struct_type(show, t, type_id, data);
3087 for_each_member(i, t, member) {
3088 const struct btf_type *member_type = btf_type_by_id(btf,
3090 const struct btf_kind_operations *ops;
3091 u32 member_offset, bitfield_size;
3095 btf_show_start_member(show, member);
3097 member_offset = btf_member_bit_offset(t, member);
3098 bitfield_size = btf_member_bitfield_size(t, member);
3099 bytes_offset = BITS_ROUNDDOWN_BYTES(member_offset);
3100 bits8_offset = BITS_PER_BYTE_MASKED(member_offset);
3101 if (bitfield_size) {
3102 safe_data = btf_show_start_type(show, member_type,
3104 data + bytes_offset);
3106 btf_bitfield_show(safe_data,
3108 bitfield_size, show);
3109 btf_show_end_type(show);
3111 ops = btf_type_ops(member_type);
3112 ops->show(btf, member_type, member->type,
3113 data + bytes_offset, bits8_offset, show);
3116 btf_show_end_member(show);
3119 btf_show_end_struct_type(show);
3122 static void btf_struct_show(const struct btf *btf, const struct btf_type *t,
3123 u32 type_id, void *data, u8 bits_offset,
3124 struct btf_show *show)
3126 const struct btf_member *m = show->state.member;
3129 * First check if any members would be shown (are non-zero).
3130 * See comments above "struct btf_show" definition for more
3131 * details on how this works at a high-level.
3133 if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
3134 if (!show->state.depth_check) {
3135 show->state.depth_check = show->state.depth + 1;
3136 show->state.depth_to_show = 0;
3138 __btf_struct_show(btf, t, type_id, data, bits_offset, show);
3139 /* Restore saved member data here */
3140 show->state.member = m;
3141 if (show->state.depth_check != show->state.depth + 1)
3143 show->state.depth_check = 0;
3145 if (show->state.depth_to_show <= show->state.depth)
3148 * Reaching here indicates we have recursed and found
3149 * non-zero child values.
3153 __btf_struct_show(btf, t, type_id, data, bits_offset, show);
3156 static struct btf_kind_operations struct_ops = {
3157 .check_meta = btf_struct_check_meta,
3158 .resolve = btf_struct_resolve,
3159 .check_member = btf_struct_check_member,
3160 .check_kflag_member = btf_generic_check_kflag_member,
3161 .log_details = btf_struct_log,
3162 .show = btf_struct_show,
3165 static int btf_enum_check_member(struct btf_verifier_env *env,
3166 const struct btf_type *struct_type,
3167 const struct btf_member *member,
3168 const struct btf_type *member_type)
3170 u32 struct_bits_off = member->offset;
3171 u32 struct_size, bytes_offset;
3173 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
3174 btf_verifier_log_member(env, struct_type, member,
3175 "Member is not byte aligned");
3179 struct_size = struct_type->size;
3180 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
3181 if (struct_size - bytes_offset < member_type->size) {
3182 btf_verifier_log_member(env, struct_type, member,
3183 "Member exceeds struct_size");
3190 static int btf_enum_check_kflag_member(struct btf_verifier_env *env,
3191 const struct btf_type *struct_type,
3192 const struct btf_member *member,
3193 const struct btf_type *member_type)
3195 u32 struct_bits_off, nr_bits, bytes_end, struct_size;
3196 u32 int_bitsize = sizeof(int) * BITS_PER_BYTE;
3198 struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
3199 nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
3201 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
3202 btf_verifier_log_member(env, struct_type, member,
3203 "Member is not byte aligned");
3207 nr_bits = int_bitsize;
3208 } else if (nr_bits > int_bitsize) {
3209 btf_verifier_log_member(env, struct_type, member,
3210 "Invalid member bitfield_size");
3214 struct_size = struct_type->size;
3215 bytes_end = BITS_ROUNDUP_BYTES(struct_bits_off + nr_bits);
3216 if (struct_size < bytes_end) {
3217 btf_verifier_log_member(env, struct_type, member,
3218 "Member exceeds struct_size");
3225 static s32 btf_enum_check_meta(struct btf_verifier_env *env,
3226 const struct btf_type *t,
3229 const struct btf_enum *enums = btf_type_enum(t);
3230 struct btf *btf = env->btf;
3234 nr_enums = btf_type_vlen(t);
3235 meta_needed = nr_enums * sizeof(*enums);
3237 if (meta_left < meta_needed) {
3238 btf_verifier_log_basic(env, t,
3239 "meta_left:%u meta_needed:%u",
3240 meta_left, meta_needed);
3244 if (btf_type_kflag(t)) {
3245 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3249 if (t->size > 8 || !is_power_of_2(t->size)) {
3250 btf_verifier_log_type(env, t, "Unexpected size");
3254 /* enum type either no name or a valid one */
3256 !btf_name_valid_identifier(env->btf, t->name_off)) {
3257 btf_verifier_log_type(env, t, "Invalid name");
3261 btf_verifier_log_type(env, t, NULL);
3263 for (i = 0; i < nr_enums; i++) {
3264 if (!btf_name_offset_valid(btf, enums[i].name_off)) {
3265 btf_verifier_log(env, "\tInvalid name_offset:%u",
3270 /* enum member must have a valid name */
3271 if (!enums[i].name_off ||
3272 !btf_name_valid_identifier(btf, enums[i].name_off)) {
3273 btf_verifier_log_type(env, t, "Invalid name");
3277 if (env->log.level == BPF_LOG_KERNEL)
3279 btf_verifier_log(env, "\t%s val=%d\n",
3280 __btf_name_by_offset(btf, enums[i].name_off),
3287 static void btf_enum_log(struct btf_verifier_env *env,
3288 const struct btf_type *t)
3290 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3293 static void btf_enum_show(const struct btf *btf, const struct btf_type *t,
3294 u32 type_id, void *data, u8 bits_offset,
3295 struct btf_show *show)
3297 const struct btf_enum *enums = btf_type_enum(t);
3298 u32 i, nr_enums = btf_type_vlen(t);
3302 safe_data = btf_show_start_type(show, t, type_id, data);
3306 v = *(int *)safe_data;
3308 for (i = 0; i < nr_enums; i++) {
3309 if (v != enums[i].val)
3312 btf_show_type_value(show, "%s",
3313 __btf_name_by_offset(btf,
3314 enums[i].name_off));
3316 btf_show_end_type(show);
3320 btf_show_type_value(show, "%d", v);
3321 btf_show_end_type(show);
3324 static struct btf_kind_operations enum_ops = {
3325 .check_meta = btf_enum_check_meta,
3326 .resolve = btf_df_resolve,
3327 .check_member = btf_enum_check_member,
3328 .check_kflag_member = btf_enum_check_kflag_member,
3329 .log_details = btf_enum_log,
3330 .show = btf_enum_show,
3333 static s32 btf_func_proto_check_meta(struct btf_verifier_env *env,
3334 const struct btf_type *t,
3337 u32 meta_needed = btf_type_vlen(t) * sizeof(struct btf_param);
3339 if (meta_left < meta_needed) {
3340 btf_verifier_log_basic(env, t,
3341 "meta_left:%u meta_needed:%u",
3342 meta_left, meta_needed);
3347 btf_verifier_log_type(env, t, "Invalid name");
3351 if (btf_type_kflag(t)) {
3352 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3356 btf_verifier_log_type(env, t, NULL);
3361 static void btf_func_proto_log(struct btf_verifier_env *env,
3362 const struct btf_type *t)
3364 const struct btf_param *args = (const struct btf_param *)(t + 1);
3365 u16 nr_args = btf_type_vlen(t), i;
3367 btf_verifier_log(env, "return=%u args=(", t->type);
3369 btf_verifier_log(env, "void");
3373 if (nr_args == 1 && !args[0].type) {
3374 /* Only one vararg */
3375 btf_verifier_log(env, "vararg");
3379 btf_verifier_log(env, "%u %s", args[0].type,
3380 __btf_name_by_offset(env->btf,
3382 for (i = 1; i < nr_args - 1; i++)
3383 btf_verifier_log(env, ", %u %s", args[i].type,
3384 __btf_name_by_offset(env->btf,
3388 const struct btf_param *last_arg = &args[nr_args - 1];
3391 btf_verifier_log(env, ", %u %s", last_arg->type,
3392 __btf_name_by_offset(env->btf,
3393 last_arg->name_off));
3395 btf_verifier_log(env, ", vararg");
3399 btf_verifier_log(env, ")");
3402 static struct btf_kind_operations func_proto_ops = {
3403 .check_meta = btf_func_proto_check_meta,
3404 .resolve = btf_df_resolve,
3406 * BTF_KIND_FUNC_PROTO cannot be directly referred by
3407 * a struct's member.
3409 * It should be a funciton pointer instead.
3410 * (i.e. struct's member -> BTF_KIND_PTR -> BTF_KIND_FUNC_PROTO)
3412 * Hence, there is no btf_func_check_member().
3414 .check_member = btf_df_check_member,
3415 .check_kflag_member = btf_df_check_kflag_member,
3416 .log_details = btf_func_proto_log,
3417 .show = btf_df_show,
3420 static s32 btf_func_check_meta(struct btf_verifier_env *env,
3421 const struct btf_type *t,
3425 !btf_name_valid_identifier(env->btf, t->name_off)) {
3426 btf_verifier_log_type(env, t, "Invalid name");
3430 if (btf_type_vlen(t) > BTF_FUNC_GLOBAL) {
3431 btf_verifier_log_type(env, t, "Invalid func linkage");
3435 if (btf_type_kflag(t)) {
3436 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3440 btf_verifier_log_type(env, t, NULL);
3445 static struct btf_kind_operations func_ops = {
3446 .check_meta = btf_func_check_meta,
3447 .resolve = btf_df_resolve,
3448 .check_member = btf_df_check_member,
3449 .check_kflag_member = btf_df_check_kflag_member,
3450 .log_details = btf_ref_type_log,
3451 .show = btf_df_show,
3454 static s32 btf_var_check_meta(struct btf_verifier_env *env,
3455 const struct btf_type *t,
3458 const struct btf_var *var;
3459 u32 meta_needed = sizeof(*var);
3461 if (meta_left < meta_needed) {
3462 btf_verifier_log_basic(env, t,
3463 "meta_left:%u meta_needed:%u",
3464 meta_left, meta_needed);
3468 if (btf_type_vlen(t)) {
3469 btf_verifier_log_type(env, t, "vlen != 0");
3473 if (btf_type_kflag(t)) {
3474 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3479 !__btf_name_valid(env->btf, t->name_off, true)) {
3480 btf_verifier_log_type(env, t, "Invalid name");
3484 /* A var cannot be in type void */
3485 if (!t->type || !BTF_TYPE_ID_VALID(t->type)) {
3486 btf_verifier_log_type(env, t, "Invalid type_id");
3490 var = btf_type_var(t);
3491 if (var->linkage != BTF_VAR_STATIC &&
3492 var->linkage != BTF_VAR_GLOBAL_ALLOCATED) {
3493 btf_verifier_log_type(env, t, "Linkage not supported");
3497 btf_verifier_log_type(env, t, NULL);
3502 static void btf_var_log(struct btf_verifier_env *env, const struct btf_type *t)
3504 const struct btf_var *var = btf_type_var(t);
3506 btf_verifier_log(env, "type_id=%u linkage=%u", t->type, var->linkage);
3509 static const struct btf_kind_operations var_ops = {
3510 .check_meta = btf_var_check_meta,
3511 .resolve = btf_var_resolve,
3512 .check_member = btf_df_check_member,
3513 .check_kflag_member = btf_df_check_kflag_member,
3514 .log_details = btf_var_log,
3515 .show = btf_var_show,
3518 static s32 btf_datasec_check_meta(struct btf_verifier_env *env,
3519 const struct btf_type *t,
3522 const struct btf_var_secinfo *vsi;
3523 u64 last_vsi_end_off = 0, sum = 0;
3526 meta_needed = btf_type_vlen(t) * sizeof(*vsi);
3527 if (meta_left < meta_needed) {
3528 btf_verifier_log_basic(env, t,
3529 "meta_left:%u meta_needed:%u",
3530 meta_left, meta_needed);
3534 if (!btf_type_vlen(t)) {
3535 btf_verifier_log_type(env, t, "vlen == 0");
3540 btf_verifier_log_type(env, t, "size == 0");
3544 if (btf_type_kflag(t)) {
3545 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3550 !btf_name_valid_section(env->btf, t->name_off)) {
3551 btf_verifier_log_type(env, t, "Invalid name");
3555 btf_verifier_log_type(env, t, NULL);
3557 for_each_vsi(i, t, vsi) {
3558 /* A var cannot be in type void */
3559 if (!vsi->type || !BTF_TYPE_ID_VALID(vsi->type)) {
3560 btf_verifier_log_vsi(env, t, vsi,
3565 if (vsi->offset < last_vsi_end_off || vsi->offset >= t->size) {
3566 btf_verifier_log_vsi(env, t, vsi,
3571 if (!vsi->size || vsi->size > t->size) {
3572 btf_verifier_log_vsi(env, t, vsi,
3577 last_vsi_end_off = vsi->offset + vsi->size;
3578 if (last_vsi_end_off > t->size) {
3579 btf_verifier_log_vsi(env, t, vsi,
3580 "Invalid offset+size");
3584 btf_verifier_log_vsi(env, t, vsi, NULL);
3588 if (t->size < sum) {
3589 btf_verifier_log_type(env, t, "Invalid btf_info size");
3596 static int btf_datasec_resolve(struct btf_verifier_env *env,
3597 const struct resolve_vertex *v)
3599 const struct btf_var_secinfo *vsi;
3600 struct btf *btf = env->btf;
3603 for_each_vsi_from(i, v->next_member, v->t, vsi) {
3604 u32 var_type_id = vsi->type, type_id, type_size = 0;
3605 const struct btf_type *var_type = btf_type_by_id(env->btf,
3607 if (!var_type || !btf_type_is_var(var_type)) {
3608 btf_verifier_log_vsi(env, v->t, vsi,
3609 "Not a VAR kind member");
3613 if (!env_type_is_resolve_sink(env, var_type) &&
3614 !env_type_is_resolved(env, var_type_id)) {
3615 env_stack_set_next_member(env, i + 1);
3616 return env_stack_push(env, var_type, var_type_id);
3619 type_id = var_type->type;
3620 if (!btf_type_id_size(btf, &type_id, &type_size)) {
3621 btf_verifier_log_vsi(env, v->t, vsi, "Invalid type");
3625 if (vsi->size < type_size) {
3626 btf_verifier_log_vsi(env, v->t, vsi, "Invalid size");
3631 env_stack_pop_resolved(env, 0, 0);
3635 static void btf_datasec_log(struct btf_verifier_env *env,
3636 const struct btf_type *t)
3638 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3641 static void btf_datasec_show(const struct btf *btf,
3642 const struct btf_type *t, u32 type_id,
3643 void *data, u8 bits_offset,
3644 struct btf_show *show)
3646 const struct btf_var_secinfo *vsi;
3647 const struct btf_type *var;
3650 if (!btf_show_start_type(show, t, type_id, data))
3653 btf_show_type_value(show, "section (\"%s\") = {",
3654 __btf_name_by_offset(btf, t->name_off));
3655 for_each_vsi(i, t, vsi) {
3656 var = btf_type_by_id(btf, vsi->type);
3658 btf_show(show, ",");
3659 btf_type_ops(var)->show(btf, var, vsi->type,
3660 data + vsi->offset, bits_offset, show);
3662 btf_show_end_type(show);
3665 static const struct btf_kind_operations datasec_ops = {
3666 .check_meta = btf_datasec_check_meta,
3667 .resolve = btf_datasec_resolve,
3668 .check_member = btf_df_check_member,
3669 .check_kflag_member = btf_df_check_kflag_member,
3670 .log_details = btf_datasec_log,
3671 .show = btf_datasec_show,
3674 static int btf_func_proto_check(struct btf_verifier_env *env,
3675 const struct btf_type *t)
3677 const struct btf_type *ret_type;
3678 const struct btf_param *args;
3679 const struct btf *btf;
3684 args = (const struct btf_param *)(t + 1);
3685 nr_args = btf_type_vlen(t);
3687 /* Check func return type which could be "void" (t->type == 0) */
3689 u32 ret_type_id = t->type;
3691 ret_type = btf_type_by_id(btf, ret_type_id);
3693 btf_verifier_log_type(env, t, "Invalid return type");
3697 if (btf_type_needs_resolve(ret_type) &&
3698 !env_type_is_resolved(env, ret_type_id)) {
3699 err = btf_resolve(env, ret_type, ret_type_id);
3704 /* Ensure the return type is a type that has a size */
3705 if (!btf_type_id_size(btf, &ret_type_id, NULL)) {
3706 btf_verifier_log_type(env, t, "Invalid return type");
3714 /* Last func arg type_id could be 0 if it is a vararg */
3715 if (!args[nr_args - 1].type) {
3716 if (args[nr_args - 1].name_off) {
3717 btf_verifier_log_type(env, t, "Invalid arg#%u",
3725 for (i = 0; i < nr_args; i++) {
3726 const struct btf_type *arg_type;
3729 arg_type_id = args[i].type;
3730 arg_type = btf_type_by_id(btf, arg_type_id);
3732 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
3737 if (args[i].name_off &&
3738 (!btf_name_offset_valid(btf, args[i].name_off) ||
3739 !btf_name_valid_identifier(btf, args[i].name_off))) {
3740 btf_verifier_log_type(env, t,
3741 "Invalid arg#%u", i + 1);
3746 if (btf_type_needs_resolve(arg_type) &&
3747 !env_type_is_resolved(env, arg_type_id)) {
3748 err = btf_resolve(env, arg_type, arg_type_id);
3753 if (!btf_type_id_size(btf, &arg_type_id, NULL)) {
3754 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
3763 static int btf_func_check(struct btf_verifier_env *env,
3764 const struct btf_type *t)
3766 const struct btf_type *proto_type;
3767 const struct btf_param *args;
3768 const struct btf *btf;
3772 proto_type = btf_type_by_id(btf, t->type);
3774 if (!proto_type || !btf_type_is_func_proto(proto_type)) {
3775 btf_verifier_log_type(env, t, "Invalid type_id");
3779 args = (const struct btf_param *)(proto_type + 1);
3780 nr_args = btf_type_vlen(proto_type);
3781 for (i = 0; i < nr_args; i++) {
3782 if (!args[i].name_off && args[i].type) {
3783 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
3791 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS] = {
3792 [BTF_KIND_INT] = &int_ops,
3793 [BTF_KIND_PTR] = &ptr_ops,
3794 [BTF_KIND_ARRAY] = &array_ops,
3795 [BTF_KIND_STRUCT] = &struct_ops,
3796 [BTF_KIND_UNION] = &struct_ops,
3797 [BTF_KIND_ENUM] = &enum_ops,
3798 [BTF_KIND_FWD] = &fwd_ops,
3799 [BTF_KIND_TYPEDEF] = &modifier_ops,
3800 [BTF_KIND_VOLATILE] = &modifier_ops,
3801 [BTF_KIND_CONST] = &modifier_ops,
3802 [BTF_KIND_RESTRICT] = &modifier_ops,
3803 [BTF_KIND_FUNC] = &func_ops,
3804 [BTF_KIND_FUNC_PROTO] = &func_proto_ops,
3805 [BTF_KIND_VAR] = &var_ops,
3806 [BTF_KIND_DATASEC] = &datasec_ops,
3809 static s32 btf_check_meta(struct btf_verifier_env *env,
3810 const struct btf_type *t,
3813 u32 saved_meta_left = meta_left;
3816 if (meta_left < sizeof(*t)) {
3817 btf_verifier_log(env, "[%u] meta_left:%u meta_needed:%zu",
3818 env->log_type_id, meta_left, sizeof(*t));
3821 meta_left -= sizeof(*t);
3823 if (t->info & ~BTF_INFO_MASK) {
3824 btf_verifier_log(env, "[%u] Invalid btf_info:%x",
3825 env->log_type_id, t->info);
3829 if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX ||
3830 BTF_INFO_KIND(t->info) == BTF_KIND_UNKN) {
3831 btf_verifier_log(env, "[%u] Invalid kind:%u",
3832 env->log_type_id, BTF_INFO_KIND(t->info));
3836 if (!btf_name_offset_valid(env->btf, t->name_off)) {
3837 btf_verifier_log(env, "[%u] Invalid name_offset:%u",
3838 env->log_type_id, t->name_off);
3842 var_meta_size = btf_type_ops(t)->check_meta(env, t, meta_left);
3843 if (var_meta_size < 0)
3844 return var_meta_size;
3846 meta_left -= var_meta_size;
3848 return saved_meta_left - meta_left;
3851 static int btf_check_all_metas(struct btf_verifier_env *env)
3853 struct btf *btf = env->btf;
3854 struct btf_header *hdr;
3858 cur = btf->nohdr_data + hdr->type_off;
3859 end = cur + hdr->type_len;
3861 env->log_type_id = btf->base_btf ? btf->start_id : 1;
3863 struct btf_type *t = cur;
3866 meta_size = btf_check_meta(env, t, end - cur);
3870 btf_add_type(env, t);
3878 static bool btf_resolve_valid(struct btf_verifier_env *env,
3879 const struct btf_type *t,
3882 struct btf *btf = env->btf;
3884 if (!env_type_is_resolved(env, type_id))
3887 if (btf_type_is_struct(t) || btf_type_is_datasec(t))
3888 return !btf_resolved_type_id(btf, type_id) &&
3889 !btf_resolved_type_size(btf, type_id);
3891 if (btf_type_is_modifier(t) || btf_type_is_ptr(t) ||
3892 btf_type_is_var(t)) {
3893 t = btf_type_id_resolve(btf, &type_id);
3895 !btf_type_is_modifier(t) &&
3896 !btf_type_is_var(t) &&
3897 !btf_type_is_datasec(t);
3900 if (btf_type_is_array(t)) {
3901 const struct btf_array *array = btf_type_array(t);
3902 const struct btf_type *elem_type;
3903 u32 elem_type_id = array->type;
3906 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
3907 return elem_type && !btf_type_is_modifier(elem_type) &&
3908 (array->nelems * elem_size ==
3909 btf_resolved_type_size(btf, type_id));
3915 static int btf_resolve(struct btf_verifier_env *env,
3916 const struct btf_type *t, u32 type_id)
3918 u32 save_log_type_id = env->log_type_id;
3919 const struct resolve_vertex *v;
3922 env->resolve_mode = RESOLVE_TBD;
3923 env_stack_push(env, t, type_id);
3924 while (!err && (v = env_stack_peak(env))) {
3925 env->log_type_id = v->type_id;
3926 err = btf_type_ops(v->t)->resolve(env, v);
3929 env->log_type_id = type_id;
3930 if (err == -E2BIG) {
3931 btf_verifier_log_type(env, t,
3932 "Exceeded max resolving depth:%u",
3934 } else if (err == -EEXIST) {
3935 btf_verifier_log_type(env, t, "Loop detected");
3938 /* Final sanity check */
3939 if (!err && !btf_resolve_valid(env, t, type_id)) {
3940 btf_verifier_log_type(env, t, "Invalid resolve state");
3944 env->log_type_id = save_log_type_id;
3948 static int btf_check_all_types(struct btf_verifier_env *env)
3950 struct btf *btf = env->btf;
3951 const struct btf_type *t;
3955 err = env_resolve_init(env);
3960 for (i = btf->base_btf ? 0 : 1; i < btf->nr_types; i++) {
3961 type_id = btf->start_id + i;
3962 t = btf_type_by_id(btf, type_id);
3964 env->log_type_id = type_id;
3965 if (btf_type_needs_resolve(t) &&
3966 !env_type_is_resolved(env, type_id)) {
3967 err = btf_resolve(env, t, type_id);
3972 if (btf_type_is_func_proto(t)) {
3973 err = btf_func_proto_check(env, t);
3978 if (btf_type_is_func(t)) {
3979 err = btf_func_check(env, t);
3988 static int btf_parse_type_sec(struct btf_verifier_env *env)
3990 const struct btf_header *hdr = &env->btf->hdr;
3993 /* Type section must align to 4 bytes */
3994 if (hdr->type_off & (sizeof(u32) - 1)) {
3995 btf_verifier_log(env, "Unaligned type_off");
3999 if (!env->btf->base_btf && !hdr->type_len) {
4000 btf_verifier_log(env, "No type found");
4004 err = btf_check_all_metas(env);
4008 return btf_check_all_types(env);
4011 static int btf_parse_str_sec(struct btf_verifier_env *env)
4013 const struct btf_header *hdr;
4014 struct btf *btf = env->btf;
4015 const char *start, *end;
4018 start = btf->nohdr_data + hdr->str_off;
4019 end = start + hdr->str_len;
4021 if (end != btf->data + btf->data_size) {
4022 btf_verifier_log(env, "String section is not at the end");
4026 btf->strings = start;
4028 if (btf->base_btf && !hdr->str_len)
4030 if (!hdr->str_len || hdr->str_len - 1 > BTF_MAX_NAME_OFFSET || end[-1]) {
4031 btf_verifier_log(env, "Invalid string section");
4034 if (!btf->base_btf && start[0]) {
4035 btf_verifier_log(env, "Invalid string section");
4042 static const size_t btf_sec_info_offset[] = {
4043 offsetof(struct btf_header, type_off),
4044 offsetof(struct btf_header, str_off),
4047 static int btf_sec_info_cmp(const void *a, const void *b)
4049 const struct btf_sec_info *x = a;
4050 const struct btf_sec_info *y = b;
4052 return (int)(x->off - y->off) ? : (int)(x->len - y->len);
4055 static int btf_check_sec_info(struct btf_verifier_env *env,
4058 struct btf_sec_info secs[ARRAY_SIZE(btf_sec_info_offset)];
4059 u32 total, expected_total, i;
4060 const struct btf_header *hdr;
4061 const struct btf *btf;
4066 /* Populate the secs from hdr */
4067 for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++)
4068 secs[i] = *(struct btf_sec_info *)((void *)hdr +
4069 btf_sec_info_offset[i]);
4071 sort(secs, ARRAY_SIZE(btf_sec_info_offset),
4072 sizeof(struct btf_sec_info), btf_sec_info_cmp, NULL);
4074 /* Check for gaps and overlap among sections */
4076 expected_total = btf_data_size - hdr->hdr_len;
4077 for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++) {
4078 if (expected_total < secs[i].off) {
4079 btf_verifier_log(env, "Invalid section offset");
4082 if (total < secs[i].off) {
4084 btf_verifier_log(env, "Unsupported section found");
4087 if (total > secs[i].off) {
4088 btf_verifier_log(env, "Section overlap found");
4091 if (expected_total - total < secs[i].len) {
4092 btf_verifier_log(env,
4093 "Total section length too long");
4096 total += secs[i].len;
4099 /* There is data other than hdr and known sections */
4100 if (expected_total != total) {
4101 btf_verifier_log(env, "Unsupported section found");
4108 static int btf_parse_hdr(struct btf_verifier_env *env)
4110 u32 hdr_len, hdr_copy, btf_data_size;
4111 const struct btf_header *hdr;
4116 btf_data_size = btf->data_size;
4119 offsetof(struct btf_header, hdr_len) + sizeof(hdr->hdr_len)) {
4120 btf_verifier_log(env, "hdr_len not found");
4125 hdr_len = hdr->hdr_len;
4126 if (btf_data_size < hdr_len) {
4127 btf_verifier_log(env, "btf_header not found");
4131 /* Ensure the unsupported header fields are zero */
4132 if (hdr_len > sizeof(btf->hdr)) {
4133 u8 *expected_zero = btf->data + sizeof(btf->hdr);
4134 u8 *end = btf->data + hdr_len;
4136 for (; expected_zero < end; expected_zero++) {
4137 if (*expected_zero) {
4138 btf_verifier_log(env, "Unsupported btf_header");
4144 hdr_copy = min_t(u32, hdr_len, sizeof(btf->hdr));
4145 memcpy(&btf->hdr, btf->data, hdr_copy);
4149 btf_verifier_log_hdr(env, btf_data_size);
4151 if (hdr->magic != BTF_MAGIC) {
4152 btf_verifier_log(env, "Invalid magic");
4156 if (hdr->version != BTF_VERSION) {
4157 btf_verifier_log(env, "Unsupported version");
4162 btf_verifier_log(env, "Unsupported flags");
4166 if (btf_data_size == hdr->hdr_len) {
4167 btf_verifier_log(env, "No data");
4171 err = btf_check_sec_info(env, btf_data_size);
4178 static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size,
4179 u32 log_level, char __user *log_ubuf, u32 log_size)
4181 struct btf_verifier_env *env = NULL;
4182 struct bpf_verifier_log *log;
4183 struct btf *btf = NULL;
4187 if (btf_data_size > BTF_MAX_SIZE)
4188 return ERR_PTR(-E2BIG);
4190 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
4192 return ERR_PTR(-ENOMEM);
4195 if (log_level || log_ubuf || log_size) {
4196 /* user requested verbose verifier output
4197 * and supplied buffer to store the verification trace
4199 log->level = log_level;
4200 log->ubuf = log_ubuf;
4201 log->len_total = log_size;
4203 /* log attributes have to be sane */
4204 if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
4205 !log->level || !log->ubuf) {
4211 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
4218 data = kvmalloc(btf_data_size, GFP_KERNEL | __GFP_NOWARN);
4225 btf->data_size = btf_data_size;
4227 if (copy_from_user(data, btf_data, btf_data_size)) {
4232 err = btf_parse_hdr(env);
4236 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
4238 err = btf_parse_str_sec(env);
4242 err = btf_parse_type_sec(env);
4246 if (log->level && bpf_verifier_log_full(log)) {
4251 btf_verifier_env_free(env);
4252 refcount_set(&btf->refcnt, 1);
4256 btf_verifier_env_free(env);
4259 return ERR_PTR(err);
4262 extern char __weak __start_BTF[];
4263 extern char __weak __stop_BTF[];
4264 extern struct btf *btf_vmlinux;
4266 #define BPF_MAP_TYPE(_id, _ops)
4267 #define BPF_LINK_TYPE(_id, _name)
4269 struct bpf_ctx_convert {
4270 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4271 prog_ctx_type _id##_prog; \
4272 kern_ctx_type _id##_kern;
4273 #include <linux/bpf_types.h>
4274 #undef BPF_PROG_TYPE
4276 /* 't' is written once under lock. Read many times. */
4277 const struct btf_type *t;
4280 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4282 #include <linux/bpf_types.h>
4283 #undef BPF_PROG_TYPE
4284 __ctx_convert_unused, /* to avoid empty enum in extreme .config */
4286 static u8 bpf_ctx_convert_map[] = {
4287 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4288 [_id] = __ctx_convert##_id,
4289 #include <linux/bpf_types.h>
4290 #undef BPF_PROG_TYPE
4291 0, /* avoid empty array */
4294 #undef BPF_LINK_TYPE
4296 static const struct btf_member *
4297 btf_get_prog_ctx_type(struct bpf_verifier_log *log, struct btf *btf,
4298 const struct btf_type *t, enum bpf_prog_type prog_type,
4301 const struct btf_type *conv_struct;
4302 const struct btf_type *ctx_struct;
4303 const struct btf_member *ctx_type;
4304 const char *tname, *ctx_tname;
4306 conv_struct = bpf_ctx_convert.t;
4308 bpf_log(log, "btf_vmlinux is malformed\n");
4311 t = btf_type_by_id(btf, t->type);
4312 while (btf_type_is_modifier(t))
4313 t = btf_type_by_id(btf, t->type);
4314 if (!btf_type_is_struct(t)) {
4315 /* Only pointer to struct is supported for now.
4316 * That means that BPF_PROG_TYPE_TRACEPOINT with BTF
4317 * is not supported yet.
4318 * BPF_PROG_TYPE_RAW_TRACEPOINT is fine.
4320 if (log->level & BPF_LOG_LEVEL)
4321 bpf_log(log, "arg#%d type is not a struct\n", arg);
4324 tname = btf_name_by_offset(btf, t->name_off);
4326 bpf_log(log, "arg#%d struct doesn't have a name\n", arg);
4329 /* prog_type is valid bpf program type. No need for bounds check. */
4330 ctx_type = btf_type_member(conv_struct) + bpf_ctx_convert_map[prog_type] * 2;
4331 /* ctx_struct is a pointer to prog_ctx_type in vmlinux.
4332 * Like 'struct __sk_buff'
4334 ctx_struct = btf_type_by_id(btf_vmlinux, ctx_type->type);
4336 /* should not happen */
4338 ctx_tname = btf_name_by_offset(btf_vmlinux, ctx_struct->name_off);
4340 /* should not happen */
4341 bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n");
4344 /* only compare that prog's ctx type name is the same as
4345 * kernel expects. No need to compare field by field.
4346 * It's ok for bpf prog to do:
4347 * struct __sk_buff {};
4348 * int socket_filter_bpf_prog(struct __sk_buff *skb)
4349 * { // no fields of skb are ever used }
4351 if (strcmp(ctx_tname, tname))
4356 static const struct bpf_map_ops * const btf_vmlinux_map_ops[] = {
4357 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
4358 #define BPF_LINK_TYPE(_id, _name)
4359 #define BPF_MAP_TYPE(_id, _ops) \
4361 #include <linux/bpf_types.h>
4362 #undef BPF_PROG_TYPE
4363 #undef BPF_LINK_TYPE
4367 static int btf_vmlinux_map_ids_init(const struct btf *btf,
4368 struct bpf_verifier_log *log)
4370 const struct bpf_map_ops *ops;
4373 for (i = 0; i < ARRAY_SIZE(btf_vmlinux_map_ops); ++i) {
4374 ops = btf_vmlinux_map_ops[i];
4375 if (!ops || (!ops->map_btf_name && !ops->map_btf_id))
4377 if (!ops->map_btf_name || !ops->map_btf_id) {
4378 bpf_log(log, "map type %d is misconfigured\n", i);
4381 btf_id = btf_find_by_name_kind(btf, ops->map_btf_name,
4385 *ops->map_btf_id = btf_id;
4391 static int btf_translate_to_vmlinux(struct bpf_verifier_log *log,
4393 const struct btf_type *t,
4394 enum bpf_prog_type prog_type,
4397 const struct btf_member *prog_ctx_type, *kern_ctx_type;
4399 prog_ctx_type = btf_get_prog_ctx_type(log, btf, t, prog_type, arg);
4402 kern_ctx_type = prog_ctx_type + 1;
4403 return kern_ctx_type->type;
4406 BTF_ID_LIST(bpf_ctx_convert_btf_id)
4407 BTF_ID(struct, bpf_ctx_convert)
4409 struct btf *btf_parse_vmlinux(void)
4411 struct btf_verifier_env *env = NULL;
4412 struct bpf_verifier_log *log;
4413 struct btf *btf = NULL;
4416 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
4418 return ERR_PTR(-ENOMEM);
4421 log->level = BPF_LOG_KERNEL;
4423 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
4430 btf->data = __start_BTF;
4431 btf->data_size = __stop_BTF - __start_BTF;
4433 err = btf_parse_hdr(env);
4437 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
4439 err = btf_parse_str_sec(env);
4443 err = btf_check_all_metas(env);
4447 /* btf_parse_vmlinux() runs under bpf_verifier_lock */
4448 bpf_ctx_convert.t = btf_type_by_id(btf, bpf_ctx_convert_btf_id[0]);
4450 /* find bpf map structs for map_ptr access checking */
4451 err = btf_vmlinux_map_ids_init(btf, log);
4455 bpf_struct_ops_init(btf, log);
4457 btf_verifier_env_free(env);
4458 refcount_set(&btf->refcnt, 1);
4462 btf_verifier_env_free(env);
4467 return ERR_PTR(err);
4470 struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog)
4472 struct bpf_prog *tgt_prog = prog->aux->dst_prog;
4475 return tgt_prog->aux->btf;
4481 static bool is_string_ptr(struct btf *btf, const struct btf_type *t)
4483 /* t comes in already as a pointer */
4484 t = btf_type_by_id(btf, t->type);
4487 if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST)
4488 t = btf_type_by_id(btf, t->type);
4490 /* char, signed char, unsigned char */
4491 return btf_type_is_int(t) && t->size == 1;
4494 bool btf_ctx_access(int off, int size, enum bpf_access_type type,
4495 const struct bpf_prog *prog,
4496 struct bpf_insn_access_aux *info)
4498 const struct btf_type *t = prog->aux->attach_func_proto;
4499 struct bpf_prog *tgt_prog = prog->aux->dst_prog;
4500 struct btf *btf = bpf_prog_get_target_btf(prog);
4501 const char *tname = prog->aux->attach_func_name;
4502 struct bpf_verifier_log *log = info->log;
4503 const struct btf_param *args;
4508 bpf_log(log, "func '%s' offset %d is not multiple of 8\n",
4513 args = (const struct btf_param *)(t + 1);
4514 /* if (t == NULL) Fall back to default BPF prog with 5 u64 arguments */
4515 nr_args = t ? btf_type_vlen(t) : 5;
4516 if (prog->aux->attach_btf_trace) {
4517 /* skip first 'void *__data' argument in btf_trace_##name typedef */
4522 if (arg > nr_args) {
4523 bpf_log(log, "func '%s' doesn't have %d-th argument\n",
4528 if (arg == nr_args) {
4529 switch (prog->expected_attach_type) {
4531 case BPF_TRACE_FEXIT:
4532 /* When LSM programs are attached to void LSM hooks
4533 * they use FEXIT trampolines and when attached to
4534 * int LSM hooks, they use MODIFY_RETURN trampolines.
4536 * While the LSM programs are BPF_MODIFY_RETURN-like
4539 * if (ret_type != 'int')
4542 * is _not_ done here. This is still safe as LSM hooks
4543 * have only void and int return types.
4547 t = btf_type_by_id(btf, t->type);
4549 case BPF_MODIFY_RETURN:
4550 /* For now the BPF_MODIFY_RETURN can only be attached to
4551 * functions that return an int.
4556 t = btf_type_skip_modifiers(btf, t->type, NULL);
4557 if (!btf_type_is_small_int(t)) {
4559 "ret type %s not allowed for fmod_ret\n",
4560 btf_kind_str[BTF_INFO_KIND(t->info)]);
4565 bpf_log(log, "func '%s' doesn't have %d-th argument\n",
4571 /* Default prog with 5 args */
4573 t = btf_type_by_id(btf, args[arg].type);
4576 /* skip modifiers */
4577 while (btf_type_is_modifier(t))
4578 t = btf_type_by_id(btf, t->type);
4579 if (btf_type_is_small_int(t) || btf_type_is_enum(t))
4580 /* accessing a scalar */
4582 if (!btf_type_is_ptr(t)) {
4584 "func '%s' arg%d '%s' has type %s. Only pointer access is allowed\n",
4586 __btf_name_by_offset(btf, t->name_off),
4587 btf_kind_str[BTF_INFO_KIND(t->info)]);
4591 /* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */
4592 for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
4593 const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
4595 if (ctx_arg_info->offset == off &&
4596 (ctx_arg_info->reg_type == PTR_TO_RDONLY_BUF_OR_NULL ||
4597 ctx_arg_info->reg_type == PTR_TO_RDWR_BUF_OR_NULL)) {
4598 info->reg_type = ctx_arg_info->reg_type;
4604 /* This is a pointer to void.
4605 * It is the same as scalar from the verifier safety pov.
4606 * No further pointer walking is allowed.
4610 if (is_string_ptr(btf, t))
4613 /* this is a pointer to another type */
4614 for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
4615 const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
4617 if (ctx_arg_info->offset == off) {
4618 info->reg_type = ctx_arg_info->reg_type;
4619 info->btf_id = ctx_arg_info->btf_id;
4624 info->reg_type = PTR_TO_BTF_ID;
4626 enum bpf_prog_type tgt_type;
4628 if (tgt_prog->type == BPF_PROG_TYPE_EXT)
4629 tgt_type = tgt_prog->aux->saved_dst_prog_type;
4631 tgt_type = tgt_prog->type;
4633 ret = btf_translate_to_vmlinux(log, btf, t, tgt_type, arg);
4642 info->btf_id = t->type;
4643 t = btf_type_by_id(btf, t->type);
4644 /* skip modifiers */
4645 while (btf_type_is_modifier(t)) {
4646 info->btf_id = t->type;
4647 t = btf_type_by_id(btf, t->type);
4649 if (!btf_type_is_struct(t)) {
4651 "func '%s' arg%d type %s is not a struct\n",
4652 tname, arg, btf_kind_str[BTF_INFO_KIND(t->info)]);
4655 bpf_log(log, "func '%s' arg%d has btf_id %d type %s '%s'\n",
4656 tname, arg, info->btf_id, btf_kind_str[BTF_INFO_KIND(t->info)],
4657 __btf_name_by_offset(btf, t->name_off));
4661 enum bpf_struct_walk_result {
4668 static int btf_struct_walk(struct bpf_verifier_log *log,
4669 const struct btf_type *t, int off, int size,
4672 u32 i, moff, mtrue_end, msize = 0, total_nelems = 0;
4673 const struct btf_type *mtype, *elem_type = NULL;
4674 const struct btf_member *member;
4675 const char *tname, *mname;
4676 u32 vlen, elem_id, mid;
4679 tname = __btf_name_by_offset(btf_vmlinux, t->name_off);
4680 if (!btf_type_is_struct(t)) {
4681 bpf_log(log, "Type '%s' is not a struct\n", tname);
4685 vlen = btf_type_vlen(t);
4686 if (off + size > t->size) {
4687 /* If the last element is a variable size array, we may
4688 * need to relax the rule.
4690 struct btf_array *array_elem;
4695 member = btf_type_member(t) + vlen - 1;
4696 mtype = btf_type_skip_modifiers(btf_vmlinux, member->type,
4698 if (!btf_type_is_array(mtype))
4701 array_elem = (struct btf_array *)(mtype + 1);
4702 if (array_elem->nelems != 0)
4705 moff = btf_member_bit_offset(t, member) / 8;
4709 /* Only allow structure for now, can be relaxed for
4710 * other types later.
4712 t = btf_type_skip_modifiers(btf_vmlinux, array_elem->type,
4714 if (!btf_type_is_struct(t))
4717 off = (off - moff) % t->size;
4721 bpf_log(log, "access beyond struct %s at off %u size %u\n",
4726 for_each_member(i, t, member) {
4727 /* offset of the field in bytes */
4728 moff = btf_member_bit_offset(t, member) / 8;
4729 if (off + size <= moff)
4730 /* won't find anything, field is already too far */
4733 if (btf_member_bitfield_size(t, member)) {
4734 u32 end_bit = btf_member_bit_offset(t, member) +
4735 btf_member_bitfield_size(t, member);
4737 /* off <= moff instead of off == moff because clang
4738 * does not generate a BTF member for anonymous
4739 * bitfield like the ":16" here:
4746 BITS_ROUNDUP_BYTES(end_bit) <= off + size)
4749 /* off may be accessing a following member
4753 * Doing partial access at either end of this
4754 * bitfield. Continue on this case also to
4755 * treat it as not accessing this bitfield
4756 * and eventually error out as field not
4757 * found to keep it simple.
4758 * It could be relaxed if there was a legit
4759 * partial access case later.
4764 /* In case of "off" is pointing to holes of a struct */
4768 /* type of the field */
4770 mtype = btf_type_by_id(btf_vmlinux, member->type);
4771 mname = __btf_name_by_offset(btf_vmlinux, member->name_off);
4773 mtype = __btf_resolve_size(btf_vmlinux, mtype, &msize,
4774 &elem_type, &elem_id, &total_nelems,
4776 if (IS_ERR(mtype)) {
4777 bpf_log(log, "field %s doesn't have size\n", mname);
4781 mtrue_end = moff + msize;
4782 if (off >= mtrue_end)
4783 /* no overlap with member, keep iterating */
4786 if (btf_type_is_array(mtype)) {
4789 /* __btf_resolve_size() above helps to
4790 * linearize a multi-dimensional array.
4792 * The logic here is treating an array
4793 * in a struct as the following way:
4796 * struct inner array[2][2];
4802 * struct inner array_elem0;
4803 * struct inner array_elem1;
4804 * struct inner array_elem2;
4805 * struct inner array_elem3;
4808 * When accessing outer->array[1][0], it moves
4809 * moff to "array_elem2", set mtype to
4810 * "struct inner", and msize also becomes
4811 * sizeof(struct inner). Then most of the
4812 * remaining logic will fall through without
4813 * caring the current member is an array or
4816 * Unlike mtype/msize/moff, mtrue_end does not
4817 * change. The naming difference ("_true") tells
4818 * that it is not always corresponding to
4819 * the current mtype/msize/moff.
4820 * It is the true end of the current
4821 * member (i.e. array in this case). That
4822 * will allow an int array to be accessed like
4824 * i.e. allow access beyond the size of
4825 * the array's element as long as it is
4826 * within the mtrue_end boundary.
4829 /* skip empty array */
4830 if (moff == mtrue_end)
4833 msize /= total_nelems;
4834 elem_idx = (off - moff) / msize;
4835 moff += elem_idx * msize;
4840 /* the 'off' we're looking for is either equal to start
4841 * of this field or inside of this struct
4843 if (btf_type_is_struct(mtype)) {
4844 /* our field must be inside that union or struct */
4847 /* return if the offset matches the member offset */
4853 /* adjust offset we're looking for */
4858 if (btf_type_is_ptr(mtype)) {
4859 const struct btf_type *stype;
4862 if (msize != size || off != moff) {
4864 "cannot access ptr member %s with moff %u in struct %s with off %u size %u\n",
4865 mname, moff, tname, off, size);
4868 stype = btf_type_skip_modifiers(btf_vmlinux, mtype->type, &id);
4869 if (btf_type_is_struct(stype)) {
4875 /* Allow more flexible access within an int as long as
4876 * it is within mtrue_end.
4877 * Since mtrue_end could be the end of an array,
4878 * that also allows using an array of int as a scratch
4879 * space. e.g. skb->cb[].
4881 if (off + size > mtrue_end) {
4883 "access beyond the end of member %s (mend:%u) in struct %s with off %u size %u\n",
4884 mname, mtrue_end, tname, off, size);
4890 bpf_log(log, "struct %s doesn't have field at offset %d\n", tname, off);
4894 int btf_struct_access(struct bpf_verifier_log *log,
4895 const struct btf_type *t, int off, int size,
4896 enum bpf_access_type atype __maybe_unused,
4903 err = btf_struct_walk(log, t, off, size, &id);
4907 /* If we found the pointer or scalar on t+off,
4911 return PTR_TO_BTF_ID;
4913 return SCALAR_VALUE;
4915 /* We found nested struct, so continue the search
4916 * by diving in it. At this point the offset is
4917 * aligned with the new type, so set it to 0.
4919 t = btf_type_by_id(btf_vmlinux, id);
4923 /* It's either error or unknown return value..
4926 if (WARN_ONCE(err > 0, "unknown btf_struct_walk return value"))
4935 bool btf_struct_ids_match(struct bpf_verifier_log *log,
4936 int off, u32 id, u32 need_type_id)
4938 const struct btf_type *type;
4941 /* Are we already done? */
4942 if (need_type_id == id && off == 0)
4946 type = btf_type_by_id(btf_vmlinux, id);
4949 err = btf_struct_walk(log, type, off, 1, &id);
4950 if (err != WALK_STRUCT)
4953 /* We found nested struct object. If it matches
4954 * the requested ID, we're done. Otherwise let's
4955 * continue the search with offset 0 in the new
4958 if (need_type_id != id) {
4966 static int __get_type_size(struct btf *btf, u32 btf_id,
4967 const struct btf_type **bad_type)
4969 const struct btf_type *t;
4974 t = btf_type_by_id(btf, btf_id);
4975 while (t && btf_type_is_modifier(t))
4976 t = btf_type_by_id(btf, t->type);
4978 *bad_type = btf_type_by_id(btf, 0);
4981 if (btf_type_is_ptr(t))
4982 /* kernel size of pointer. Not BPF's size of pointer*/
4983 return sizeof(void *);
4984 if (btf_type_is_int(t) || btf_type_is_enum(t))
4990 int btf_distill_func_proto(struct bpf_verifier_log *log,
4992 const struct btf_type *func,
4994 struct btf_func_model *m)
4996 const struct btf_param *args;
4997 const struct btf_type *t;
5002 /* BTF function prototype doesn't match the verifier types.
5003 * Fall back to 5 u64 args.
5005 for (i = 0; i < 5; i++)
5011 args = (const struct btf_param *)(func + 1);
5012 nargs = btf_type_vlen(func);
5013 if (nargs >= MAX_BPF_FUNC_ARGS) {
5015 "The function %s has %d arguments. Too many.\n",
5019 ret = __get_type_size(btf, func->type, &t);
5022 "The function %s return type %s is unsupported.\n",
5023 tname, btf_kind_str[BTF_INFO_KIND(t->info)]);
5028 for (i = 0; i < nargs; i++) {
5029 ret = __get_type_size(btf, args[i].type, &t);
5032 "The function %s arg%d type %s is unsupported.\n",
5033 tname, i, btf_kind_str[BTF_INFO_KIND(t->info)]);
5036 m->arg_size[i] = ret;
5042 /* Compare BTFs of two functions assuming only scalars and pointers to context.
5043 * t1 points to BTF_KIND_FUNC in btf1
5044 * t2 points to BTF_KIND_FUNC in btf2
5046 * EINVAL - function prototype mismatch
5047 * EFAULT - verifier bug
5048 * 0 - 99% match. The last 1% is validated by the verifier.
5050 static int btf_check_func_type_match(struct bpf_verifier_log *log,
5051 struct btf *btf1, const struct btf_type *t1,
5052 struct btf *btf2, const struct btf_type *t2)
5054 const struct btf_param *args1, *args2;
5055 const char *fn1, *fn2, *s1, *s2;
5056 u32 nargs1, nargs2, i;
5058 fn1 = btf_name_by_offset(btf1, t1->name_off);
5059 fn2 = btf_name_by_offset(btf2, t2->name_off);
5061 if (btf_func_linkage(t1) != BTF_FUNC_GLOBAL) {
5062 bpf_log(log, "%s() is not a global function\n", fn1);
5065 if (btf_func_linkage(t2) != BTF_FUNC_GLOBAL) {
5066 bpf_log(log, "%s() is not a global function\n", fn2);
5070 t1 = btf_type_by_id(btf1, t1->type);
5071 if (!t1 || !btf_type_is_func_proto(t1))
5073 t2 = btf_type_by_id(btf2, t2->type);
5074 if (!t2 || !btf_type_is_func_proto(t2))
5077 args1 = (const struct btf_param *)(t1 + 1);
5078 nargs1 = btf_type_vlen(t1);
5079 args2 = (const struct btf_param *)(t2 + 1);
5080 nargs2 = btf_type_vlen(t2);
5082 if (nargs1 != nargs2) {
5083 bpf_log(log, "%s() has %d args while %s() has %d args\n",
5084 fn1, nargs1, fn2, nargs2);
5088 t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
5089 t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
5090 if (t1->info != t2->info) {
5092 "Return type %s of %s() doesn't match type %s of %s()\n",
5093 btf_type_str(t1), fn1,
5094 btf_type_str(t2), fn2);
5098 for (i = 0; i < nargs1; i++) {
5099 t1 = btf_type_skip_modifiers(btf1, args1[i].type, NULL);
5100 t2 = btf_type_skip_modifiers(btf2, args2[i].type, NULL);
5102 if (t1->info != t2->info) {
5103 bpf_log(log, "arg%d in %s() is %s while %s() has %s\n",
5104 i, fn1, btf_type_str(t1),
5105 fn2, btf_type_str(t2));
5108 if (btf_type_has_size(t1) && t1->size != t2->size) {
5110 "arg%d in %s() has size %d while %s() has %d\n",
5116 /* global functions are validated with scalars and pointers
5117 * to context only. And only global functions can be replaced.
5118 * Hence type check only those types.
5120 if (btf_type_is_int(t1) || btf_type_is_enum(t1))
5122 if (!btf_type_is_ptr(t1)) {
5124 "arg%d in %s() has unrecognized type\n",
5128 t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
5129 t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
5130 if (!btf_type_is_struct(t1)) {
5132 "arg%d in %s() is not a pointer to context\n",
5136 if (!btf_type_is_struct(t2)) {
5138 "arg%d in %s() is not a pointer to context\n",
5142 /* This is an optional check to make program writing easier.
5143 * Compare names of structs and report an error to the user.
5144 * btf_prepare_func_args() already checked that t2 struct
5145 * is a context type. btf_prepare_func_args() will check
5146 * later that t1 struct is a context type as well.
5148 s1 = btf_name_by_offset(btf1, t1->name_off);
5149 s2 = btf_name_by_offset(btf2, t2->name_off);
5150 if (strcmp(s1, s2)) {
5152 "arg%d %s(struct %s *) doesn't match %s(struct %s *)\n",
5153 i, fn1, s1, fn2, s2);
5160 /* Compare BTFs of given program with BTF of target program */
5161 int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *prog,
5162 struct btf *btf2, const struct btf_type *t2)
5164 struct btf *btf1 = prog->aux->btf;
5165 const struct btf_type *t1;
5168 if (!prog->aux->func_info) {
5169 bpf_log(log, "Program extension requires BTF\n");
5173 btf_id = prog->aux->func_info[0].type_id;
5177 t1 = btf_type_by_id(btf1, btf_id);
5178 if (!t1 || !btf_type_is_func(t1))
5181 return btf_check_func_type_match(log, btf1, t1, btf2, t2);
5184 /* Compare BTF of a function with given bpf_reg_state.
5186 * EFAULT - there is a verifier bug. Abort verification.
5187 * EINVAL - there is a type mismatch or BTF is not available.
5188 * 0 - BTF matches with what bpf_reg_state expects.
5189 * Only PTR_TO_CTX and SCALAR_VALUE states are recognized.
5191 int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog,
5192 struct bpf_reg_state *reg)
5194 struct bpf_verifier_log *log = &env->log;
5195 struct bpf_prog *prog = env->prog;
5196 struct btf *btf = prog->aux->btf;
5197 const struct btf_param *args;
5198 const struct btf_type *t;
5199 u32 i, nargs, btf_id;
5202 if (!prog->aux->func_info)
5205 btf_id = prog->aux->func_info[subprog].type_id;
5209 if (prog->aux->func_info_aux[subprog].unreliable)
5212 t = btf_type_by_id(btf, btf_id);
5213 if (!t || !btf_type_is_func(t)) {
5214 /* These checks were already done by the verifier while loading
5215 * struct bpf_func_info
5217 bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n",
5221 tname = btf_name_by_offset(btf, t->name_off);
5223 t = btf_type_by_id(btf, t->type);
5224 if (!t || !btf_type_is_func_proto(t)) {
5225 bpf_log(log, "Invalid BTF of func %s\n", tname);
5228 args = (const struct btf_param *)(t + 1);
5229 nargs = btf_type_vlen(t);
5231 bpf_log(log, "Function %s has %d > 5 args\n", tname, nargs);
5234 /* check that BTF function arguments match actual types that the
5237 for (i = 0; i < nargs; i++) {
5238 t = btf_type_by_id(btf, args[i].type);
5239 while (btf_type_is_modifier(t))
5240 t = btf_type_by_id(btf, t->type);
5241 if (btf_type_is_int(t) || btf_type_is_enum(t)) {
5242 if (reg[i + 1].type == SCALAR_VALUE)
5244 bpf_log(log, "R%d is not a scalar\n", i + 1);
5247 if (btf_type_is_ptr(t)) {
5248 if (reg[i + 1].type == SCALAR_VALUE) {
5249 bpf_log(log, "R%d is not a pointer\n", i + 1);
5252 /* If function expects ctx type in BTF check that caller
5253 * is passing PTR_TO_CTX.
5255 if (btf_get_prog_ctx_type(log, btf, t, prog->type, i)) {
5256 if (reg[i + 1].type != PTR_TO_CTX) {
5258 "arg#%d expected pointer to ctx, but got %s\n",
5259 i, btf_kind_str[BTF_INFO_KIND(t->info)]);
5262 if (check_ctx_reg(env, ®[i + 1], i + 1))
5267 bpf_log(log, "Unrecognized arg#%d type %s\n",
5268 i, btf_kind_str[BTF_INFO_KIND(t->info)]);
5273 /* Compiler optimizations can remove arguments from static functions
5274 * or mismatched type can be passed into a global function.
5275 * In such cases mark the function as unreliable from BTF point of view.
5277 prog->aux->func_info_aux[subprog].unreliable = true;
5281 /* Convert BTF of a function into bpf_reg_state if possible
5283 * EFAULT - there is a verifier bug. Abort verification.
5284 * EINVAL - cannot convert BTF.
5285 * 0 - Successfully converted BTF into bpf_reg_state
5286 * (either PTR_TO_CTX or SCALAR_VALUE).
5288 int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog,
5289 struct bpf_reg_state *reg)
5291 struct bpf_verifier_log *log = &env->log;
5292 struct bpf_prog *prog = env->prog;
5293 enum bpf_prog_type prog_type = prog->type;
5294 struct btf *btf = prog->aux->btf;
5295 const struct btf_param *args;
5296 const struct btf_type *t;
5297 u32 i, nargs, btf_id;
5300 if (!prog->aux->func_info ||
5301 prog->aux->func_info_aux[subprog].linkage != BTF_FUNC_GLOBAL) {
5302 bpf_log(log, "Verifier bug\n");
5306 btf_id = prog->aux->func_info[subprog].type_id;
5308 bpf_log(log, "Global functions need valid BTF\n");
5312 t = btf_type_by_id(btf, btf_id);
5313 if (!t || !btf_type_is_func(t)) {
5314 /* These checks were already done by the verifier while loading
5315 * struct bpf_func_info
5317 bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n",
5321 tname = btf_name_by_offset(btf, t->name_off);
5323 if (log->level & BPF_LOG_LEVEL)
5324 bpf_log(log, "Validating %s() func#%d...\n",
5327 if (prog->aux->func_info_aux[subprog].unreliable) {
5328 bpf_log(log, "Verifier bug in function %s()\n", tname);
5331 if (prog_type == BPF_PROG_TYPE_EXT)
5332 prog_type = prog->aux->dst_prog->type;
5334 t = btf_type_by_id(btf, t->type);
5335 if (!t || !btf_type_is_func_proto(t)) {
5336 bpf_log(log, "Invalid type of function %s()\n", tname);
5339 args = (const struct btf_param *)(t + 1);
5340 nargs = btf_type_vlen(t);
5342 bpf_log(log, "Global function %s() with %d > 5 args. Buggy compiler.\n",
5346 /* check that function returns int */
5347 t = btf_type_by_id(btf, t->type);
5348 while (btf_type_is_modifier(t))
5349 t = btf_type_by_id(btf, t->type);
5350 if (!btf_type_is_int(t) && !btf_type_is_enum(t)) {
5352 "Global function %s() doesn't return scalar. Only those are supported.\n",
5356 /* Convert BTF function arguments into verifier types.
5357 * Only PTR_TO_CTX and SCALAR are supported atm.
5359 for (i = 0; i < nargs; i++) {
5360 t = btf_type_by_id(btf, args[i].type);
5361 while (btf_type_is_modifier(t))
5362 t = btf_type_by_id(btf, t->type);
5363 if (btf_type_is_int(t) || btf_type_is_enum(t)) {
5364 reg[i + 1].type = SCALAR_VALUE;
5367 if (btf_type_is_ptr(t) &&
5368 btf_get_prog_ctx_type(log, btf, t, prog_type, i)) {
5369 reg[i + 1].type = PTR_TO_CTX;
5372 bpf_log(log, "Arg#%d type %s in %s() is not supported yet.\n",
5373 i, btf_kind_str[BTF_INFO_KIND(t->info)], tname);
5379 static void btf_type_show(const struct btf *btf, u32 type_id, void *obj,
5380 struct btf_show *show)
5382 const struct btf_type *t = btf_type_by_id(btf, type_id);
5385 memset(&show->state, 0, sizeof(show->state));
5386 memset(&show->obj, 0, sizeof(show->obj));
5388 btf_type_ops(t)->show(btf, t, type_id, obj, 0, show);
5391 static void btf_seq_show(struct btf_show *show, const char *fmt,
5394 seq_vprintf((struct seq_file *)show->target, fmt, args);
5397 int btf_type_seq_show_flags(const struct btf *btf, u32 type_id,
5398 void *obj, struct seq_file *m, u64 flags)
5400 struct btf_show sseq;
5403 sseq.showfn = btf_seq_show;
5406 btf_type_show(btf, type_id, obj, &sseq);
5408 return sseq.state.status;
5411 void btf_type_seq_show(const struct btf *btf, u32 type_id, void *obj,
5414 (void) btf_type_seq_show_flags(btf, type_id, obj, m,
5415 BTF_SHOW_NONAME | BTF_SHOW_COMPACT |
5416 BTF_SHOW_ZERO | BTF_SHOW_UNSAFE);
5419 struct btf_show_snprintf {
5420 struct btf_show show;
5421 int len_left; /* space left in string */
5422 int len; /* length we would have written */
5425 static void btf_snprintf_show(struct btf_show *show, const char *fmt,
5428 struct btf_show_snprintf *ssnprintf = (struct btf_show_snprintf *)show;
5431 len = vsnprintf(show->target, ssnprintf->len_left, fmt, args);
5434 ssnprintf->len_left = 0;
5435 ssnprintf->len = len;
5436 } else if (len > ssnprintf->len_left) {
5437 /* no space, drive on to get length we would have written */
5438 ssnprintf->len_left = 0;
5439 ssnprintf->len += len;
5441 ssnprintf->len_left -= len;
5442 ssnprintf->len += len;
5443 show->target += len;
5447 int btf_type_snprintf_show(const struct btf *btf, u32 type_id, void *obj,
5448 char *buf, int len, u64 flags)
5450 struct btf_show_snprintf ssnprintf;
5452 ssnprintf.show.target = buf;
5453 ssnprintf.show.flags = flags;
5454 ssnprintf.show.showfn = btf_snprintf_show;
5455 ssnprintf.len_left = len;
5458 btf_type_show(btf, type_id, obj, (struct btf_show *)&ssnprintf);
5460 /* If we encontered an error, return it. */
5461 if (ssnprintf.show.state.status)
5462 return ssnprintf.show.state.status;
5464 /* Otherwise return length we would have written */
5465 return ssnprintf.len;
5468 #ifdef CONFIG_PROC_FS
5469 static void bpf_btf_show_fdinfo(struct seq_file *m, struct file *filp)
5471 const struct btf *btf = filp->private_data;
5473 seq_printf(m, "btf_id:\t%u\n", btf->id);
5477 static int btf_release(struct inode *inode, struct file *filp)
5479 btf_put(filp->private_data);
5483 const struct file_operations btf_fops = {
5484 #ifdef CONFIG_PROC_FS
5485 .show_fdinfo = bpf_btf_show_fdinfo,
5487 .release = btf_release,
5490 static int __btf_new_fd(struct btf *btf)
5492 return anon_inode_getfd("btf", &btf_fops, btf, O_RDONLY | O_CLOEXEC);
5495 int btf_new_fd(const union bpf_attr *attr)
5500 btf = btf_parse(u64_to_user_ptr(attr->btf),
5501 attr->btf_size, attr->btf_log_level,
5502 u64_to_user_ptr(attr->btf_log_buf),
5503 attr->btf_log_size);
5505 return PTR_ERR(btf);
5507 ret = btf_alloc_id(btf);
5514 * The BTF ID is published to the userspace.
5515 * All BTF free must go through call_rcu() from
5516 * now on (i.e. free by calling btf_put()).
5519 ret = __btf_new_fd(btf);
5526 struct btf *btf_get_by_fd(int fd)
5534 return ERR_PTR(-EBADF);
5536 if (f.file->f_op != &btf_fops) {
5538 return ERR_PTR(-EINVAL);
5541 btf = f.file->private_data;
5542 refcount_inc(&btf->refcnt);
5548 int btf_get_info_by_fd(const struct btf *btf,
5549 const union bpf_attr *attr,
5550 union bpf_attr __user *uattr)
5552 struct bpf_btf_info __user *uinfo;
5553 struct bpf_btf_info info;
5554 u32 info_copy, btf_copy;
5558 uinfo = u64_to_user_ptr(attr->info.info);
5559 uinfo_len = attr->info.info_len;
5561 info_copy = min_t(u32, uinfo_len, sizeof(info));
5562 memset(&info, 0, sizeof(info));
5563 if (copy_from_user(&info, uinfo, info_copy))
5567 ubtf = u64_to_user_ptr(info.btf);
5568 btf_copy = min_t(u32, btf->data_size, info.btf_size);
5569 if (copy_to_user(ubtf, btf->data, btf_copy))
5571 info.btf_size = btf->data_size;
5573 if (copy_to_user(uinfo, &info, info_copy) ||
5574 put_user(info_copy, &uattr->info.info_len))
5580 int btf_get_fd_by_id(u32 id)
5586 btf = idr_find(&btf_idr, id);
5587 if (!btf || !refcount_inc_not_zero(&btf->refcnt))
5588 btf = ERR_PTR(-ENOENT);
5592 return PTR_ERR(btf);
5594 fd = __btf_new_fd(btf);
5601 u32 btf_id(const struct btf *btf)
5606 static int btf_id_cmp_func(const void *a, const void *b)
5608 const int *pa = a, *pb = b;
5613 bool btf_id_set_contains(const struct btf_id_set *set, u32 id)
5615 return bsearch(&id, set->ids, set->cnt, sizeof(u32), btf_id_cmp_func) != NULL;