1 /* SPDX-License-Identifier: GPL-2.0 */
2 /* Copyright (c) 2018 Facebook */
4 #include <uapi/linux/btf.h>
5 #include <uapi/linux/bpf.h>
6 #include <uapi/linux/bpf_perf_event.h>
7 #include <uapi/linux/types.h>
8 #include <linux/seq_file.h>
9 #include <linux/compiler.h>
10 #include <linux/ctype.h>
11 #include <linux/errno.h>
12 #include <linux/slab.h>
13 #include <linux/anon_inodes.h>
14 #include <linux/file.h>
15 #include <linux/uaccess.h>
16 #include <linux/kernel.h>
17 #include <linux/idr.h>
18 #include <linux/sort.h>
19 #include <linux/bpf_verifier.h>
20 #include <linux/btf.h>
21 #include <linux/btf_ids.h>
22 #include <linux/skmsg.h>
23 #include <linux/perf_event.h>
24 #include <linux/bsearch.h>
25 #include <linux/btf_ids.h>
28 /* BTF (BPF Type Format) is the meta data format which describes
29 * the data types of BPF program/map. Hence, it basically focus
30 * on the C programming language which the modern BPF is primary
35 * The BTF data is stored under the ".BTF" ELF section
39 * Each 'struct btf_type' object describes a C data type.
40 * Depending on the type it is describing, a 'struct btf_type'
41 * object may be followed by more data. F.e.
42 * To describe an array, 'struct btf_type' is followed by
45 * 'struct btf_type' and any extra data following it are
50 * The BTF type section contains a list of 'struct btf_type' objects.
51 * Each one describes a C type. Recall from the above section
52 * that a 'struct btf_type' object could be immediately followed by extra
53 * data in order to desribe some particular C types.
57 * Each btf_type object is identified by a type_id. The type_id
58 * is implicitly implied by the location of the btf_type object in
59 * the BTF type section. The first one has type_id 1. The second
60 * one has type_id 2...etc. Hence, an earlier btf_type has
63 * A btf_type object may refer to another btf_type object by using
64 * type_id (i.e. the "type" in the "struct btf_type").
66 * NOTE that we cannot assume any reference-order.
67 * A btf_type object can refer to an earlier btf_type object
68 * but it can also refer to a later btf_type object.
70 * For example, to describe "const void *". A btf_type
71 * object describing "const" may refer to another btf_type
72 * object describing "void *". This type-reference is done
73 * by specifying type_id:
75 * [1] CONST (anon) type_id=2
76 * [2] PTR (anon) type_id=0
78 * The above is the btf_verifier debug log:
79 * - Each line started with "[?]" is a btf_type object
80 * - [?] is the type_id of the btf_type object.
81 * - CONST/PTR is the BTF_KIND_XXX
82 * - "(anon)" is the name of the type. It just
83 * happens that CONST and PTR has no name.
84 * - type_id=XXX is the 'u32 type' in btf_type
86 * NOTE: "void" has type_id 0
90 * The BTF string section contains the names used by the type section.
91 * Each string is referred by an "offset" from the beginning of the
94 * Each string is '\0' terminated.
96 * The first character in the string section must be '\0'
97 * which is used to mean 'anonymous'. Some btf_type may not
103 * To verify BTF data, two passes are needed.
107 * The first pass is to collect all btf_type objects to
108 * an array: "btf->types".
110 * Depending on the C type that a btf_type is describing,
111 * a btf_type may be followed by extra data. We don't know
112 * how many btf_type is there, and more importantly we don't
113 * know where each btf_type is located in the type section.
115 * Without knowing the location of each type_id, most verifications
116 * cannot be done. e.g. an earlier btf_type may refer to a later
117 * btf_type (recall the "const void *" above), so we cannot
118 * check this type-reference in the first pass.
120 * In the first pass, it still does some verifications (e.g.
121 * checking the name is a valid offset to the string section).
125 * The main focus is to resolve a btf_type that is referring
128 * We have to ensure the referring type:
129 * 1) does exist in the BTF (i.e. in btf->types[])
130 * 2) does not cause a loop:
139 * btf_type_needs_resolve() decides if a btf_type needs
142 * The needs_resolve type implements the "resolve()" ops which
143 * essentially does a DFS and detects backedge.
145 * During resolve (or DFS), different C types have different
146 * "RESOLVED" conditions.
148 * When resolving a BTF_KIND_STRUCT, we need to resolve all its
149 * members because a member is always referring to another
150 * type. A struct's member can be treated as "RESOLVED" if
151 * it is referring to a BTF_KIND_PTR. Otherwise, the
152 * following valid C struct would be rejected:
159 * When resolving a BTF_KIND_PTR, it needs to keep resolving if
160 * it is referring to another BTF_KIND_PTR. Otherwise, we cannot
161 * detect a pointer loop, e.g.:
162 * BTF_KIND_CONST -> BTF_KIND_PTR -> BTF_KIND_CONST -> BTF_KIND_PTR +
164 * +-----------------------------------------+
168 #define BITS_PER_U128 (sizeof(u64) * BITS_PER_BYTE * 2)
169 #define BITS_PER_BYTE_MASK (BITS_PER_BYTE - 1)
170 #define BITS_PER_BYTE_MASKED(bits) ((bits) & BITS_PER_BYTE_MASK)
171 #define BITS_ROUNDDOWN_BYTES(bits) ((bits) >> 3)
172 #define BITS_ROUNDUP_BYTES(bits) \
173 (BITS_ROUNDDOWN_BYTES(bits) + !!BITS_PER_BYTE_MASKED(bits))
175 #define BTF_INFO_MASK 0x8f00ffff
176 #define BTF_INT_MASK 0x0fffffff
177 #define BTF_TYPE_ID_VALID(type_id) ((type_id) <= BTF_MAX_TYPE)
178 #define BTF_STR_OFFSET_VALID(name_off) ((name_off) <= BTF_MAX_NAME_OFFSET)
180 /* 16MB for 64k structs and each has 16 members and
181 * a few MB spaces for the string section.
182 * The hard limit is S32_MAX.
184 #define BTF_MAX_SIZE (16 * 1024 * 1024)
186 #define for_each_member_from(i, from, struct_type, member) \
187 for (i = from, member = btf_type_member(struct_type) + from; \
188 i < btf_type_vlen(struct_type); \
191 #define for_each_vsi_from(i, from, struct_type, member) \
192 for (i = from, member = btf_type_var_secinfo(struct_type) + from; \
193 i < btf_type_vlen(struct_type); \
197 DEFINE_SPINLOCK(btf_idr_lock);
201 struct btf_type **types;
206 struct btf_header hdr;
215 enum verifier_phase {
220 struct resolve_vertex {
221 const struct btf_type *t;
233 RESOLVE_TBD, /* To Be Determined */
234 RESOLVE_PTR, /* Resolving for Pointer */
235 RESOLVE_STRUCT_OR_ARRAY, /* Resolving for struct/union
240 #define MAX_RESOLVE_DEPTH 32
242 struct btf_sec_info {
247 struct btf_verifier_env {
250 struct resolve_vertex stack[MAX_RESOLVE_DEPTH];
251 struct bpf_verifier_log log;
254 enum verifier_phase phase;
255 enum resolve_mode resolve_mode;
258 static const char * const btf_kind_str[NR_BTF_KINDS] = {
259 [BTF_KIND_UNKN] = "UNKNOWN",
260 [BTF_KIND_INT] = "INT",
261 [BTF_KIND_PTR] = "PTR",
262 [BTF_KIND_ARRAY] = "ARRAY",
263 [BTF_KIND_STRUCT] = "STRUCT",
264 [BTF_KIND_UNION] = "UNION",
265 [BTF_KIND_ENUM] = "ENUM",
266 [BTF_KIND_FWD] = "FWD",
267 [BTF_KIND_TYPEDEF] = "TYPEDEF",
268 [BTF_KIND_VOLATILE] = "VOLATILE",
269 [BTF_KIND_CONST] = "CONST",
270 [BTF_KIND_RESTRICT] = "RESTRICT",
271 [BTF_KIND_FUNC] = "FUNC",
272 [BTF_KIND_FUNC_PROTO] = "FUNC_PROTO",
273 [BTF_KIND_VAR] = "VAR",
274 [BTF_KIND_DATASEC] = "DATASEC",
277 static const char *btf_type_str(const struct btf_type *t)
279 return btf_kind_str[BTF_INFO_KIND(t->info)];
282 /* Chunk size we use in safe copy of data to be shown. */
283 #define BTF_SHOW_OBJ_SAFE_SIZE 32
286 * This is the maximum size of a base type value (equivalent to a
287 * 128-bit int); if we are at the end of our safe buffer and have
288 * less than 16 bytes space we can't be assured of being able
289 * to copy the next type safely, so in such cases we will initiate
292 #define BTF_SHOW_OBJ_BASE_TYPE_SIZE 16
295 #define BTF_SHOW_NAME_SIZE 80
298 * Common data to all BTF show operations. Private show functions can add
299 * their own data to a structure containing a struct btf_show and consult it
300 * in the show callback. See btf_type_show() below.
302 * One challenge with showing nested data is we want to skip 0-valued
303 * data, but in order to figure out whether a nested object is all zeros
304 * we need to walk through it. As a result, we need to make two passes
305 * when handling structs, unions and arrays; the first path simply looks
306 * for nonzero data, while the second actually does the display. The first
307 * pass is signalled by show->state.depth_check being set, and if we
308 * encounter a non-zero value we set show->state.depth_to_show to
309 * the depth at which we encountered it. When we have completed the
310 * first pass, we will know if anything needs to be displayed if
311 * depth_to_show > depth. See btf_[struct,array]_show() for the
312 * implementation of this.
314 * Another problem is we want to ensure the data for display is safe to
315 * access. To support this, the anonymous "struct {} obj" tracks the data
316 * object and our safe copy of it. We copy portions of the data needed
317 * to the object "copy" buffer, but because its size is limited to
318 * BTF_SHOW_OBJ_COPY_LEN bytes, multiple copies may be required as we
319 * traverse larger objects for display.
321 * The various data type show functions all start with a call to
322 * btf_show_start_type() which returns a pointer to the safe copy
323 * of the data needed (or if BTF_SHOW_UNSAFE is specified, to the
324 * raw data itself). btf_show_obj_safe() is responsible for
325 * using copy_from_kernel_nofault() to update the safe data if necessary
326 * as we traverse the object's data. skbuff-like semantics are
329 * - obj.head points to the start of the toplevel object for display
330 * - obj.size is the size of the toplevel object
331 * - obj.data points to the current point in the original data at
332 * which our safe data starts. obj.data will advance as we copy
333 * portions of the data.
335 * In most cases a single copy will suffice, but larger data structures
336 * such as "struct task_struct" will require many copies. The logic in
337 * btf_show_obj_safe() handles the logic that determines if a new
338 * copy_from_kernel_nofault() is needed.
342 void *target; /* target of show operation (seq file, buffer) */
343 void (*showfn)(struct btf_show *show, const char *fmt, va_list args);
344 const struct btf *btf;
345 /* below are used during iteration */
354 int status; /* non-zero for error */
355 const struct btf_type *type;
356 const struct btf_member *member;
357 char name[BTF_SHOW_NAME_SIZE]; /* space for member name/type */
363 u8 safe[BTF_SHOW_OBJ_SAFE_SIZE];
367 struct btf_kind_operations {
368 s32 (*check_meta)(struct btf_verifier_env *env,
369 const struct btf_type *t,
371 int (*resolve)(struct btf_verifier_env *env,
372 const struct resolve_vertex *v);
373 int (*check_member)(struct btf_verifier_env *env,
374 const struct btf_type *struct_type,
375 const struct btf_member *member,
376 const struct btf_type *member_type);
377 int (*check_kflag_member)(struct btf_verifier_env *env,
378 const struct btf_type *struct_type,
379 const struct btf_member *member,
380 const struct btf_type *member_type);
381 void (*log_details)(struct btf_verifier_env *env,
382 const struct btf_type *t);
383 void (*show)(const struct btf *btf, const struct btf_type *t,
384 u32 type_id, void *data, u8 bits_offsets,
385 struct btf_show *show);
388 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS];
389 static struct btf_type btf_void;
391 static int btf_resolve(struct btf_verifier_env *env,
392 const struct btf_type *t, u32 type_id);
394 static bool btf_type_is_modifier(const struct btf_type *t)
396 /* Some of them is not strictly a C modifier
397 * but they are grouped into the same bucket
399 * A type (t) that refers to another
400 * type through t->type AND its size cannot
401 * be determined without following the t->type.
403 * ptr does not fall into this bucket
404 * because its size is always sizeof(void *).
406 switch (BTF_INFO_KIND(t->info)) {
407 case BTF_KIND_TYPEDEF:
408 case BTF_KIND_VOLATILE:
410 case BTF_KIND_RESTRICT:
417 bool btf_type_is_void(const struct btf_type *t)
419 return t == &btf_void;
422 static bool btf_type_is_fwd(const struct btf_type *t)
424 return BTF_INFO_KIND(t->info) == BTF_KIND_FWD;
427 static bool btf_type_nosize(const struct btf_type *t)
429 return btf_type_is_void(t) || btf_type_is_fwd(t) ||
430 btf_type_is_func(t) || btf_type_is_func_proto(t);
433 static bool btf_type_nosize_or_null(const struct btf_type *t)
435 return !t || btf_type_nosize(t);
438 static bool __btf_type_is_struct(const struct btf_type *t)
440 return BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT;
443 static bool btf_type_is_array(const struct btf_type *t)
445 return BTF_INFO_KIND(t->info) == BTF_KIND_ARRAY;
448 static bool btf_type_is_datasec(const struct btf_type *t)
450 return BTF_INFO_KIND(t->info) == BTF_KIND_DATASEC;
453 s32 btf_find_by_name_kind(const struct btf *btf, const char *name, u8 kind)
455 const struct btf_type *t;
459 for (i = 1; i <= btf->nr_types; i++) {
461 if (BTF_INFO_KIND(t->info) != kind)
464 tname = btf_name_by_offset(btf, t->name_off);
465 if (!strcmp(tname, name))
472 const struct btf_type *btf_type_skip_modifiers(const struct btf *btf,
475 const struct btf_type *t = btf_type_by_id(btf, id);
477 while (btf_type_is_modifier(t)) {
479 t = btf_type_by_id(btf, t->type);
488 const struct btf_type *btf_type_resolve_ptr(const struct btf *btf,
491 const struct btf_type *t;
493 t = btf_type_skip_modifiers(btf, id, NULL);
494 if (!btf_type_is_ptr(t))
497 return btf_type_skip_modifiers(btf, t->type, res_id);
500 const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf,
503 const struct btf_type *ptype;
505 ptype = btf_type_resolve_ptr(btf, id, res_id);
506 if (ptype && btf_type_is_func_proto(ptype))
512 /* Types that act only as a source, not sink or intermediate
513 * type when resolving.
515 static bool btf_type_is_resolve_source_only(const struct btf_type *t)
517 return btf_type_is_var(t) ||
518 btf_type_is_datasec(t);
521 /* What types need to be resolved?
523 * btf_type_is_modifier() is an obvious one.
525 * btf_type_is_struct() because its member refers to
526 * another type (through member->type).
528 * btf_type_is_var() because the variable refers to
529 * another type. btf_type_is_datasec() holds multiple
530 * btf_type_is_var() types that need resolving.
532 * btf_type_is_array() because its element (array->type)
533 * refers to another type. Array can be thought of a
534 * special case of struct while array just has the same
535 * member-type repeated by array->nelems of times.
537 static bool btf_type_needs_resolve(const struct btf_type *t)
539 return btf_type_is_modifier(t) ||
540 btf_type_is_ptr(t) ||
541 btf_type_is_struct(t) ||
542 btf_type_is_array(t) ||
543 btf_type_is_var(t) ||
544 btf_type_is_datasec(t);
547 /* t->size can be used */
548 static bool btf_type_has_size(const struct btf_type *t)
550 switch (BTF_INFO_KIND(t->info)) {
552 case BTF_KIND_STRUCT:
555 case BTF_KIND_DATASEC:
562 static const char *btf_int_encoding_str(u8 encoding)
566 else if (encoding == BTF_INT_SIGNED)
568 else if (encoding == BTF_INT_CHAR)
570 else if (encoding == BTF_INT_BOOL)
576 static u32 btf_type_int(const struct btf_type *t)
578 return *(u32 *)(t + 1);
581 static const struct btf_array *btf_type_array(const struct btf_type *t)
583 return (const struct btf_array *)(t + 1);
586 static const struct btf_enum *btf_type_enum(const struct btf_type *t)
588 return (const struct btf_enum *)(t + 1);
591 static const struct btf_var *btf_type_var(const struct btf_type *t)
593 return (const struct btf_var *)(t + 1);
596 static const struct btf_kind_operations *btf_type_ops(const struct btf_type *t)
598 return kind_ops[BTF_INFO_KIND(t->info)];
601 static bool btf_name_offset_valid(const struct btf *btf, u32 offset)
603 return BTF_STR_OFFSET_VALID(offset) &&
604 offset < btf->hdr.str_len;
607 static bool __btf_name_char_ok(char c, bool first, bool dot_ok)
609 if ((first ? !isalpha(c) :
612 ((c == '.' && !dot_ok) ||
618 static bool __btf_name_valid(const struct btf *btf, u32 offset, bool dot_ok)
620 /* offset must be valid */
621 const char *src = &btf->strings[offset];
622 const char *src_limit;
624 if (!__btf_name_char_ok(*src, true, dot_ok))
627 /* set a limit on identifier length */
628 src_limit = src + KSYM_NAME_LEN;
630 while (*src && src < src_limit) {
631 if (!__btf_name_char_ok(*src, false, dot_ok))
639 /* Only C-style identifier is permitted. This can be relaxed if
642 static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
644 return __btf_name_valid(btf, offset, false);
647 static bool btf_name_valid_section(const struct btf *btf, u32 offset)
649 return __btf_name_valid(btf, offset, true);
652 static const char *__btf_name_by_offset(const struct btf *btf, u32 offset)
656 else if (offset < btf->hdr.str_len)
657 return &btf->strings[offset];
659 return "(invalid-name-offset)";
662 const char *btf_name_by_offset(const struct btf *btf, u32 offset)
664 if (offset < btf->hdr.str_len)
665 return &btf->strings[offset];
670 const struct btf_type *btf_type_by_id(const struct btf *btf, u32 type_id)
672 if (type_id > btf->nr_types)
675 return btf->types[type_id];
679 * Regular int is not a bit field and it must be either
680 * u8/u16/u32/u64 or __int128.
682 static bool btf_type_int_is_regular(const struct btf_type *t)
684 u8 nr_bits, nr_bytes;
687 int_data = btf_type_int(t);
688 nr_bits = BTF_INT_BITS(int_data);
689 nr_bytes = BITS_ROUNDUP_BYTES(nr_bits);
690 if (BITS_PER_BYTE_MASKED(nr_bits) ||
691 BTF_INT_OFFSET(int_data) ||
692 (nr_bytes != sizeof(u8) && nr_bytes != sizeof(u16) &&
693 nr_bytes != sizeof(u32) && nr_bytes != sizeof(u64) &&
694 nr_bytes != (2 * sizeof(u64)))) {
702 * Check that given struct member is a regular int with expected
705 bool btf_member_is_reg_int(const struct btf *btf, const struct btf_type *s,
706 const struct btf_member *m,
707 u32 expected_offset, u32 expected_size)
709 const struct btf_type *t;
714 t = btf_type_id_size(btf, &id, NULL);
715 if (!t || !btf_type_is_int(t))
718 int_data = btf_type_int(t);
719 nr_bits = BTF_INT_BITS(int_data);
720 if (btf_type_kflag(s)) {
721 u32 bitfield_size = BTF_MEMBER_BITFIELD_SIZE(m->offset);
722 u32 bit_offset = BTF_MEMBER_BIT_OFFSET(m->offset);
724 /* if kflag set, int should be a regular int and
725 * bit offset should be at byte boundary.
727 return !bitfield_size &&
728 BITS_ROUNDUP_BYTES(bit_offset) == expected_offset &&
729 BITS_ROUNDUP_BYTES(nr_bits) == expected_size;
732 if (BTF_INT_OFFSET(int_data) ||
733 BITS_PER_BYTE_MASKED(m->offset) ||
734 BITS_ROUNDUP_BYTES(m->offset) != expected_offset ||
735 BITS_PER_BYTE_MASKED(nr_bits) ||
736 BITS_ROUNDUP_BYTES(nr_bits) != expected_size)
742 /* Similar to btf_type_skip_modifiers() but does not skip typedefs. */
743 static const struct btf_type *btf_type_skip_qualifiers(const struct btf *btf,
746 const struct btf_type *t = btf_type_by_id(btf, id);
748 while (btf_type_is_modifier(t) &&
749 BTF_INFO_KIND(t->info) != BTF_KIND_TYPEDEF) {
751 t = btf_type_by_id(btf, t->type);
757 #define BTF_SHOW_MAX_ITER 10
759 #define BTF_KIND_BIT(kind) (1ULL << kind)
762 * Populate show->state.name with type name information.
763 * Format of type name is
765 * [.member_name = ] (type_name)
767 static const char *btf_show_name(struct btf_show *show)
769 /* BTF_MAX_ITER array suffixes "[]" */
770 const char *array_suffixes = "[][][][][][][][][][]";
771 const char *array_suffix = &array_suffixes[strlen(array_suffixes)];
772 /* BTF_MAX_ITER pointer suffixes "*" */
773 const char *ptr_suffixes = "**********";
774 const char *ptr_suffix = &ptr_suffixes[strlen(ptr_suffixes)];
775 const char *name = NULL, *prefix = "", *parens = "";
776 const struct btf_member *m = show->state.member;
777 const struct btf_type *t = show->state.type;
778 const struct btf_array *array;
779 u32 id = show->state.type_id;
780 const char *member = NULL;
781 bool show_member = false;
785 show->state.name[0] = '\0';
788 * Don't show type name if we're showing an array member;
789 * in that case we show the array type so don't need to repeat
790 * ourselves for each member.
792 if (show->state.array_member)
795 /* Retrieve member name, if any. */
797 member = btf_name_by_offset(show->btf, m->name_off);
798 show_member = strlen(member) > 0;
803 * Start with type_id, as we have resolved the struct btf_type *
804 * via btf_modifier_show() past the parent typedef to the child
805 * struct, int etc it is defined as. In such cases, the type_id
806 * still represents the starting type while the struct btf_type *
807 * in our show->state points at the resolved type of the typedef.
809 t = btf_type_by_id(show->btf, id);
814 * The goal here is to build up the right number of pointer and
815 * array suffixes while ensuring the type name for a typedef
816 * is represented. Along the way we accumulate a list of
817 * BTF kinds we have encountered, since these will inform later
818 * display; for example, pointer types will not require an
819 * opening "{" for struct, we will just display the pointer value.
821 * We also want to accumulate the right number of pointer or array
822 * indices in the format string while iterating until we get to
823 * the typedef/pointee/array member target type.
825 * We start by pointing at the end of pointer and array suffix
826 * strings; as we accumulate pointers and arrays we move the pointer
827 * or array string backwards so it will show the expected number of
828 * '*' or '[]' for the type. BTF_SHOW_MAX_ITER of nesting of pointers
829 * and/or arrays and typedefs are supported as a precaution.
831 * We also want to get typedef name while proceeding to resolve
832 * type it points to so that we can add parentheses if it is a
833 * "typedef struct" etc.
835 for (i = 0; i < BTF_SHOW_MAX_ITER; i++) {
837 switch (BTF_INFO_KIND(t->info)) {
838 case BTF_KIND_TYPEDEF:
840 name = btf_name_by_offset(show->btf,
842 kinds |= BTF_KIND_BIT(BTF_KIND_TYPEDEF);
846 kinds |= BTF_KIND_BIT(BTF_KIND_ARRAY);
850 array = btf_type_array(t);
851 if (array_suffix > array_suffixes)
856 kinds |= BTF_KIND_BIT(BTF_KIND_PTR);
857 if (ptr_suffix > ptr_suffixes)
867 t = btf_type_skip_qualifiers(show->btf, id);
869 /* We may not be able to represent this type; bail to be safe */
870 if (i == BTF_SHOW_MAX_ITER)
874 name = btf_name_by_offset(show->btf, t->name_off);
876 switch (BTF_INFO_KIND(t->info)) {
877 case BTF_KIND_STRUCT:
879 prefix = BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT ?
881 /* if it's an array of struct/union, parens is already set */
882 if (!(kinds & (BTF_KIND_BIT(BTF_KIND_ARRAY))))
892 /* pointer does not require parens */
893 if (kinds & BTF_KIND_BIT(BTF_KIND_PTR))
895 /* typedef does not require struct/union/enum prefix */
896 if (kinds & BTF_KIND_BIT(BTF_KIND_TYPEDEF))
902 /* Even if we don't want type name info, we want parentheses etc */
903 if (show->flags & BTF_SHOW_NONAME)
904 snprintf(show->state.name, sizeof(show->state.name), "%s",
907 snprintf(show->state.name, sizeof(show->state.name),
908 "%s%s%s(%s%s%s%s%s%s)%s",
909 /* first 3 strings comprise ".member = " */
910 show_member ? "." : "",
911 show_member ? member : "",
912 show_member ? " = " : "",
913 /* ...next is our prefix (struct, enum, etc) */
915 strlen(prefix) > 0 && strlen(name) > 0 ? " " : "",
916 /* ...this is the type name itself */
918 /* ...suffixed by the appropriate '*', '[]' suffixes */
919 strlen(ptr_suffix) > 0 ? " " : "", ptr_suffix,
920 array_suffix, parens);
922 return show->state.name;
925 static const char *__btf_show_indent(struct btf_show *show)
927 const char *indents = " ";
928 const char *indent = &indents[strlen(indents)];
930 if ((indent - show->state.depth) >= indents)
931 return indent - show->state.depth;
935 static const char *btf_show_indent(struct btf_show *show)
937 return show->flags & BTF_SHOW_COMPACT ? "" : __btf_show_indent(show);
940 static const char *btf_show_newline(struct btf_show *show)
942 return show->flags & BTF_SHOW_COMPACT ? "" : "\n";
945 static const char *btf_show_delim(struct btf_show *show)
947 if (show->state.depth == 0)
950 if ((show->flags & BTF_SHOW_COMPACT) && show->state.type &&
951 BTF_INFO_KIND(show->state.type->info) == BTF_KIND_UNION)
957 __printf(2, 3) static void btf_show(struct btf_show *show, const char *fmt, ...)
961 if (!show->state.depth_check) {
963 show->showfn(show, fmt, args);
968 /* Macros are used here as btf_show_type_value[s]() prepends and appends
969 * format specifiers to the format specifier passed in; these do the work of
970 * adding indentation, delimiters etc while the caller simply has to specify
971 * the type value(s) in the format specifier + value(s).
973 #define btf_show_type_value(show, fmt, value) \
975 if ((value) != 0 || (show->flags & BTF_SHOW_ZERO) || \
976 show->state.depth == 0) { \
977 btf_show(show, "%s%s" fmt "%s%s", \
978 btf_show_indent(show), \
979 btf_show_name(show), \
980 value, btf_show_delim(show), \
981 btf_show_newline(show)); \
982 if (show->state.depth > show->state.depth_to_show) \
983 show->state.depth_to_show = show->state.depth; \
987 #define btf_show_type_values(show, fmt, ...) \
989 btf_show(show, "%s%s" fmt "%s%s", btf_show_indent(show), \
990 btf_show_name(show), \
991 __VA_ARGS__, btf_show_delim(show), \
992 btf_show_newline(show)); \
993 if (show->state.depth > show->state.depth_to_show) \
994 show->state.depth_to_show = show->state.depth; \
997 /* How much is left to copy to safe buffer after @data? */
998 static int btf_show_obj_size_left(struct btf_show *show, void *data)
1000 return show->obj.head + show->obj.size - data;
1003 /* Is object pointed to by @data of @size already copied to our safe buffer? */
1004 static bool btf_show_obj_is_safe(struct btf_show *show, void *data, int size)
1006 return data >= show->obj.data &&
1007 (data + size) < (show->obj.data + BTF_SHOW_OBJ_SAFE_SIZE);
1011 * If object pointed to by @data of @size falls within our safe buffer, return
1012 * the equivalent pointer to the same safe data. Assumes
1013 * copy_from_kernel_nofault() has already happened and our safe buffer is
1016 static void *__btf_show_obj_safe(struct btf_show *show, void *data, int size)
1018 if (btf_show_obj_is_safe(show, data, size))
1019 return show->obj.safe + (data - show->obj.data);
1024 * Return a safe-to-access version of data pointed to by @data.
1025 * We do this by copying the relevant amount of information
1026 * to the struct btf_show obj.safe buffer using copy_from_kernel_nofault().
1028 * If BTF_SHOW_UNSAFE is specified, just return data as-is; no
1029 * safe copy is needed.
1031 * Otherwise we need to determine if we have the required amount
1032 * of data (determined by the @data pointer and the size of the
1033 * largest base type we can encounter (represented by
1034 * BTF_SHOW_OBJ_BASE_TYPE_SIZE). Having that much data ensures
1035 * that we will be able to print some of the current object,
1036 * and if more is needed a copy will be triggered.
1037 * Some objects such as structs will not fit into the buffer;
1038 * in such cases additional copies when we iterate over their
1039 * members may be needed.
1041 * btf_show_obj_safe() is used to return a safe buffer for
1042 * btf_show_start_type(); this ensures that as we recurse into
1043 * nested types we always have safe data for the given type.
1044 * This approach is somewhat wasteful; it's possible for example
1045 * that when iterating over a large union we'll end up copying the
1046 * same data repeatedly, but the goal is safety not performance.
1047 * We use stack data as opposed to per-CPU buffers because the
1048 * iteration over a type can take some time, and preemption handling
1049 * would greatly complicate use of the safe buffer.
1051 static void *btf_show_obj_safe(struct btf_show *show,
1052 const struct btf_type *t,
1055 const struct btf_type *rt;
1056 int size_left, size;
1059 if (show->flags & BTF_SHOW_UNSAFE)
1062 rt = btf_resolve_size(show->btf, t, &size);
1064 show->state.status = PTR_ERR(rt);
1069 * Is this toplevel object? If so, set total object size and
1070 * initialize pointers. Otherwise check if we still fall within
1071 * our safe object data.
1073 if (show->state.depth == 0) {
1074 show->obj.size = size;
1075 show->obj.head = data;
1078 * If the size of the current object is > our remaining
1079 * safe buffer we _may_ need to do a new copy. However
1080 * consider the case of a nested struct; it's size pushes
1081 * us over the safe buffer limit, but showing any individual
1082 * struct members does not. In such cases, we don't need
1083 * to initiate a fresh copy yet; however we definitely need
1084 * at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes left
1085 * in our buffer, regardless of the current object size.
1086 * The logic here is that as we resolve types we will
1087 * hit a base type at some point, and we need to be sure
1088 * the next chunk of data is safely available to display
1089 * that type info safely. We cannot rely on the size of
1090 * the current object here because it may be much larger
1091 * than our current buffer (e.g. task_struct is 8k).
1092 * All we want to do here is ensure that we can print the
1093 * next basic type, which we can if either
1094 * - the current type size is within the safe buffer; or
1095 * - at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes are left in
1098 safe = __btf_show_obj_safe(show, data,
1100 BTF_SHOW_OBJ_BASE_TYPE_SIZE));
1104 * We need a new copy to our safe object, either because we haven't
1105 * yet copied and are intializing safe data, or because the data
1106 * we want falls outside the boundaries of the safe object.
1109 size_left = btf_show_obj_size_left(show, data);
1110 if (size_left > BTF_SHOW_OBJ_SAFE_SIZE)
1111 size_left = BTF_SHOW_OBJ_SAFE_SIZE;
1112 show->state.status = copy_from_kernel_nofault(show->obj.safe,
1114 if (!show->state.status) {
1115 show->obj.data = data;
1116 safe = show->obj.safe;
1124 * Set the type we are starting to show and return a safe data pointer
1125 * to be used for showing the associated data.
1127 static void *btf_show_start_type(struct btf_show *show,
1128 const struct btf_type *t,
1129 u32 type_id, void *data)
1131 show->state.type = t;
1132 show->state.type_id = type_id;
1133 show->state.name[0] = '\0';
1135 return btf_show_obj_safe(show, t, data);
1138 static void btf_show_end_type(struct btf_show *show)
1140 show->state.type = NULL;
1141 show->state.type_id = 0;
1142 show->state.name[0] = '\0';
1145 static void *btf_show_start_aggr_type(struct btf_show *show,
1146 const struct btf_type *t,
1147 u32 type_id, void *data)
1149 void *safe_data = btf_show_start_type(show, t, type_id, data);
1154 btf_show(show, "%s%s%s", btf_show_indent(show),
1155 btf_show_name(show),
1156 btf_show_newline(show));
1157 show->state.depth++;
1161 static void btf_show_end_aggr_type(struct btf_show *show,
1164 show->state.depth--;
1165 btf_show(show, "%s%s%s%s", btf_show_indent(show), suffix,
1166 btf_show_delim(show), btf_show_newline(show));
1167 btf_show_end_type(show);
1170 static void btf_show_start_member(struct btf_show *show,
1171 const struct btf_member *m)
1173 show->state.member = m;
1176 static void btf_show_start_array_member(struct btf_show *show)
1178 show->state.array_member = 1;
1179 btf_show_start_member(show, NULL);
1182 static void btf_show_end_member(struct btf_show *show)
1184 show->state.member = NULL;
1187 static void btf_show_end_array_member(struct btf_show *show)
1189 show->state.array_member = 0;
1190 btf_show_end_member(show);
1193 static void *btf_show_start_array_type(struct btf_show *show,
1194 const struct btf_type *t,
1199 show->state.array_encoding = array_encoding;
1200 show->state.array_terminated = 0;
1201 return btf_show_start_aggr_type(show, t, type_id, data);
1204 static void btf_show_end_array_type(struct btf_show *show)
1206 show->state.array_encoding = 0;
1207 show->state.array_terminated = 0;
1208 btf_show_end_aggr_type(show, "]");
1211 static void *btf_show_start_struct_type(struct btf_show *show,
1212 const struct btf_type *t,
1216 return btf_show_start_aggr_type(show, t, type_id, data);
1219 static void btf_show_end_struct_type(struct btf_show *show)
1221 btf_show_end_aggr_type(show, "}");
1224 __printf(2, 3) static void __btf_verifier_log(struct bpf_verifier_log *log,
1225 const char *fmt, ...)
1229 va_start(args, fmt);
1230 bpf_verifier_vlog(log, fmt, args);
1234 __printf(2, 3) static void btf_verifier_log(struct btf_verifier_env *env,
1235 const char *fmt, ...)
1237 struct bpf_verifier_log *log = &env->log;
1240 if (!bpf_verifier_log_needed(log))
1243 va_start(args, fmt);
1244 bpf_verifier_vlog(log, fmt, args);
1248 __printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,
1249 const struct btf_type *t,
1251 const char *fmt, ...)
1253 struct bpf_verifier_log *log = &env->log;
1254 u8 kind = BTF_INFO_KIND(t->info);
1255 struct btf *btf = env->btf;
1258 if (!bpf_verifier_log_needed(log))
1261 /* btf verifier prints all types it is processing via
1262 * btf_verifier_log_type(..., fmt = NULL).
1263 * Skip those prints for in-kernel BTF verification.
1265 if (log->level == BPF_LOG_KERNEL && !fmt)
1268 __btf_verifier_log(log, "[%u] %s %s%s",
1271 __btf_name_by_offset(btf, t->name_off),
1272 log_details ? " " : "");
1275 btf_type_ops(t)->log_details(env, t);
1278 __btf_verifier_log(log, " ");
1279 va_start(args, fmt);
1280 bpf_verifier_vlog(log, fmt, args);
1284 __btf_verifier_log(log, "\n");
1287 #define btf_verifier_log_type(env, t, ...) \
1288 __btf_verifier_log_type((env), (t), true, __VA_ARGS__)
1289 #define btf_verifier_log_basic(env, t, ...) \
1290 __btf_verifier_log_type((env), (t), false, __VA_ARGS__)
1293 static void btf_verifier_log_member(struct btf_verifier_env *env,
1294 const struct btf_type *struct_type,
1295 const struct btf_member *member,
1296 const char *fmt, ...)
1298 struct bpf_verifier_log *log = &env->log;
1299 struct btf *btf = env->btf;
1302 if (!bpf_verifier_log_needed(log))
1305 if (log->level == BPF_LOG_KERNEL && !fmt)
1307 /* The CHECK_META phase already did a btf dump.
1309 * If member is logged again, it must hit an error in
1310 * parsing this member. It is useful to print out which
1311 * struct this member belongs to.
1313 if (env->phase != CHECK_META)
1314 btf_verifier_log_type(env, struct_type, NULL);
1316 if (btf_type_kflag(struct_type))
1317 __btf_verifier_log(log,
1318 "\t%s type_id=%u bitfield_size=%u bits_offset=%u",
1319 __btf_name_by_offset(btf, member->name_off),
1321 BTF_MEMBER_BITFIELD_SIZE(member->offset),
1322 BTF_MEMBER_BIT_OFFSET(member->offset));
1324 __btf_verifier_log(log, "\t%s type_id=%u bits_offset=%u",
1325 __btf_name_by_offset(btf, member->name_off),
1326 member->type, member->offset);
1329 __btf_verifier_log(log, " ");
1330 va_start(args, fmt);
1331 bpf_verifier_vlog(log, fmt, args);
1335 __btf_verifier_log(log, "\n");
1339 static void btf_verifier_log_vsi(struct btf_verifier_env *env,
1340 const struct btf_type *datasec_type,
1341 const struct btf_var_secinfo *vsi,
1342 const char *fmt, ...)
1344 struct bpf_verifier_log *log = &env->log;
1347 if (!bpf_verifier_log_needed(log))
1349 if (log->level == BPF_LOG_KERNEL && !fmt)
1351 if (env->phase != CHECK_META)
1352 btf_verifier_log_type(env, datasec_type, NULL);
1354 __btf_verifier_log(log, "\t type_id=%u offset=%u size=%u",
1355 vsi->type, vsi->offset, vsi->size);
1357 __btf_verifier_log(log, " ");
1358 va_start(args, fmt);
1359 bpf_verifier_vlog(log, fmt, args);
1363 __btf_verifier_log(log, "\n");
1366 static void btf_verifier_log_hdr(struct btf_verifier_env *env,
1369 struct bpf_verifier_log *log = &env->log;
1370 const struct btf *btf = env->btf;
1371 const struct btf_header *hdr;
1373 if (!bpf_verifier_log_needed(log))
1376 if (log->level == BPF_LOG_KERNEL)
1379 __btf_verifier_log(log, "magic: 0x%x\n", hdr->magic);
1380 __btf_verifier_log(log, "version: %u\n", hdr->version);
1381 __btf_verifier_log(log, "flags: 0x%x\n", hdr->flags);
1382 __btf_verifier_log(log, "hdr_len: %u\n", hdr->hdr_len);
1383 __btf_verifier_log(log, "type_off: %u\n", hdr->type_off);
1384 __btf_verifier_log(log, "type_len: %u\n", hdr->type_len);
1385 __btf_verifier_log(log, "str_off: %u\n", hdr->str_off);
1386 __btf_verifier_log(log, "str_len: %u\n", hdr->str_len);
1387 __btf_verifier_log(log, "btf_total_size: %u\n", btf_data_size);
1390 static int btf_add_type(struct btf_verifier_env *env, struct btf_type *t)
1392 struct btf *btf = env->btf;
1394 /* < 2 because +1 for btf_void which is always in btf->types[0].
1395 * btf_void is not accounted in btf->nr_types because btf_void
1396 * does not come from the BTF file.
1398 if (btf->types_size - btf->nr_types < 2) {
1399 /* Expand 'types' array */
1401 struct btf_type **new_types;
1402 u32 expand_by, new_size;
1404 if (btf->types_size == BTF_MAX_TYPE) {
1405 btf_verifier_log(env, "Exceeded max num of types");
1409 expand_by = max_t(u32, btf->types_size >> 2, 16);
1410 new_size = min_t(u32, BTF_MAX_TYPE,
1411 btf->types_size + expand_by);
1413 new_types = kvcalloc(new_size, sizeof(*new_types),
1414 GFP_KERNEL | __GFP_NOWARN);
1418 if (btf->nr_types == 0)
1419 new_types[0] = &btf_void;
1421 memcpy(new_types, btf->types,
1422 sizeof(*btf->types) * (btf->nr_types + 1));
1425 btf->types = new_types;
1426 btf->types_size = new_size;
1429 btf->types[++(btf->nr_types)] = t;
1434 static int btf_alloc_id(struct btf *btf)
1438 idr_preload(GFP_KERNEL);
1439 spin_lock_bh(&btf_idr_lock);
1440 id = idr_alloc_cyclic(&btf_idr, btf, 1, INT_MAX, GFP_ATOMIC);
1443 spin_unlock_bh(&btf_idr_lock);
1446 if (WARN_ON_ONCE(!id))
1449 return id > 0 ? 0 : id;
1452 static void btf_free_id(struct btf *btf)
1454 unsigned long flags;
1457 * In map-in-map, calling map_delete_elem() on outer
1458 * map will call bpf_map_put on the inner map.
1459 * It will then eventually call btf_free_id()
1460 * on the inner map. Some of the map_delete_elem()
1461 * implementation may have irq disabled, so
1462 * we need to use the _irqsave() version instead
1463 * of the _bh() version.
1465 spin_lock_irqsave(&btf_idr_lock, flags);
1466 idr_remove(&btf_idr, btf->id);
1467 spin_unlock_irqrestore(&btf_idr_lock, flags);
1470 static void btf_free(struct btf *btf)
1473 kvfree(btf->resolved_sizes);
1474 kvfree(btf->resolved_ids);
1479 static void btf_free_rcu(struct rcu_head *rcu)
1481 struct btf *btf = container_of(rcu, struct btf, rcu);
1486 void btf_put(struct btf *btf)
1488 if (btf && refcount_dec_and_test(&btf->refcnt)) {
1490 call_rcu(&btf->rcu, btf_free_rcu);
1494 static int env_resolve_init(struct btf_verifier_env *env)
1496 struct btf *btf = env->btf;
1497 u32 nr_types = btf->nr_types;
1498 u32 *resolved_sizes = NULL;
1499 u32 *resolved_ids = NULL;
1500 u8 *visit_states = NULL;
1502 /* +1 for btf_void */
1503 resolved_sizes = kvcalloc(nr_types + 1, sizeof(*resolved_sizes),
1504 GFP_KERNEL | __GFP_NOWARN);
1505 if (!resolved_sizes)
1508 resolved_ids = kvcalloc(nr_types + 1, sizeof(*resolved_ids),
1509 GFP_KERNEL | __GFP_NOWARN);
1513 visit_states = kvcalloc(nr_types + 1, sizeof(*visit_states),
1514 GFP_KERNEL | __GFP_NOWARN);
1518 btf->resolved_sizes = resolved_sizes;
1519 btf->resolved_ids = resolved_ids;
1520 env->visit_states = visit_states;
1525 kvfree(resolved_sizes);
1526 kvfree(resolved_ids);
1527 kvfree(visit_states);
1531 static void btf_verifier_env_free(struct btf_verifier_env *env)
1533 kvfree(env->visit_states);
1537 static bool env_type_is_resolve_sink(const struct btf_verifier_env *env,
1538 const struct btf_type *next_type)
1540 switch (env->resolve_mode) {
1542 /* int, enum or void is a sink */
1543 return !btf_type_needs_resolve(next_type);
1545 /* int, enum, void, struct, array, func or func_proto is a sink
1548 return !btf_type_is_modifier(next_type) &&
1549 !btf_type_is_ptr(next_type);
1550 case RESOLVE_STRUCT_OR_ARRAY:
1551 /* int, enum, void, ptr, func or func_proto is a sink
1552 * for struct and array
1554 return !btf_type_is_modifier(next_type) &&
1555 !btf_type_is_array(next_type) &&
1556 !btf_type_is_struct(next_type);
1562 static bool env_type_is_resolved(const struct btf_verifier_env *env,
1565 return env->visit_states[type_id] == RESOLVED;
1568 static int env_stack_push(struct btf_verifier_env *env,
1569 const struct btf_type *t, u32 type_id)
1571 struct resolve_vertex *v;
1573 if (env->top_stack == MAX_RESOLVE_DEPTH)
1576 if (env->visit_states[type_id] != NOT_VISITED)
1579 env->visit_states[type_id] = VISITED;
1581 v = &env->stack[env->top_stack++];
1583 v->type_id = type_id;
1586 if (env->resolve_mode == RESOLVE_TBD) {
1587 if (btf_type_is_ptr(t))
1588 env->resolve_mode = RESOLVE_PTR;
1589 else if (btf_type_is_struct(t) || btf_type_is_array(t))
1590 env->resolve_mode = RESOLVE_STRUCT_OR_ARRAY;
1596 static void env_stack_set_next_member(struct btf_verifier_env *env,
1599 env->stack[env->top_stack - 1].next_member = next_member;
1602 static void env_stack_pop_resolved(struct btf_verifier_env *env,
1603 u32 resolved_type_id,
1606 u32 type_id = env->stack[--(env->top_stack)].type_id;
1607 struct btf *btf = env->btf;
1609 btf->resolved_sizes[type_id] = resolved_size;
1610 btf->resolved_ids[type_id] = resolved_type_id;
1611 env->visit_states[type_id] = RESOLVED;
1614 static const struct resolve_vertex *env_stack_peak(struct btf_verifier_env *env)
1616 return env->top_stack ? &env->stack[env->top_stack - 1] : NULL;
1619 /* Resolve the size of a passed-in "type"
1621 * type: is an array (e.g. u32 array[x][y])
1622 * return type: type "u32[x][y]", i.e. BTF_KIND_ARRAY,
1623 * *type_size: (x * y * sizeof(u32)). Hence, *type_size always
1624 * corresponds to the return type.
1626 * *elem_id: id of u32
1627 * *total_nelems: (x * y). Hence, individual elem size is
1628 * (*type_size / *total_nelems)
1629 * *type_id: id of type if it's changed within the function, 0 if not
1631 * type: is not an array (e.g. const struct X)
1632 * return type: type "struct X"
1633 * *type_size: sizeof(struct X)
1634 * *elem_type: same as return type ("struct X")
1637 * *type_id: id of type if it's changed within the function, 0 if not
1639 static const struct btf_type *
1640 __btf_resolve_size(const struct btf *btf, const struct btf_type *type,
1641 u32 *type_size, const struct btf_type **elem_type,
1642 u32 *elem_id, u32 *total_nelems, u32 *type_id)
1644 const struct btf_type *array_type = NULL;
1645 const struct btf_array *array = NULL;
1646 u32 i, size, nelems = 1, id = 0;
1648 for (i = 0; i < MAX_RESOLVE_DEPTH; i++) {
1649 switch (BTF_INFO_KIND(type->info)) {
1650 /* type->size can be used */
1652 case BTF_KIND_STRUCT:
1653 case BTF_KIND_UNION:
1659 size = sizeof(void *);
1663 case BTF_KIND_TYPEDEF:
1664 case BTF_KIND_VOLATILE:
1665 case BTF_KIND_CONST:
1666 case BTF_KIND_RESTRICT:
1668 type = btf_type_by_id(btf, type->type);
1671 case BTF_KIND_ARRAY:
1674 array = btf_type_array(type);
1675 if (nelems && array->nelems > U32_MAX / nelems)
1676 return ERR_PTR(-EINVAL);
1677 nelems *= array->nelems;
1678 type = btf_type_by_id(btf, array->type);
1681 /* type without size */
1683 return ERR_PTR(-EINVAL);
1687 return ERR_PTR(-EINVAL);
1690 if (nelems && size > U32_MAX / nelems)
1691 return ERR_PTR(-EINVAL);
1693 *type_size = nelems * size;
1695 *total_nelems = nelems;
1699 *elem_id = array ? array->type : 0;
1703 return array_type ? : type;
1706 const struct btf_type *
1707 btf_resolve_size(const struct btf *btf, const struct btf_type *type,
1710 return __btf_resolve_size(btf, type, type_size, NULL, NULL, NULL, NULL);
1713 /* The input param "type_id" must point to a needs_resolve type */
1714 static const struct btf_type *btf_type_id_resolve(const struct btf *btf,
1717 *type_id = btf->resolved_ids[*type_id];
1718 return btf_type_by_id(btf, *type_id);
1721 const struct btf_type *btf_type_id_size(const struct btf *btf,
1722 u32 *type_id, u32 *ret_size)
1724 const struct btf_type *size_type;
1725 u32 size_type_id = *type_id;
1728 size_type = btf_type_by_id(btf, size_type_id);
1729 if (btf_type_nosize_or_null(size_type))
1732 if (btf_type_has_size(size_type)) {
1733 size = size_type->size;
1734 } else if (btf_type_is_array(size_type)) {
1735 size = btf->resolved_sizes[size_type_id];
1736 } else if (btf_type_is_ptr(size_type)) {
1737 size = sizeof(void *);
1739 if (WARN_ON_ONCE(!btf_type_is_modifier(size_type) &&
1740 !btf_type_is_var(size_type)))
1743 size_type_id = btf->resolved_ids[size_type_id];
1744 size_type = btf_type_by_id(btf, size_type_id);
1745 if (btf_type_nosize_or_null(size_type))
1747 else if (btf_type_has_size(size_type))
1748 size = size_type->size;
1749 else if (btf_type_is_array(size_type))
1750 size = btf->resolved_sizes[size_type_id];
1751 else if (btf_type_is_ptr(size_type))
1752 size = sizeof(void *);
1757 *type_id = size_type_id;
1764 static int btf_df_check_member(struct btf_verifier_env *env,
1765 const struct btf_type *struct_type,
1766 const struct btf_member *member,
1767 const struct btf_type *member_type)
1769 btf_verifier_log_basic(env, struct_type,
1770 "Unsupported check_member");
1774 static int btf_df_check_kflag_member(struct btf_verifier_env *env,
1775 const struct btf_type *struct_type,
1776 const struct btf_member *member,
1777 const struct btf_type *member_type)
1779 btf_verifier_log_basic(env, struct_type,
1780 "Unsupported check_kflag_member");
1784 /* Used for ptr, array and struct/union type members.
1785 * int, enum and modifier types have their specific callback functions.
1787 static int btf_generic_check_kflag_member(struct btf_verifier_env *env,
1788 const struct btf_type *struct_type,
1789 const struct btf_member *member,
1790 const struct btf_type *member_type)
1792 if (BTF_MEMBER_BITFIELD_SIZE(member->offset)) {
1793 btf_verifier_log_member(env, struct_type, member,
1794 "Invalid member bitfield_size");
1798 /* bitfield size is 0, so member->offset represents bit offset only.
1799 * It is safe to call non kflag check_member variants.
1801 return btf_type_ops(member_type)->check_member(env, struct_type,
1806 static int btf_df_resolve(struct btf_verifier_env *env,
1807 const struct resolve_vertex *v)
1809 btf_verifier_log_basic(env, v->t, "Unsupported resolve");
1813 static void btf_df_show(const struct btf *btf, const struct btf_type *t,
1814 u32 type_id, void *data, u8 bits_offsets,
1815 struct btf_show *show)
1817 btf_show(show, "<unsupported kind:%u>", BTF_INFO_KIND(t->info));
1820 static int btf_int_check_member(struct btf_verifier_env *env,
1821 const struct btf_type *struct_type,
1822 const struct btf_member *member,
1823 const struct btf_type *member_type)
1825 u32 int_data = btf_type_int(member_type);
1826 u32 struct_bits_off = member->offset;
1827 u32 struct_size = struct_type->size;
1831 if (U32_MAX - struct_bits_off < BTF_INT_OFFSET(int_data)) {
1832 btf_verifier_log_member(env, struct_type, member,
1833 "bits_offset exceeds U32_MAX");
1837 struct_bits_off += BTF_INT_OFFSET(int_data);
1838 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1839 nr_copy_bits = BTF_INT_BITS(int_data) +
1840 BITS_PER_BYTE_MASKED(struct_bits_off);
1842 if (nr_copy_bits > BITS_PER_U128) {
1843 btf_verifier_log_member(env, struct_type, member,
1844 "nr_copy_bits exceeds 128");
1848 if (struct_size < bytes_offset ||
1849 struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
1850 btf_verifier_log_member(env, struct_type, member,
1851 "Member exceeds struct_size");
1858 static int btf_int_check_kflag_member(struct btf_verifier_env *env,
1859 const struct btf_type *struct_type,
1860 const struct btf_member *member,
1861 const struct btf_type *member_type)
1863 u32 struct_bits_off, nr_bits, nr_int_data_bits, bytes_offset;
1864 u32 int_data = btf_type_int(member_type);
1865 u32 struct_size = struct_type->size;
1868 /* a regular int type is required for the kflag int member */
1869 if (!btf_type_int_is_regular(member_type)) {
1870 btf_verifier_log_member(env, struct_type, member,
1871 "Invalid member base type");
1875 /* check sanity of bitfield size */
1876 nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
1877 struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
1878 nr_int_data_bits = BTF_INT_BITS(int_data);
1880 /* Not a bitfield member, member offset must be at byte
1883 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
1884 btf_verifier_log_member(env, struct_type, member,
1885 "Invalid member offset");
1889 nr_bits = nr_int_data_bits;
1890 } else if (nr_bits > nr_int_data_bits) {
1891 btf_verifier_log_member(env, struct_type, member,
1892 "Invalid member bitfield_size");
1896 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1897 nr_copy_bits = nr_bits + BITS_PER_BYTE_MASKED(struct_bits_off);
1898 if (nr_copy_bits > BITS_PER_U128) {
1899 btf_verifier_log_member(env, struct_type, member,
1900 "nr_copy_bits exceeds 128");
1904 if (struct_size < bytes_offset ||
1905 struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
1906 btf_verifier_log_member(env, struct_type, member,
1907 "Member exceeds struct_size");
1914 static s32 btf_int_check_meta(struct btf_verifier_env *env,
1915 const struct btf_type *t,
1918 u32 int_data, nr_bits, meta_needed = sizeof(int_data);
1921 if (meta_left < meta_needed) {
1922 btf_verifier_log_basic(env, t,
1923 "meta_left:%u meta_needed:%u",
1924 meta_left, meta_needed);
1928 if (btf_type_vlen(t)) {
1929 btf_verifier_log_type(env, t, "vlen != 0");
1933 if (btf_type_kflag(t)) {
1934 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
1938 int_data = btf_type_int(t);
1939 if (int_data & ~BTF_INT_MASK) {
1940 btf_verifier_log_basic(env, t, "Invalid int_data:%x",
1945 nr_bits = BTF_INT_BITS(int_data) + BTF_INT_OFFSET(int_data);
1947 if (nr_bits > BITS_PER_U128) {
1948 btf_verifier_log_type(env, t, "nr_bits exceeds %zu",
1953 if (BITS_ROUNDUP_BYTES(nr_bits) > t->size) {
1954 btf_verifier_log_type(env, t, "nr_bits exceeds type_size");
1959 * Only one of the encoding bits is allowed and it
1960 * should be sufficient for the pretty print purpose (i.e. decoding).
1961 * Multiple bits can be allowed later if it is found
1962 * to be insufficient.
1964 encoding = BTF_INT_ENCODING(int_data);
1966 encoding != BTF_INT_SIGNED &&
1967 encoding != BTF_INT_CHAR &&
1968 encoding != BTF_INT_BOOL) {
1969 btf_verifier_log_type(env, t, "Unsupported encoding");
1973 btf_verifier_log_type(env, t, NULL);
1978 static void btf_int_log(struct btf_verifier_env *env,
1979 const struct btf_type *t)
1981 int int_data = btf_type_int(t);
1983 btf_verifier_log(env,
1984 "size=%u bits_offset=%u nr_bits=%u encoding=%s",
1985 t->size, BTF_INT_OFFSET(int_data),
1986 BTF_INT_BITS(int_data),
1987 btf_int_encoding_str(BTF_INT_ENCODING(int_data)));
1990 static void btf_int128_print(struct btf_show *show, void *data)
1992 /* data points to a __int128 number.
1994 * int128_num = *(__int128 *)data;
1995 * The below formulas shows what upper_num and lower_num represents:
1996 * upper_num = int128_num >> 64;
1997 * lower_num = int128_num & 0xffffffffFFFFFFFFULL;
1999 u64 upper_num, lower_num;
2001 #ifdef __BIG_ENDIAN_BITFIELD
2002 upper_num = *(u64 *)data;
2003 lower_num = *(u64 *)(data + 8);
2005 upper_num = *(u64 *)(data + 8);
2006 lower_num = *(u64 *)data;
2009 btf_show_type_value(show, "0x%llx", lower_num);
2011 btf_show_type_values(show, "0x%llx%016llx", upper_num,
2015 static void btf_int128_shift(u64 *print_num, u16 left_shift_bits,
2016 u16 right_shift_bits)
2018 u64 upper_num, lower_num;
2020 #ifdef __BIG_ENDIAN_BITFIELD
2021 upper_num = print_num[0];
2022 lower_num = print_num[1];
2024 upper_num = print_num[1];
2025 lower_num = print_num[0];
2028 /* shake out un-needed bits by shift/or operations */
2029 if (left_shift_bits >= 64) {
2030 upper_num = lower_num << (left_shift_bits - 64);
2033 upper_num = (upper_num << left_shift_bits) |
2034 (lower_num >> (64 - left_shift_bits));
2035 lower_num = lower_num << left_shift_bits;
2038 if (right_shift_bits >= 64) {
2039 lower_num = upper_num >> (right_shift_bits - 64);
2042 lower_num = (lower_num >> right_shift_bits) |
2043 (upper_num << (64 - right_shift_bits));
2044 upper_num = upper_num >> right_shift_bits;
2047 #ifdef __BIG_ENDIAN_BITFIELD
2048 print_num[0] = upper_num;
2049 print_num[1] = lower_num;
2051 print_num[0] = lower_num;
2052 print_num[1] = upper_num;
2056 static void btf_bitfield_show(void *data, u8 bits_offset,
2057 u8 nr_bits, struct btf_show *show)
2059 u16 left_shift_bits, right_shift_bits;
2062 u64 print_num[2] = {};
2064 nr_copy_bits = nr_bits + bits_offset;
2065 nr_copy_bytes = BITS_ROUNDUP_BYTES(nr_copy_bits);
2067 memcpy(print_num, data, nr_copy_bytes);
2069 #ifdef __BIG_ENDIAN_BITFIELD
2070 left_shift_bits = bits_offset;
2072 left_shift_bits = BITS_PER_U128 - nr_copy_bits;
2074 right_shift_bits = BITS_PER_U128 - nr_bits;
2076 btf_int128_shift(print_num, left_shift_bits, right_shift_bits);
2077 btf_int128_print(show, print_num);
2081 static void btf_int_bits_show(const struct btf *btf,
2082 const struct btf_type *t,
2083 void *data, u8 bits_offset,
2084 struct btf_show *show)
2086 u32 int_data = btf_type_int(t);
2087 u8 nr_bits = BTF_INT_BITS(int_data);
2088 u8 total_bits_offset;
2091 * bits_offset is at most 7.
2092 * BTF_INT_OFFSET() cannot exceed 128 bits.
2094 total_bits_offset = bits_offset + BTF_INT_OFFSET(int_data);
2095 data += BITS_ROUNDDOWN_BYTES(total_bits_offset);
2096 bits_offset = BITS_PER_BYTE_MASKED(total_bits_offset);
2097 btf_bitfield_show(data, bits_offset, nr_bits, show);
2100 static void btf_int_show(const struct btf *btf, const struct btf_type *t,
2101 u32 type_id, void *data, u8 bits_offset,
2102 struct btf_show *show)
2104 u32 int_data = btf_type_int(t);
2105 u8 encoding = BTF_INT_ENCODING(int_data);
2106 bool sign = encoding & BTF_INT_SIGNED;
2107 u8 nr_bits = BTF_INT_BITS(int_data);
2110 safe_data = btf_show_start_type(show, t, type_id, data);
2114 if (bits_offset || BTF_INT_OFFSET(int_data) ||
2115 BITS_PER_BYTE_MASKED(nr_bits)) {
2116 btf_int_bits_show(btf, t, safe_data, bits_offset, show);
2122 btf_int128_print(show, safe_data);
2126 btf_show_type_value(show, "%lld", *(s64 *)safe_data);
2128 btf_show_type_value(show, "%llu", *(u64 *)safe_data);
2132 btf_show_type_value(show, "%d", *(s32 *)safe_data);
2134 btf_show_type_value(show, "%u", *(u32 *)safe_data);
2138 btf_show_type_value(show, "%d", *(s16 *)safe_data);
2140 btf_show_type_value(show, "%u", *(u16 *)safe_data);
2143 if (show->state.array_encoding == BTF_INT_CHAR) {
2144 /* check for null terminator */
2145 if (show->state.array_terminated)
2147 if (*(char *)data == '\0') {
2148 show->state.array_terminated = 1;
2151 if (isprint(*(char *)data)) {
2152 btf_show_type_value(show, "'%c'",
2153 *(char *)safe_data);
2158 btf_show_type_value(show, "%d", *(s8 *)safe_data);
2160 btf_show_type_value(show, "%u", *(u8 *)safe_data);
2163 btf_int_bits_show(btf, t, safe_data, bits_offset, show);
2167 btf_show_end_type(show);
2170 static const struct btf_kind_operations int_ops = {
2171 .check_meta = btf_int_check_meta,
2172 .resolve = btf_df_resolve,
2173 .check_member = btf_int_check_member,
2174 .check_kflag_member = btf_int_check_kflag_member,
2175 .log_details = btf_int_log,
2176 .show = btf_int_show,
2179 static int btf_modifier_check_member(struct btf_verifier_env *env,
2180 const struct btf_type *struct_type,
2181 const struct btf_member *member,
2182 const struct btf_type *member_type)
2184 const struct btf_type *resolved_type;
2185 u32 resolved_type_id = member->type;
2186 struct btf_member resolved_member;
2187 struct btf *btf = env->btf;
2189 resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
2190 if (!resolved_type) {
2191 btf_verifier_log_member(env, struct_type, member,
2196 resolved_member = *member;
2197 resolved_member.type = resolved_type_id;
2199 return btf_type_ops(resolved_type)->check_member(env, struct_type,
2204 static int btf_modifier_check_kflag_member(struct btf_verifier_env *env,
2205 const struct btf_type *struct_type,
2206 const struct btf_member *member,
2207 const struct btf_type *member_type)
2209 const struct btf_type *resolved_type;
2210 u32 resolved_type_id = member->type;
2211 struct btf_member resolved_member;
2212 struct btf *btf = env->btf;
2214 resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
2215 if (!resolved_type) {
2216 btf_verifier_log_member(env, struct_type, member,
2221 resolved_member = *member;
2222 resolved_member.type = resolved_type_id;
2224 return btf_type_ops(resolved_type)->check_kflag_member(env, struct_type,
2229 static int btf_ptr_check_member(struct btf_verifier_env *env,
2230 const struct btf_type *struct_type,
2231 const struct btf_member *member,
2232 const struct btf_type *member_type)
2234 u32 struct_size, struct_bits_off, bytes_offset;
2236 struct_size = struct_type->size;
2237 struct_bits_off = member->offset;
2238 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2240 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2241 btf_verifier_log_member(env, struct_type, member,
2242 "Member is not byte aligned");
2246 if (struct_size - bytes_offset < sizeof(void *)) {
2247 btf_verifier_log_member(env, struct_type, member,
2248 "Member exceeds struct_size");
2255 static int btf_ref_type_check_meta(struct btf_verifier_env *env,
2256 const struct btf_type *t,
2259 if (btf_type_vlen(t)) {
2260 btf_verifier_log_type(env, t, "vlen != 0");
2264 if (btf_type_kflag(t)) {
2265 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
2269 if (!BTF_TYPE_ID_VALID(t->type)) {
2270 btf_verifier_log_type(env, t, "Invalid type_id");
2274 /* typedef type must have a valid name, and other ref types,
2275 * volatile, const, restrict, should have a null name.
2277 if (BTF_INFO_KIND(t->info) == BTF_KIND_TYPEDEF) {
2279 !btf_name_valid_identifier(env->btf, t->name_off)) {
2280 btf_verifier_log_type(env, t, "Invalid name");
2285 btf_verifier_log_type(env, t, "Invalid name");
2290 btf_verifier_log_type(env, t, NULL);
2295 static int btf_modifier_resolve(struct btf_verifier_env *env,
2296 const struct resolve_vertex *v)
2298 const struct btf_type *t = v->t;
2299 const struct btf_type *next_type;
2300 u32 next_type_id = t->type;
2301 struct btf *btf = env->btf;
2303 next_type = btf_type_by_id(btf, next_type_id);
2304 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2305 btf_verifier_log_type(env, v->t, "Invalid type_id");
2309 if (!env_type_is_resolve_sink(env, next_type) &&
2310 !env_type_is_resolved(env, next_type_id))
2311 return env_stack_push(env, next_type, next_type_id);
2313 /* Figure out the resolved next_type_id with size.
2314 * They will be stored in the current modifier's
2315 * resolved_ids and resolved_sizes such that it can
2316 * save us a few type-following when we use it later (e.g. in
2319 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2320 if (env_type_is_resolved(env, next_type_id))
2321 next_type = btf_type_id_resolve(btf, &next_type_id);
2323 /* "typedef void new_void", "const void"...etc */
2324 if (!btf_type_is_void(next_type) &&
2325 !btf_type_is_fwd(next_type) &&
2326 !btf_type_is_func_proto(next_type)) {
2327 btf_verifier_log_type(env, v->t, "Invalid type_id");
2332 env_stack_pop_resolved(env, next_type_id, 0);
2337 static int btf_var_resolve(struct btf_verifier_env *env,
2338 const struct resolve_vertex *v)
2340 const struct btf_type *next_type;
2341 const struct btf_type *t = v->t;
2342 u32 next_type_id = t->type;
2343 struct btf *btf = env->btf;
2345 next_type = btf_type_by_id(btf, next_type_id);
2346 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2347 btf_verifier_log_type(env, v->t, "Invalid type_id");
2351 if (!env_type_is_resolve_sink(env, next_type) &&
2352 !env_type_is_resolved(env, next_type_id))
2353 return env_stack_push(env, next_type, next_type_id);
2355 if (btf_type_is_modifier(next_type)) {
2356 const struct btf_type *resolved_type;
2357 u32 resolved_type_id;
2359 resolved_type_id = next_type_id;
2360 resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
2362 if (btf_type_is_ptr(resolved_type) &&
2363 !env_type_is_resolve_sink(env, resolved_type) &&
2364 !env_type_is_resolved(env, resolved_type_id))
2365 return env_stack_push(env, resolved_type,
2369 /* We must resolve to something concrete at this point, no
2370 * forward types or similar that would resolve to size of
2373 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2374 btf_verifier_log_type(env, v->t, "Invalid type_id");
2378 env_stack_pop_resolved(env, next_type_id, 0);
2383 static int btf_ptr_resolve(struct btf_verifier_env *env,
2384 const struct resolve_vertex *v)
2386 const struct btf_type *next_type;
2387 const struct btf_type *t = v->t;
2388 u32 next_type_id = t->type;
2389 struct btf *btf = env->btf;
2391 next_type = btf_type_by_id(btf, next_type_id);
2392 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2393 btf_verifier_log_type(env, v->t, "Invalid type_id");
2397 if (!env_type_is_resolve_sink(env, next_type) &&
2398 !env_type_is_resolved(env, next_type_id))
2399 return env_stack_push(env, next_type, next_type_id);
2401 /* If the modifier was RESOLVED during RESOLVE_STRUCT_OR_ARRAY,
2402 * the modifier may have stopped resolving when it was resolved
2403 * to a ptr (last-resolved-ptr).
2405 * We now need to continue from the last-resolved-ptr to
2406 * ensure the last-resolved-ptr will not referring back to
2407 * the currenct ptr (t).
2409 if (btf_type_is_modifier(next_type)) {
2410 const struct btf_type *resolved_type;
2411 u32 resolved_type_id;
2413 resolved_type_id = next_type_id;
2414 resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
2416 if (btf_type_is_ptr(resolved_type) &&
2417 !env_type_is_resolve_sink(env, resolved_type) &&
2418 !env_type_is_resolved(env, resolved_type_id))
2419 return env_stack_push(env, resolved_type,
2423 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2424 if (env_type_is_resolved(env, next_type_id))
2425 next_type = btf_type_id_resolve(btf, &next_type_id);
2427 if (!btf_type_is_void(next_type) &&
2428 !btf_type_is_fwd(next_type) &&
2429 !btf_type_is_func_proto(next_type)) {
2430 btf_verifier_log_type(env, v->t, "Invalid type_id");
2435 env_stack_pop_resolved(env, next_type_id, 0);
2440 static void btf_modifier_show(const struct btf *btf,
2441 const struct btf_type *t,
2442 u32 type_id, void *data,
2443 u8 bits_offset, struct btf_show *show)
2445 if (btf->resolved_ids)
2446 t = btf_type_id_resolve(btf, &type_id);
2448 t = btf_type_skip_modifiers(btf, type_id, NULL);
2450 btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
2453 static void btf_var_show(const struct btf *btf, const struct btf_type *t,
2454 u32 type_id, void *data, u8 bits_offset,
2455 struct btf_show *show)
2457 t = btf_type_id_resolve(btf, &type_id);
2459 btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
2462 static void btf_ptr_show(const struct btf *btf, const struct btf_type *t,
2463 u32 type_id, void *data, u8 bits_offset,
2464 struct btf_show *show)
2468 safe_data = btf_show_start_type(show, t, type_id, data);
2472 /* It is a hashed value unless BTF_SHOW_PTR_RAW is specified */
2473 if (show->flags & BTF_SHOW_PTR_RAW)
2474 btf_show_type_value(show, "0x%px", *(void **)safe_data);
2476 btf_show_type_value(show, "0x%p", *(void **)safe_data);
2477 btf_show_end_type(show);
2480 static void btf_ref_type_log(struct btf_verifier_env *env,
2481 const struct btf_type *t)
2483 btf_verifier_log(env, "type_id=%u", t->type);
2486 static struct btf_kind_operations modifier_ops = {
2487 .check_meta = btf_ref_type_check_meta,
2488 .resolve = btf_modifier_resolve,
2489 .check_member = btf_modifier_check_member,
2490 .check_kflag_member = btf_modifier_check_kflag_member,
2491 .log_details = btf_ref_type_log,
2492 .show = btf_modifier_show,
2495 static struct btf_kind_operations ptr_ops = {
2496 .check_meta = btf_ref_type_check_meta,
2497 .resolve = btf_ptr_resolve,
2498 .check_member = btf_ptr_check_member,
2499 .check_kflag_member = btf_generic_check_kflag_member,
2500 .log_details = btf_ref_type_log,
2501 .show = btf_ptr_show,
2504 static s32 btf_fwd_check_meta(struct btf_verifier_env *env,
2505 const struct btf_type *t,
2508 if (btf_type_vlen(t)) {
2509 btf_verifier_log_type(env, t, "vlen != 0");
2514 btf_verifier_log_type(env, t, "type != 0");
2518 /* fwd type must have a valid name */
2520 !btf_name_valid_identifier(env->btf, t->name_off)) {
2521 btf_verifier_log_type(env, t, "Invalid name");
2525 btf_verifier_log_type(env, t, NULL);
2530 static void btf_fwd_type_log(struct btf_verifier_env *env,
2531 const struct btf_type *t)
2533 btf_verifier_log(env, "%s", btf_type_kflag(t) ? "union" : "struct");
2536 static struct btf_kind_operations fwd_ops = {
2537 .check_meta = btf_fwd_check_meta,
2538 .resolve = btf_df_resolve,
2539 .check_member = btf_df_check_member,
2540 .check_kflag_member = btf_df_check_kflag_member,
2541 .log_details = btf_fwd_type_log,
2542 .show = btf_df_show,
2545 static int btf_array_check_member(struct btf_verifier_env *env,
2546 const struct btf_type *struct_type,
2547 const struct btf_member *member,
2548 const struct btf_type *member_type)
2550 u32 struct_bits_off = member->offset;
2551 u32 struct_size, bytes_offset;
2552 u32 array_type_id, array_size;
2553 struct btf *btf = env->btf;
2555 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2556 btf_verifier_log_member(env, struct_type, member,
2557 "Member is not byte aligned");
2561 array_type_id = member->type;
2562 btf_type_id_size(btf, &array_type_id, &array_size);
2563 struct_size = struct_type->size;
2564 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2565 if (struct_size - bytes_offset < array_size) {
2566 btf_verifier_log_member(env, struct_type, member,
2567 "Member exceeds struct_size");
2574 static s32 btf_array_check_meta(struct btf_verifier_env *env,
2575 const struct btf_type *t,
2578 const struct btf_array *array = btf_type_array(t);
2579 u32 meta_needed = sizeof(*array);
2581 if (meta_left < meta_needed) {
2582 btf_verifier_log_basic(env, t,
2583 "meta_left:%u meta_needed:%u",
2584 meta_left, meta_needed);
2588 /* array type should not have a name */
2590 btf_verifier_log_type(env, t, "Invalid name");
2594 if (btf_type_vlen(t)) {
2595 btf_verifier_log_type(env, t, "vlen != 0");
2599 if (btf_type_kflag(t)) {
2600 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
2605 btf_verifier_log_type(env, t, "size != 0");
2609 /* Array elem type and index type cannot be in type void,
2610 * so !array->type and !array->index_type are not allowed.
2612 if (!array->type || !BTF_TYPE_ID_VALID(array->type)) {
2613 btf_verifier_log_type(env, t, "Invalid elem");
2617 if (!array->index_type || !BTF_TYPE_ID_VALID(array->index_type)) {
2618 btf_verifier_log_type(env, t, "Invalid index");
2622 btf_verifier_log_type(env, t, NULL);
2627 static int btf_array_resolve(struct btf_verifier_env *env,
2628 const struct resolve_vertex *v)
2630 const struct btf_array *array = btf_type_array(v->t);
2631 const struct btf_type *elem_type, *index_type;
2632 u32 elem_type_id, index_type_id;
2633 struct btf *btf = env->btf;
2636 /* Check array->index_type */
2637 index_type_id = array->index_type;
2638 index_type = btf_type_by_id(btf, index_type_id);
2639 if (btf_type_nosize_or_null(index_type) ||
2640 btf_type_is_resolve_source_only(index_type)) {
2641 btf_verifier_log_type(env, v->t, "Invalid index");
2645 if (!env_type_is_resolve_sink(env, index_type) &&
2646 !env_type_is_resolved(env, index_type_id))
2647 return env_stack_push(env, index_type, index_type_id);
2649 index_type = btf_type_id_size(btf, &index_type_id, NULL);
2650 if (!index_type || !btf_type_is_int(index_type) ||
2651 !btf_type_int_is_regular(index_type)) {
2652 btf_verifier_log_type(env, v->t, "Invalid index");
2656 /* Check array->type */
2657 elem_type_id = array->type;
2658 elem_type = btf_type_by_id(btf, elem_type_id);
2659 if (btf_type_nosize_or_null(elem_type) ||
2660 btf_type_is_resolve_source_only(elem_type)) {
2661 btf_verifier_log_type(env, v->t,
2666 if (!env_type_is_resolve_sink(env, elem_type) &&
2667 !env_type_is_resolved(env, elem_type_id))
2668 return env_stack_push(env, elem_type, elem_type_id);
2670 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
2672 btf_verifier_log_type(env, v->t, "Invalid elem");
2676 if (btf_type_is_int(elem_type) && !btf_type_int_is_regular(elem_type)) {
2677 btf_verifier_log_type(env, v->t, "Invalid array of int");
2681 if (array->nelems && elem_size > U32_MAX / array->nelems) {
2682 btf_verifier_log_type(env, v->t,
2683 "Array size overflows U32_MAX");
2687 env_stack_pop_resolved(env, elem_type_id, elem_size * array->nelems);
2692 static void btf_array_log(struct btf_verifier_env *env,
2693 const struct btf_type *t)
2695 const struct btf_array *array = btf_type_array(t);
2697 btf_verifier_log(env, "type_id=%u index_type_id=%u nr_elems=%u",
2698 array->type, array->index_type, array->nelems);
2701 static void __btf_array_show(const struct btf *btf, const struct btf_type *t,
2702 u32 type_id, void *data, u8 bits_offset,
2703 struct btf_show *show)
2705 const struct btf_array *array = btf_type_array(t);
2706 const struct btf_kind_operations *elem_ops;
2707 const struct btf_type *elem_type;
2708 u32 i, elem_size = 0, elem_type_id;
2711 elem_type_id = array->type;
2712 elem_type = btf_type_skip_modifiers(btf, elem_type_id, NULL);
2713 if (elem_type && btf_type_has_size(elem_type))
2714 elem_size = elem_type->size;
2716 if (elem_type && btf_type_is_int(elem_type)) {
2717 u32 int_type = btf_type_int(elem_type);
2719 encoding = BTF_INT_ENCODING(int_type);
2722 * BTF_INT_CHAR encoding never seems to be set for
2723 * char arrays, so if size is 1 and element is
2724 * printable as a char, we'll do that.
2727 encoding = BTF_INT_CHAR;
2730 if (!btf_show_start_array_type(show, t, type_id, encoding, data))
2735 elem_ops = btf_type_ops(elem_type);
2737 for (i = 0; i < array->nelems; i++) {
2739 btf_show_start_array_member(show);
2741 elem_ops->show(btf, elem_type, elem_type_id, data,
2745 btf_show_end_array_member(show);
2747 if (show->state.array_terminated)
2751 btf_show_end_array_type(show);
2754 static void btf_array_show(const struct btf *btf, const struct btf_type *t,
2755 u32 type_id, void *data, u8 bits_offset,
2756 struct btf_show *show)
2758 const struct btf_member *m = show->state.member;
2761 * First check if any members would be shown (are non-zero).
2762 * See comments above "struct btf_show" definition for more
2763 * details on how this works at a high-level.
2765 if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
2766 if (!show->state.depth_check) {
2767 show->state.depth_check = show->state.depth + 1;
2768 show->state.depth_to_show = 0;
2770 __btf_array_show(btf, t, type_id, data, bits_offset, show);
2771 show->state.member = m;
2773 if (show->state.depth_check != show->state.depth + 1)
2775 show->state.depth_check = 0;
2777 if (show->state.depth_to_show <= show->state.depth)
2780 * Reaching here indicates we have recursed and found
2781 * non-zero array member(s).
2784 __btf_array_show(btf, t, type_id, data, bits_offset, show);
2787 static struct btf_kind_operations array_ops = {
2788 .check_meta = btf_array_check_meta,
2789 .resolve = btf_array_resolve,
2790 .check_member = btf_array_check_member,
2791 .check_kflag_member = btf_generic_check_kflag_member,
2792 .log_details = btf_array_log,
2793 .show = btf_array_show,
2796 static int btf_struct_check_member(struct btf_verifier_env *env,
2797 const struct btf_type *struct_type,
2798 const struct btf_member *member,
2799 const struct btf_type *member_type)
2801 u32 struct_bits_off = member->offset;
2802 u32 struct_size, bytes_offset;
2804 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2805 btf_verifier_log_member(env, struct_type, member,
2806 "Member is not byte aligned");
2810 struct_size = struct_type->size;
2811 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2812 if (struct_size - bytes_offset < member_type->size) {
2813 btf_verifier_log_member(env, struct_type, member,
2814 "Member exceeds struct_size");
2821 static s32 btf_struct_check_meta(struct btf_verifier_env *env,
2822 const struct btf_type *t,
2825 bool is_union = BTF_INFO_KIND(t->info) == BTF_KIND_UNION;
2826 const struct btf_member *member;
2827 u32 meta_needed, last_offset;
2828 struct btf *btf = env->btf;
2829 u32 struct_size = t->size;
2833 meta_needed = btf_type_vlen(t) * sizeof(*member);
2834 if (meta_left < meta_needed) {
2835 btf_verifier_log_basic(env, t,
2836 "meta_left:%u meta_needed:%u",
2837 meta_left, meta_needed);
2841 /* struct type either no name or a valid one */
2843 !btf_name_valid_identifier(env->btf, t->name_off)) {
2844 btf_verifier_log_type(env, t, "Invalid name");
2848 btf_verifier_log_type(env, t, NULL);
2851 for_each_member(i, t, member) {
2852 if (!btf_name_offset_valid(btf, member->name_off)) {
2853 btf_verifier_log_member(env, t, member,
2854 "Invalid member name_offset:%u",
2859 /* struct member either no name or a valid one */
2860 if (member->name_off &&
2861 !btf_name_valid_identifier(btf, member->name_off)) {
2862 btf_verifier_log_member(env, t, member, "Invalid name");
2865 /* A member cannot be in type void */
2866 if (!member->type || !BTF_TYPE_ID_VALID(member->type)) {
2867 btf_verifier_log_member(env, t, member,
2872 offset = btf_member_bit_offset(t, member);
2873 if (is_union && offset) {
2874 btf_verifier_log_member(env, t, member,
2875 "Invalid member bits_offset");
2880 * ">" instead of ">=" because the last member could be
2883 if (last_offset > offset) {
2884 btf_verifier_log_member(env, t, member,
2885 "Invalid member bits_offset");
2889 if (BITS_ROUNDUP_BYTES(offset) > struct_size) {
2890 btf_verifier_log_member(env, t, member,
2891 "Member bits_offset exceeds its struct size");
2895 btf_verifier_log_member(env, t, member, NULL);
2896 last_offset = offset;
2902 static int btf_struct_resolve(struct btf_verifier_env *env,
2903 const struct resolve_vertex *v)
2905 const struct btf_member *member;
2909 /* Before continue resolving the next_member,
2910 * ensure the last member is indeed resolved to a
2911 * type with size info.
2913 if (v->next_member) {
2914 const struct btf_type *last_member_type;
2915 const struct btf_member *last_member;
2916 u16 last_member_type_id;
2918 last_member = btf_type_member(v->t) + v->next_member - 1;
2919 last_member_type_id = last_member->type;
2920 if (WARN_ON_ONCE(!env_type_is_resolved(env,
2921 last_member_type_id)))
2924 last_member_type = btf_type_by_id(env->btf,
2925 last_member_type_id);
2926 if (btf_type_kflag(v->t))
2927 err = btf_type_ops(last_member_type)->check_kflag_member(env, v->t,
2931 err = btf_type_ops(last_member_type)->check_member(env, v->t,
2938 for_each_member_from(i, v->next_member, v->t, member) {
2939 u32 member_type_id = member->type;
2940 const struct btf_type *member_type = btf_type_by_id(env->btf,
2943 if (btf_type_nosize_or_null(member_type) ||
2944 btf_type_is_resolve_source_only(member_type)) {
2945 btf_verifier_log_member(env, v->t, member,
2950 if (!env_type_is_resolve_sink(env, member_type) &&
2951 !env_type_is_resolved(env, member_type_id)) {
2952 env_stack_set_next_member(env, i + 1);
2953 return env_stack_push(env, member_type, member_type_id);
2956 if (btf_type_kflag(v->t))
2957 err = btf_type_ops(member_type)->check_kflag_member(env, v->t,
2961 err = btf_type_ops(member_type)->check_member(env, v->t,
2968 env_stack_pop_resolved(env, 0, 0);
2973 static void btf_struct_log(struct btf_verifier_env *env,
2974 const struct btf_type *t)
2976 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
2979 /* find 'struct bpf_spin_lock' in map value.
2980 * return >= 0 offset if found
2981 * and < 0 in case of error
2983 int btf_find_spin_lock(const struct btf *btf, const struct btf_type *t)
2985 const struct btf_member *member;
2986 u32 i, off = -ENOENT;
2988 if (!__btf_type_is_struct(t))
2991 for_each_member(i, t, member) {
2992 const struct btf_type *member_type = btf_type_by_id(btf,
2994 if (!__btf_type_is_struct(member_type))
2996 if (member_type->size != sizeof(struct bpf_spin_lock))
2998 if (strcmp(__btf_name_by_offset(btf, member_type->name_off),
3002 /* only one 'struct bpf_spin_lock' is allowed */
3004 off = btf_member_bit_offset(t, member);
3006 /* valid C code cannot generate such BTF */
3009 if (off % __alignof__(struct bpf_spin_lock))
3010 /* valid struct bpf_spin_lock will be 4 byte aligned */
3016 static void __btf_struct_show(const struct btf *btf, const struct btf_type *t,
3017 u32 type_id, void *data, u8 bits_offset,
3018 struct btf_show *show)
3020 const struct btf_member *member;
3024 safe_data = btf_show_start_struct_type(show, t, type_id, data);
3028 for_each_member(i, t, member) {
3029 const struct btf_type *member_type = btf_type_by_id(btf,
3031 const struct btf_kind_operations *ops;
3032 u32 member_offset, bitfield_size;
3036 btf_show_start_member(show, member);
3038 member_offset = btf_member_bit_offset(t, member);
3039 bitfield_size = btf_member_bitfield_size(t, member);
3040 bytes_offset = BITS_ROUNDDOWN_BYTES(member_offset);
3041 bits8_offset = BITS_PER_BYTE_MASKED(member_offset);
3042 if (bitfield_size) {
3043 safe_data = btf_show_start_type(show, member_type,
3045 data + bytes_offset);
3047 btf_bitfield_show(safe_data,
3049 bitfield_size, show);
3050 btf_show_end_type(show);
3052 ops = btf_type_ops(member_type);
3053 ops->show(btf, member_type, member->type,
3054 data + bytes_offset, bits8_offset, show);
3057 btf_show_end_member(show);
3060 btf_show_end_struct_type(show);
3063 static void btf_struct_show(const struct btf *btf, const struct btf_type *t,
3064 u32 type_id, void *data, u8 bits_offset,
3065 struct btf_show *show)
3067 const struct btf_member *m = show->state.member;
3070 * First check if any members would be shown (are non-zero).
3071 * See comments above "struct btf_show" definition for more
3072 * details on how this works at a high-level.
3074 if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
3075 if (!show->state.depth_check) {
3076 show->state.depth_check = show->state.depth + 1;
3077 show->state.depth_to_show = 0;
3079 __btf_struct_show(btf, t, type_id, data, bits_offset, show);
3080 /* Restore saved member data here */
3081 show->state.member = m;
3082 if (show->state.depth_check != show->state.depth + 1)
3084 show->state.depth_check = 0;
3086 if (show->state.depth_to_show <= show->state.depth)
3089 * Reaching here indicates we have recursed and found
3090 * non-zero child values.
3094 __btf_struct_show(btf, t, type_id, data, bits_offset, show);
3097 static struct btf_kind_operations struct_ops = {
3098 .check_meta = btf_struct_check_meta,
3099 .resolve = btf_struct_resolve,
3100 .check_member = btf_struct_check_member,
3101 .check_kflag_member = btf_generic_check_kflag_member,
3102 .log_details = btf_struct_log,
3103 .show = btf_struct_show,
3106 static int btf_enum_check_member(struct btf_verifier_env *env,
3107 const struct btf_type *struct_type,
3108 const struct btf_member *member,
3109 const struct btf_type *member_type)
3111 u32 struct_bits_off = member->offset;
3112 u32 struct_size, bytes_offset;
3114 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
3115 btf_verifier_log_member(env, struct_type, member,
3116 "Member is not byte aligned");
3120 struct_size = struct_type->size;
3121 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
3122 if (struct_size - bytes_offset < member_type->size) {
3123 btf_verifier_log_member(env, struct_type, member,
3124 "Member exceeds struct_size");
3131 static int btf_enum_check_kflag_member(struct btf_verifier_env *env,
3132 const struct btf_type *struct_type,
3133 const struct btf_member *member,
3134 const struct btf_type *member_type)
3136 u32 struct_bits_off, nr_bits, bytes_end, struct_size;
3137 u32 int_bitsize = sizeof(int) * BITS_PER_BYTE;
3139 struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
3140 nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
3142 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
3143 btf_verifier_log_member(env, struct_type, member,
3144 "Member is not byte aligned");
3148 nr_bits = int_bitsize;
3149 } else if (nr_bits > int_bitsize) {
3150 btf_verifier_log_member(env, struct_type, member,
3151 "Invalid member bitfield_size");
3155 struct_size = struct_type->size;
3156 bytes_end = BITS_ROUNDUP_BYTES(struct_bits_off + nr_bits);
3157 if (struct_size < bytes_end) {
3158 btf_verifier_log_member(env, struct_type, member,
3159 "Member exceeds struct_size");
3166 static s32 btf_enum_check_meta(struct btf_verifier_env *env,
3167 const struct btf_type *t,
3170 const struct btf_enum *enums = btf_type_enum(t);
3171 struct btf *btf = env->btf;
3175 nr_enums = btf_type_vlen(t);
3176 meta_needed = nr_enums * sizeof(*enums);
3178 if (meta_left < meta_needed) {
3179 btf_verifier_log_basic(env, t,
3180 "meta_left:%u meta_needed:%u",
3181 meta_left, meta_needed);
3185 if (btf_type_kflag(t)) {
3186 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3190 if (t->size > 8 || !is_power_of_2(t->size)) {
3191 btf_verifier_log_type(env, t, "Unexpected size");
3195 /* enum type either no name or a valid one */
3197 !btf_name_valid_identifier(env->btf, t->name_off)) {
3198 btf_verifier_log_type(env, t, "Invalid name");
3202 btf_verifier_log_type(env, t, NULL);
3204 for (i = 0; i < nr_enums; i++) {
3205 if (!btf_name_offset_valid(btf, enums[i].name_off)) {
3206 btf_verifier_log(env, "\tInvalid name_offset:%u",
3211 /* enum member must have a valid name */
3212 if (!enums[i].name_off ||
3213 !btf_name_valid_identifier(btf, enums[i].name_off)) {
3214 btf_verifier_log_type(env, t, "Invalid name");
3218 if (env->log.level == BPF_LOG_KERNEL)
3220 btf_verifier_log(env, "\t%s val=%d\n",
3221 __btf_name_by_offset(btf, enums[i].name_off),
3228 static void btf_enum_log(struct btf_verifier_env *env,
3229 const struct btf_type *t)
3231 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3234 static void btf_enum_show(const struct btf *btf, const struct btf_type *t,
3235 u32 type_id, void *data, u8 bits_offset,
3236 struct btf_show *show)
3238 const struct btf_enum *enums = btf_type_enum(t);
3239 u32 i, nr_enums = btf_type_vlen(t);
3243 safe_data = btf_show_start_type(show, t, type_id, data);
3247 v = *(int *)safe_data;
3249 for (i = 0; i < nr_enums; i++) {
3250 if (v != enums[i].val)
3253 btf_show_type_value(show, "%s",
3254 __btf_name_by_offset(btf,
3255 enums[i].name_off));
3257 btf_show_end_type(show);
3261 btf_show_type_value(show, "%d", v);
3262 btf_show_end_type(show);
3265 static struct btf_kind_operations enum_ops = {
3266 .check_meta = btf_enum_check_meta,
3267 .resolve = btf_df_resolve,
3268 .check_member = btf_enum_check_member,
3269 .check_kflag_member = btf_enum_check_kflag_member,
3270 .log_details = btf_enum_log,
3271 .show = btf_enum_show,
3274 static s32 btf_func_proto_check_meta(struct btf_verifier_env *env,
3275 const struct btf_type *t,
3278 u32 meta_needed = btf_type_vlen(t) * sizeof(struct btf_param);
3280 if (meta_left < meta_needed) {
3281 btf_verifier_log_basic(env, t,
3282 "meta_left:%u meta_needed:%u",
3283 meta_left, meta_needed);
3288 btf_verifier_log_type(env, t, "Invalid name");
3292 if (btf_type_kflag(t)) {
3293 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3297 btf_verifier_log_type(env, t, NULL);
3302 static void btf_func_proto_log(struct btf_verifier_env *env,
3303 const struct btf_type *t)
3305 const struct btf_param *args = (const struct btf_param *)(t + 1);
3306 u16 nr_args = btf_type_vlen(t), i;
3308 btf_verifier_log(env, "return=%u args=(", t->type);
3310 btf_verifier_log(env, "void");
3314 if (nr_args == 1 && !args[0].type) {
3315 /* Only one vararg */
3316 btf_verifier_log(env, "vararg");
3320 btf_verifier_log(env, "%u %s", args[0].type,
3321 __btf_name_by_offset(env->btf,
3323 for (i = 1; i < nr_args - 1; i++)
3324 btf_verifier_log(env, ", %u %s", args[i].type,
3325 __btf_name_by_offset(env->btf,
3329 const struct btf_param *last_arg = &args[nr_args - 1];
3332 btf_verifier_log(env, ", %u %s", last_arg->type,
3333 __btf_name_by_offset(env->btf,
3334 last_arg->name_off));
3336 btf_verifier_log(env, ", vararg");
3340 btf_verifier_log(env, ")");
3343 static struct btf_kind_operations func_proto_ops = {
3344 .check_meta = btf_func_proto_check_meta,
3345 .resolve = btf_df_resolve,
3347 * BTF_KIND_FUNC_PROTO cannot be directly referred by
3348 * a struct's member.
3350 * It should be a funciton pointer instead.
3351 * (i.e. struct's member -> BTF_KIND_PTR -> BTF_KIND_FUNC_PROTO)
3353 * Hence, there is no btf_func_check_member().
3355 .check_member = btf_df_check_member,
3356 .check_kflag_member = btf_df_check_kflag_member,
3357 .log_details = btf_func_proto_log,
3358 .show = btf_df_show,
3361 static s32 btf_func_check_meta(struct btf_verifier_env *env,
3362 const struct btf_type *t,
3366 !btf_name_valid_identifier(env->btf, t->name_off)) {
3367 btf_verifier_log_type(env, t, "Invalid name");
3371 if (btf_type_vlen(t) > BTF_FUNC_GLOBAL) {
3372 btf_verifier_log_type(env, t, "Invalid func linkage");
3376 if (btf_type_kflag(t)) {
3377 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3381 btf_verifier_log_type(env, t, NULL);
3386 static struct btf_kind_operations func_ops = {
3387 .check_meta = btf_func_check_meta,
3388 .resolve = btf_df_resolve,
3389 .check_member = btf_df_check_member,
3390 .check_kflag_member = btf_df_check_kflag_member,
3391 .log_details = btf_ref_type_log,
3392 .show = btf_df_show,
3395 static s32 btf_var_check_meta(struct btf_verifier_env *env,
3396 const struct btf_type *t,
3399 const struct btf_var *var;
3400 u32 meta_needed = sizeof(*var);
3402 if (meta_left < meta_needed) {
3403 btf_verifier_log_basic(env, t,
3404 "meta_left:%u meta_needed:%u",
3405 meta_left, meta_needed);
3409 if (btf_type_vlen(t)) {
3410 btf_verifier_log_type(env, t, "vlen != 0");
3414 if (btf_type_kflag(t)) {
3415 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3420 !__btf_name_valid(env->btf, t->name_off, true)) {
3421 btf_verifier_log_type(env, t, "Invalid name");
3425 /* A var cannot be in type void */
3426 if (!t->type || !BTF_TYPE_ID_VALID(t->type)) {
3427 btf_verifier_log_type(env, t, "Invalid type_id");
3431 var = btf_type_var(t);
3432 if (var->linkage != BTF_VAR_STATIC &&
3433 var->linkage != BTF_VAR_GLOBAL_ALLOCATED) {
3434 btf_verifier_log_type(env, t, "Linkage not supported");
3438 btf_verifier_log_type(env, t, NULL);
3443 static void btf_var_log(struct btf_verifier_env *env, const struct btf_type *t)
3445 const struct btf_var *var = btf_type_var(t);
3447 btf_verifier_log(env, "type_id=%u linkage=%u", t->type, var->linkage);
3450 static const struct btf_kind_operations var_ops = {
3451 .check_meta = btf_var_check_meta,
3452 .resolve = btf_var_resolve,
3453 .check_member = btf_df_check_member,
3454 .check_kflag_member = btf_df_check_kflag_member,
3455 .log_details = btf_var_log,
3456 .show = btf_var_show,
3459 static s32 btf_datasec_check_meta(struct btf_verifier_env *env,
3460 const struct btf_type *t,
3463 const struct btf_var_secinfo *vsi;
3464 u64 last_vsi_end_off = 0, sum = 0;
3467 meta_needed = btf_type_vlen(t) * sizeof(*vsi);
3468 if (meta_left < meta_needed) {
3469 btf_verifier_log_basic(env, t,
3470 "meta_left:%u meta_needed:%u",
3471 meta_left, meta_needed);
3475 if (!btf_type_vlen(t)) {
3476 btf_verifier_log_type(env, t, "vlen == 0");
3481 btf_verifier_log_type(env, t, "size == 0");
3485 if (btf_type_kflag(t)) {
3486 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3491 !btf_name_valid_section(env->btf, t->name_off)) {
3492 btf_verifier_log_type(env, t, "Invalid name");
3496 btf_verifier_log_type(env, t, NULL);
3498 for_each_vsi(i, t, vsi) {
3499 /* A var cannot be in type void */
3500 if (!vsi->type || !BTF_TYPE_ID_VALID(vsi->type)) {
3501 btf_verifier_log_vsi(env, t, vsi,
3506 if (vsi->offset < last_vsi_end_off || vsi->offset >= t->size) {
3507 btf_verifier_log_vsi(env, t, vsi,
3512 if (!vsi->size || vsi->size > t->size) {
3513 btf_verifier_log_vsi(env, t, vsi,
3518 last_vsi_end_off = vsi->offset + vsi->size;
3519 if (last_vsi_end_off > t->size) {
3520 btf_verifier_log_vsi(env, t, vsi,
3521 "Invalid offset+size");
3525 btf_verifier_log_vsi(env, t, vsi, NULL);
3529 if (t->size < sum) {
3530 btf_verifier_log_type(env, t, "Invalid btf_info size");
3537 static int btf_datasec_resolve(struct btf_verifier_env *env,
3538 const struct resolve_vertex *v)
3540 const struct btf_var_secinfo *vsi;
3541 struct btf *btf = env->btf;
3544 for_each_vsi_from(i, v->next_member, v->t, vsi) {
3545 u32 var_type_id = vsi->type, type_id, type_size = 0;
3546 const struct btf_type *var_type = btf_type_by_id(env->btf,
3548 if (!var_type || !btf_type_is_var(var_type)) {
3549 btf_verifier_log_vsi(env, v->t, vsi,
3550 "Not a VAR kind member");
3554 if (!env_type_is_resolve_sink(env, var_type) &&
3555 !env_type_is_resolved(env, var_type_id)) {
3556 env_stack_set_next_member(env, i + 1);
3557 return env_stack_push(env, var_type, var_type_id);
3560 type_id = var_type->type;
3561 if (!btf_type_id_size(btf, &type_id, &type_size)) {
3562 btf_verifier_log_vsi(env, v->t, vsi, "Invalid type");
3566 if (vsi->size < type_size) {
3567 btf_verifier_log_vsi(env, v->t, vsi, "Invalid size");
3572 env_stack_pop_resolved(env, 0, 0);
3576 static void btf_datasec_log(struct btf_verifier_env *env,
3577 const struct btf_type *t)
3579 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3582 static void btf_datasec_show(const struct btf *btf,
3583 const struct btf_type *t, u32 type_id,
3584 void *data, u8 bits_offset,
3585 struct btf_show *show)
3587 const struct btf_var_secinfo *vsi;
3588 const struct btf_type *var;
3591 if (!btf_show_start_type(show, t, type_id, data))
3594 btf_show_type_value(show, "section (\"%s\") = {",
3595 __btf_name_by_offset(btf, t->name_off));
3596 for_each_vsi(i, t, vsi) {
3597 var = btf_type_by_id(btf, vsi->type);
3599 btf_show(show, ",");
3600 btf_type_ops(var)->show(btf, var, vsi->type,
3601 data + vsi->offset, bits_offset, show);
3603 btf_show_end_type(show);
3606 static const struct btf_kind_operations datasec_ops = {
3607 .check_meta = btf_datasec_check_meta,
3608 .resolve = btf_datasec_resolve,
3609 .check_member = btf_df_check_member,
3610 .check_kflag_member = btf_df_check_kflag_member,
3611 .log_details = btf_datasec_log,
3612 .show = btf_datasec_show,
3615 static int btf_func_proto_check(struct btf_verifier_env *env,
3616 const struct btf_type *t)
3618 const struct btf_type *ret_type;
3619 const struct btf_param *args;
3620 const struct btf *btf;
3625 args = (const struct btf_param *)(t + 1);
3626 nr_args = btf_type_vlen(t);
3628 /* Check func return type which could be "void" (t->type == 0) */
3630 u32 ret_type_id = t->type;
3632 ret_type = btf_type_by_id(btf, ret_type_id);
3634 btf_verifier_log_type(env, t, "Invalid return type");
3638 if (btf_type_needs_resolve(ret_type) &&
3639 !env_type_is_resolved(env, ret_type_id)) {
3640 err = btf_resolve(env, ret_type, ret_type_id);
3645 /* Ensure the return type is a type that has a size */
3646 if (!btf_type_id_size(btf, &ret_type_id, NULL)) {
3647 btf_verifier_log_type(env, t, "Invalid return type");
3655 /* Last func arg type_id could be 0 if it is a vararg */
3656 if (!args[nr_args - 1].type) {
3657 if (args[nr_args - 1].name_off) {
3658 btf_verifier_log_type(env, t, "Invalid arg#%u",
3666 for (i = 0; i < nr_args; i++) {
3667 const struct btf_type *arg_type;
3670 arg_type_id = args[i].type;
3671 arg_type = btf_type_by_id(btf, arg_type_id);
3673 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
3678 if (args[i].name_off &&
3679 (!btf_name_offset_valid(btf, args[i].name_off) ||
3680 !btf_name_valid_identifier(btf, args[i].name_off))) {
3681 btf_verifier_log_type(env, t,
3682 "Invalid arg#%u", i + 1);
3687 if (btf_type_needs_resolve(arg_type) &&
3688 !env_type_is_resolved(env, arg_type_id)) {
3689 err = btf_resolve(env, arg_type, arg_type_id);
3694 if (!btf_type_id_size(btf, &arg_type_id, NULL)) {
3695 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
3704 static int btf_func_check(struct btf_verifier_env *env,
3705 const struct btf_type *t)
3707 const struct btf_type *proto_type;
3708 const struct btf_param *args;
3709 const struct btf *btf;
3713 proto_type = btf_type_by_id(btf, t->type);
3715 if (!proto_type || !btf_type_is_func_proto(proto_type)) {
3716 btf_verifier_log_type(env, t, "Invalid type_id");
3720 args = (const struct btf_param *)(proto_type + 1);
3721 nr_args = btf_type_vlen(proto_type);
3722 for (i = 0; i < nr_args; i++) {
3723 if (!args[i].name_off && args[i].type) {
3724 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
3732 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS] = {
3733 [BTF_KIND_INT] = &int_ops,
3734 [BTF_KIND_PTR] = &ptr_ops,
3735 [BTF_KIND_ARRAY] = &array_ops,
3736 [BTF_KIND_STRUCT] = &struct_ops,
3737 [BTF_KIND_UNION] = &struct_ops,
3738 [BTF_KIND_ENUM] = &enum_ops,
3739 [BTF_KIND_FWD] = &fwd_ops,
3740 [BTF_KIND_TYPEDEF] = &modifier_ops,
3741 [BTF_KIND_VOLATILE] = &modifier_ops,
3742 [BTF_KIND_CONST] = &modifier_ops,
3743 [BTF_KIND_RESTRICT] = &modifier_ops,
3744 [BTF_KIND_FUNC] = &func_ops,
3745 [BTF_KIND_FUNC_PROTO] = &func_proto_ops,
3746 [BTF_KIND_VAR] = &var_ops,
3747 [BTF_KIND_DATASEC] = &datasec_ops,
3750 static s32 btf_check_meta(struct btf_verifier_env *env,
3751 const struct btf_type *t,
3754 u32 saved_meta_left = meta_left;
3757 if (meta_left < sizeof(*t)) {
3758 btf_verifier_log(env, "[%u] meta_left:%u meta_needed:%zu",
3759 env->log_type_id, meta_left, sizeof(*t));
3762 meta_left -= sizeof(*t);
3764 if (t->info & ~BTF_INFO_MASK) {
3765 btf_verifier_log(env, "[%u] Invalid btf_info:%x",
3766 env->log_type_id, t->info);
3770 if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX ||
3771 BTF_INFO_KIND(t->info) == BTF_KIND_UNKN) {
3772 btf_verifier_log(env, "[%u] Invalid kind:%u",
3773 env->log_type_id, BTF_INFO_KIND(t->info));
3777 if (!btf_name_offset_valid(env->btf, t->name_off)) {
3778 btf_verifier_log(env, "[%u] Invalid name_offset:%u",
3779 env->log_type_id, t->name_off);
3783 var_meta_size = btf_type_ops(t)->check_meta(env, t, meta_left);
3784 if (var_meta_size < 0)
3785 return var_meta_size;
3787 meta_left -= var_meta_size;
3789 return saved_meta_left - meta_left;
3792 static int btf_check_all_metas(struct btf_verifier_env *env)
3794 struct btf *btf = env->btf;
3795 struct btf_header *hdr;
3799 cur = btf->nohdr_data + hdr->type_off;
3800 end = cur + hdr->type_len;
3802 env->log_type_id = 1;
3804 struct btf_type *t = cur;
3807 meta_size = btf_check_meta(env, t, end - cur);
3811 btf_add_type(env, t);
3819 static bool btf_resolve_valid(struct btf_verifier_env *env,
3820 const struct btf_type *t,
3823 struct btf *btf = env->btf;
3825 if (!env_type_is_resolved(env, type_id))
3828 if (btf_type_is_struct(t) || btf_type_is_datasec(t))
3829 return !btf->resolved_ids[type_id] &&
3830 !btf->resolved_sizes[type_id];
3832 if (btf_type_is_modifier(t) || btf_type_is_ptr(t) ||
3833 btf_type_is_var(t)) {
3834 t = btf_type_id_resolve(btf, &type_id);
3836 !btf_type_is_modifier(t) &&
3837 !btf_type_is_var(t) &&
3838 !btf_type_is_datasec(t);
3841 if (btf_type_is_array(t)) {
3842 const struct btf_array *array = btf_type_array(t);
3843 const struct btf_type *elem_type;
3844 u32 elem_type_id = array->type;
3847 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
3848 return elem_type && !btf_type_is_modifier(elem_type) &&
3849 (array->nelems * elem_size ==
3850 btf->resolved_sizes[type_id]);
3856 static int btf_resolve(struct btf_verifier_env *env,
3857 const struct btf_type *t, u32 type_id)
3859 u32 save_log_type_id = env->log_type_id;
3860 const struct resolve_vertex *v;
3863 env->resolve_mode = RESOLVE_TBD;
3864 env_stack_push(env, t, type_id);
3865 while (!err && (v = env_stack_peak(env))) {
3866 env->log_type_id = v->type_id;
3867 err = btf_type_ops(v->t)->resolve(env, v);
3870 env->log_type_id = type_id;
3871 if (err == -E2BIG) {
3872 btf_verifier_log_type(env, t,
3873 "Exceeded max resolving depth:%u",
3875 } else if (err == -EEXIST) {
3876 btf_verifier_log_type(env, t, "Loop detected");
3879 /* Final sanity check */
3880 if (!err && !btf_resolve_valid(env, t, type_id)) {
3881 btf_verifier_log_type(env, t, "Invalid resolve state");
3885 env->log_type_id = save_log_type_id;
3889 static int btf_check_all_types(struct btf_verifier_env *env)
3891 struct btf *btf = env->btf;
3895 err = env_resolve_init(env);
3900 for (type_id = 1; type_id <= btf->nr_types; type_id++) {
3901 const struct btf_type *t = btf_type_by_id(btf, type_id);
3903 env->log_type_id = type_id;
3904 if (btf_type_needs_resolve(t) &&
3905 !env_type_is_resolved(env, type_id)) {
3906 err = btf_resolve(env, t, type_id);
3911 if (btf_type_is_func_proto(t)) {
3912 err = btf_func_proto_check(env, t);
3917 if (btf_type_is_func(t)) {
3918 err = btf_func_check(env, t);
3927 static int btf_parse_type_sec(struct btf_verifier_env *env)
3929 const struct btf_header *hdr = &env->btf->hdr;
3932 /* Type section must align to 4 bytes */
3933 if (hdr->type_off & (sizeof(u32) - 1)) {
3934 btf_verifier_log(env, "Unaligned type_off");
3938 if (!hdr->type_len) {
3939 btf_verifier_log(env, "No type found");
3943 err = btf_check_all_metas(env);
3947 return btf_check_all_types(env);
3950 static int btf_parse_str_sec(struct btf_verifier_env *env)
3952 const struct btf_header *hdr;
3953 struct btf *btf = env->btf;
3954 const char *start, *end;
3957 start = btf->nohdr_data + hdr->str_off;
3958 end = start + hdr->str_len;
3960 if (end != btf->data + btf->data_size) {
3961 btf_verifier_log(env, "String section is not at the end");
3965 if (!hdr->str_len || hdr->str_len - 1 > BTF_MAX_NAME_OFFSET ||
3966 start[0] || end[-1]) {
3967 btf_verifier_log(env, "Invalid string section");
3971 btf->strings = start;
3976 static const size_t btf_sec_info_offset[] = {
3977 offsetof(struct btf_header, type_off),
3978 offsetof(struct btf_header, str_off),
3981 static int btf_sec_info_cmp(const void *a, const void *b)
3983 const struct btf_sec_info *x = a;
3984 const struct btf_sec_info *y = b;
3986 return (int)(x->off - y->off) ? : (int)(x->len - y->len);
3989 static int btf_check_sec_info(struct btf_verifier_env *env,
3992 struct btf_sec_info secs[ARRAY_SIZE(btf_sec_info_offset)];
3993 u32 total, expected_total, i;
3994 const struct btf_header *hdr;
3995 const struct btf *btf;
4000 /* Populate the secs from hdr */
4001 for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++)
4002 secs[i] = *(struct btf_sec_info *)((void *)hdr +
4003 btf_sec_info_offset[i]);
4005 sort(secs, ARRAY_SIZE(btf_sec_info_offset),
4006 sizeof(struct btf_sec_info), btf_sec_info_cmp, NULL);
4008 /* Check for gaps and overlap among sections */
4010 expected_total = btf_data_size - hdr->hdr_len;
4011 for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++) {
4012 if (expected_total < secs[i].off) {
4013 btf_verifier_log(env, "Invalid section offset");
4016 if (total < secs[i].off) {
4018 btf_verifier_log(env, "Unsupported section found");
4021 if (total > secs[i].off) {
4022 btf_verifier_log(env, "Section overlap found");
4025 if (expected_total - total < secs[i].len) {
4026 btf_verifier_log(env,
4027 "Total section length too long");
4030 total += secs[i].len;
4033 /* There is data other than hdr and known sections */
4034 if (expected_total != total) {
4035 btf_verifier_log(env, "Unsupported section found");
4042 static int btf_parse_hdr(struct btf_verifier_env *env)
4044 u32 hdr_len, hdr_copy, btf_data_size;
4045 const struct btf_header *hdr;
4050 btf_data_size = btf->data_size;
4053 offsetof(struct btf_header, hdr_len) + sizeof(hdr->hdr_len)) {
4054 btf_verifier_log(env, "hdr_len not found");
4059 hdr_len = hdr->hdr_len;
4060 if (btf_data_size < hdr_len) {
4061 btf_verifier_log(env, "btf_header not found");
4065 /* Ensure the unsupported header fields are zero */
4066 if (hdr_len > sizeof(btf->hdr)) {
4067 u8 *expected_zero = btf->data + sizeof(btf->hdr);
4068 u8 *end = btf->data + hdr_len;
4070 for (; expected_zero < end; expected_zero++) {
4071 if (*expected_zero) {
4072 btf_verifier_log(env, "Unsupported btf_header");
4078 hdr_copy = min_t(u32, hdr_len, sizeof(btf->hdr));
4079 memcpy(&btf->hdr, btf->data, hdr_copy);
4083 btf_verifier_log_hdr(env, btf_data_size);
4085 if (hdr->magic != BTF_MAGIC) {
4086 btf_verifier_log(env, "Invalid magic");
4090 if (hdr->version != BTF_VERSION) {
4091 btf_verifier_log(env, "Unsupported version");
4096 btf_verifier_log(env, "Unsupported flags");
4100 if (btf_data_size == hdr->hdr_len) {
4101 btf_verifier_log(env, "No data");
4105 err = btf_check_sec_info(env, btf_data_size);
4112 static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size,
4113 u32 log_level, char __user *log_ubuf, u32 log_size)
4115 struct btf_verifier_env *env = NULL;
4116 struct bpf_verifier_log *log;
4117 struct btf *btf = NULL;
4121 if (btf_data_size > BTF_MAX_SIZE)
4122 return ERR_PTR(-E2BIG);
4124 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
4126 return ERR_PTR(-ENOMEM);
4129 if (log_level || log_ubuf || log_size) {
4130 /* user requested verbose verifier output
4131 * and supplied buffer to store the verification trace
4133 log->level = log_level;
4134 log->ubuf = log_ubuf;
4135 log->len_total = log_size;
4137 /* log attributes have to be sane */
4138 if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
4139 !log->level || !log->ubuf) {
4145 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
4152 data = kvmalloc(btf_data_size, GFP_KERNEL | __GFP_NOWARN);
4159 btf->data_size = btf_data_size;
4161 if (copy_from_user(data, btf_data, btf_data_size)) {
4166 err = btf_parse_hdr(env);
4170 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
4172 err = btf_parse_str_sec(env);
4176 err = btf_parse_type_sec(env);
4180 if (log->level && bpf_verifier_log_full(log)) {
4185 btf_verifier_env_free(env);
4186 refcount_set(&btf->refcnt, 1);
4190 btf_verifier_env_free(env);
4193 return ERR_PTR(err);
4196 extern char __weak __start_BTF[];
4197 extern char __weak __stop_BTF[];
4198 extern struct btf *btf_vmlinux;
4200 #define BPF_MAP_TYPE(_id, _ops)
4201 #define BPF_LINK_TYPE(_id, _name)
4203 struct bpf_ctx_convert {
4204 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4205 prog_ctx_type _id##_prog; \
4206 kern_ctx_type _id##_kern;
4207 #include <linux/bpf_types.h>
4208 #undef BPF_PROG_TYPE
4210 /* 't' is written once under lock. Read many times. */
4211 const struct btf_type *t;
4214 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4216 #include <linux/bpf_types.h>
4217 #undef BPF_PROG_TYPE
4218 __ctx_convert_unused, /* to avoid empty enum in extreme .config */
4220 static u8 bpf_ctx_convert_map[] = {
4221 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4222 [_id] = __ctx_convert##_id,
4223 #include <linux/bpf_types.h>
4224 #undef BPF_PROG_TYPE
4225 0, /* avoid empty array */
4228 #undef BPF_LINK_TYPE
4230 static const struct btf_member *
4231 btf_get_prog_ctx_type(struct bpf_verifier_log *log, struct btf *btf,
4232 const struct btf_type *t, enum bpf_prog_type prog_type,
4235 const struct btf_type *conv_struct;
4236 const struct btf_type *ctx_struct;
4237 const struct btf_member *ctx_type;
4238 const char *tname, *ctx_tname;
4240 conv_struct = bpf_ctx_convert.t;
4242 bpf_log(log, "btf_vmlinux is malformed\n");
4245 t = btf_type_by_id(btf, t->type);
4246 while (btf_type_is_modifier(t))
4247 t = btf_type_by_id(btf, t->type);
4248 if (!btf_type_is_struct(t)) {
4249 /* Only pointer to struct is supported for now.
4250 * That means that BPF_PROG_TYPE_TRACEPOINT with BTF
4251 * is not supported yet.
4252 * BPF_PROG_TYPE_RAW_TRACEPOINT is fine.
4254 if (log->level & BPF_LOG_LEVEL)
4255 bpf_log(log, "arg#%d type is not a struct\n", arg);
4258 tname = btf_name_by_offset(btf, t->name_off);
4260 bpf_log(log, "arg#%d struct doesn't have a name\n", arg);
4263 /* prog_type is valid bpf program type. No need for bounds check. */
4264 ctx_type = btf_type_member(conv_struct) + bpf_ctx_convert_map[prog_type] * 2;
4265 /* ctx_struct is a pointer to prog_ctx_type in vmlinux.
4266 * Like 'struct __sk_buff'
4268 ctx_struct = btf_type_by_id(btf_vmlinux, ctx_type->type);
4270 /* should not happen */
4272 ctx_tname = btf_name_by_offset(btf_vmlinux, ctx_struct->name_off);
4274 /* should not happen */
4275 bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n");
4278 /* only compare that prog's ctx type name is the same as
4279 * kernel expects. No need to compare field by field.
4280 * It's ok for bpf prog to do:
4281 * struct __sk_buff {};
4282 * int socket_filter_bpf_prog(struct __sk_buff *skb)
4283 * { // no fields of skb are ever used }
4285 if (strcmp(ctx_tname, tname))
4290 static const struct bpf_map_ops * const btf_vmlinux_map_ops[] = {
4291 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
4292 #define BPF_LINK_TYPE(_id, _name)
4293 #define BPF_MAP_TYPE(_id, _ops) \
4295 #include <linux/bpf_types.h>
4296 #undef BPF_PROG_TYPE
4297 #undef BPF_LINK_TYPE
4301 static int btf_vmlinux_map_ids_init(const struct btf *btf,
4302 struct bpf_verifier_log *log)
4304 const struct bpf_map_ops *ops;
4307 for (i = 0; i < ARRAY_SIZE(btf_vmlinux_map_ops); ++i) {
4308 ops = btf_vmlinux_map_ops[i];
4309 if (!ops || (!ops->map_btf_name && !ops->map_btf_id))
4311 if (!ops->map_btf_name || !ops->map_btf_id) {
4312 bpf_log(log, "map type %d is misconfigured\n", i);
4315 btf_id = btf_find_by_name_kind(btf, ops->map_btf_name,
4319 *ops->map_btf_id = btf_id;
4325 static int btf_translate_to_vmlinux(struct bpf_verifier_log *log,
4327 const struct btf_type *t,
4328 enum bpf_prog_type prog_type,
4331 const struct btf_member *prog_ctx_type, *kern_ctx_type;
4333 prog_ctx_type = btf_get_prog_ctx_type(log, btf, t, prog_type, arg);
4336 kern_ctx_type = prog_ctx_type + 1;
4337 return kern_ctx_type->type;
4340 BTF_ID_LIST(bpf_ctx_convert_btf_id)
4341 BTF_ID(struct, bpf_ctx_convert)
4343 struct btf *btf_parse_vmlinux(void)
4345 struct btf_verifier_env *env = NULL;
4346 struct bpf_verifier_log *log;
4347 struct btf *btf = NULL;
4350 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
4352 return ERR_PTR(-ENOMEM);
4355 log->level = BPF_LOG_KERNEL;
4357 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
4364 btf->data = __start_BTF;
4365 btf->data_size = __stop_BTF - __start_BTF;
4367 err = btf_parse_hdr(env);
4371 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
4373 err = btf_parse_str_sec(env);
4377 err = btf_check_all_metas(env);
4381 /* btf_parse_vmlinux() runs under bpf_verifier_lock */
4382 bpf_ctx_convert.t = btf_type_by_id(btf, bpf_ctx_convert_btf_id[0]);
4384 /* find bpf map structs for map_ptr access checking */
4385 err = btf_vmlinux_map_ids_init(btf, log);
4389 bpf_struct_ops_init(btf, log);
4391 btf_verifier_env_free(env);
4392 refcount_set(&btf->refcnt, 1);
4396 btf_verifier_env_free(env);
4401 return ERR_PTR(err);
4404 struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog)
4406 struct bpf_prog *tgt_prog = prog->aux->dst_prog;
4409 return tgt_prog->aux->btf;
4415 static bool is_string_ptr(struct btf *btf, const struct btf_type *t)
4417 /* t comes in already as a pointer */
4418 t = btf_type_by_id(btf, t->type);
4421 if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST)
4422 t = btf_type_by_id(btf, t->type);
4424 /* char, signed char, unsigned char */
4425 return btf_type_is_int(t) && t->size == 1;
4428 bool btf_ctx_access(int off, int size, enum bpf_access_type type,
4429 const struct bpf_prog *prog,
4430 struct bpf_insn_access_aux *info)
4432 const struct btf_type *t = prog->aux->attach_func_proto;
4433 struct bpf_prog *tgt_prog = prog->aux->dst_prog;
4434 struct btf *btf = bpf_prog_get_target_btf(prog);
4435 const char *tname = prog->aux->attach_func_name;
4436 struct bpf_verifier_log *log = info->log;
4437 const struct btf_param *args;
4442 bpf_log(log, "func '%s' offset %d is not multiple of 8\n",
4447 args = (const struct btf_param *)(t + 1);
4448 /* if (t == NULL) Fall back to default BPF prog with 5 u64 arguments */
4449 nr_args = t ? btf_type_vlen(t) : 5;
4450 if (prog->aux->attach_btf_trace) {
4451 /* skip first 'void *__data' argument in btf_trace_##name typedef */
4456 if (arg > nr_args) {
4457 bpf_log(log, "func '%s' doesn't have %d-th argument\n",
4462 if (arg == nr_args) {
4463 switch (prog->expected_attach_type) {
4465 case BPF_TRACE_FEXIT:
4466 /* When LSM programs are attached to void LSM hooks
4467 * they use FEXIT trampolines and when attached to
4468 * int LSM hooks, they use MODIFY_RETURN trampolines.
4470 * While the LSM programs are BPF_MODIFY_RETURN-like
4473 * if (ret_type != 'int')
4476 * is _not_ done here. This is still safe as LSM hooks
4477 * have only void and int return types.
4481 t = btf_type_by_id(btf, t->type);
4483 case BPF_MODIFY_RETURN:
4484 /* For now the BPF_MODIFY_RETURN can only be attached to
4485 * functions that return an int.
4490 t = btf_type_skip_modifiers(btf, t->type, NULL);
4491 if (!btf_type_is_small_int(t)) {
4493 "ret type %s not allowed for fmod_ret\n",
4494 btf_kind_str[BTF_INFO_KIND(t->info)]);
4499 bpf_log(log, "func '%s' doesn't have %d-th argument\n",
4505 /* Default prog with 5 args */
4507 t = btf_type_by_id(btf, args[arg].type);
4510 /* skip modifiers */
4511 while (btf_type_is_modifier(t))
4512 t = btf_type_by_id(btf, t->type);
4513 if (btf_type_is_small_int(t) || btf_type_is_enum(t))
4514 /* accessing a scalar */
4516 if (!btf_type_is_ptr(t)) {
4518 "func '%s' arg%d '%s' has type %s. Only pointer access is allowed\n",
4520 __btf_name_by_offset(btf, t->name_off),
4521 btf_kind_str[BTF_INFO_KIND(t->info)]);
4525 /* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */
4526 for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
4527 const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
4529 if (ctx_arg_info->offset == off &&
4530 (ctx_arg_info->reg_type == PTR_TO_RDONLY_BUF_OR_NULL ||
4531 ctx_arg_info->reg_type == PTR_TO_RDWR_BUF_OR_NULL)) {
4532 info->reg_type = ctx_arg_info->reg_type;
4538 /* This is a pointer to void.
4539 * It is the same as scalar from the verifier safety pov.
4540 * No further pointer walking is allowed.
4544 if (is_string_ptr(btf, t))
4547 /* this is a pointer to another type */
4548 for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
4549 const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
4551 if (ctx_arg_info->offset == off) {
4552 info->reg_type = ctx_arg_info->reg_type;
4553 info->btf_id = ctx_arg_info->btf_id;
4558 info->reg_type = PTR_TO_BTF_ID;
4560 enum bpf_prog_type tgt_type;
4562 if (tgt_prog->type == BPF_PROG_TYPE_EXT)
4563 tgt_type = tgt_prog->aux->saved_dst_prog_type;
4565 tgt_type = tgt_prog->type;
4567 ret = btf_translate_to_vmlinux(log, btf, t, tgt_type, arg);
4576 info->btf_id = t->type;
4577 t = btf_type_by_id(btf, t->type);
4578 /* skip modifiers */
4579 while (btf_type_is_modifier(t)) {
4580 info->btf_id = t->type;
4581 t = btf_type_by_id(btf, t->type);
4583 if (!btf_type_is_struct(t)) {
4585 "func '%s' arg%d type %s is not a struct\n",
4586 tname, arg, btf_kind_str[BTF_INFO_KIND(t->info)]);
4589 bpf_log(log, "func '%s' arg%d has btf_id %d type %s '%s'\n",
4590 tname, arg, info->btf_id, btf_kind_str[BTF_INFO_KIND(t->info)],
4591 __btf_name_by_offset(btf, t->name_off));
4595 enum bpf_struct_walk_result {
4602 static int btf_struct_walk(struct bpf_verifier_log *log,
4603 const struct btf_type *t, int off, int size,
4606 u32 i, moff, mtrue_end, msize = 0, total_nelems = 0;
4607 const struct btf_type *mtype, *elem_type = NULL;
4608 const struct btf_member *member;
4609 const char *tname, *mname;
4610 u32 vlen, elem_id, mid;
4613 tname = __btf_name_by_offset(btf_vmlinux, t->name_off);
4614 if (!btf_type_is_struct(t)) {
4615 bpf_log(log, "Type '%s' is not a struct\n", tname);
4619 vlen = btf_type_vlen(t);
4620 if (off + size > t->size) {
4621 /* If the last element is a variable size array, we may
4622 * need to relax the rule.
4624 struct btf_array *array_elem;
4629 member = btf_type_member(t) + vlen - 1;
4630 mtype = btf_type_skip_modifiers(btf_vmlinux, member->type,
4632 if (!btf_type_is_array(mtype))
4635 array_elem = (struct btf_array *)(mtype + 1);
4636 if (array_elem->nelems != 0)
4639 moff = btf_member_bit_offset(t, member) / 8;
4643 /* Only allow structure for now, can be relaxed for
4644 * other types later.
4646 t = btf_type_skip_modifiers(btf_vmlinux, array_elem->type,
4648 if (!btf_type_is_struct(t))
4651 off = (off - moff) % t->size;
4655 bpf_log(log, "access beyond struct %s at off %u size %u\n",
4660 for_each_member(i, t, member) {
4661 /* offset of the field in bytes */
4662 moff = btf_member_bit_offset(t, member) / 8;
4663 if (off + size <= moff)
4664 /* won't find anything, field is already too far */
4667 if (btf_member_bitfield_size(t, member)) {
4668 u32 end_bit = btf_member_bit_offset(t, member) +
4669 btf_member_bitfield_size(t, member);
4671 /* off <= moff instead of off == moff because clang
4672 * does not generate a BTF member for anonymous
4673 * bitfield like the ":16" here:
4680 BITS_ROUNDUP_BYTES(end_bit) <= off + size)
4683 /* off may be accessing a following member
4687 * Doing partial access at either end of this
4688 * bitfield. Continue on this case also to
4689 * treat it as not accessing this bitfield
4690 * and eventually error out as field not
4691 * found to keep it simple.
4692 * It could be relaxed if there was a legit
4693 * partial access case later.
4698 /* In case of "off" is pointing to holes of a struct */
4702 /* type of the field */
4704 mtype = btf_type_by_id(btf_vmlinux, member->type);
4705 mname = __btf_name_by_offset(btf_vmlinux, member->name_off);
4707 mtype = __btf_resolve_size(btf_vmlinux, mtype, &msize,
4708 &elem_type, &elem_id, &total_nelems,
4710 if (IS_ERR(mtype)) {
4711 bpf_log(log, "field %s doesn't have size\n", mname);
4715 mtrue_end = moff + msize;
4716 if (off >= mtrue_end)
4717 /* no overlap with member, keep iterating */
4720 if (btf_type_is_array(mtype)) {
4723 /* __btf_resolve_size() above helps to
4724 * linearize a multi-dimensional array.
4726 * The logic here is treating an array
4727 * in a struct as the following way:
4730 * struct inner array[2][2];
4736 * struct inner array_elem0;
4737 * struct inner array_elem1;
4738 * struct inner array_elem2;
4739 * struct inner array_elem3;
4742 * When accessing outer->array[1][0], it moves
4743 * moff to "array_elem2", set mtype to
4744 * "struct inner", and msize also becomes
4745 * sizeof(struct inner). Then most of the
4746 * remaining logic will fall through without
4747 * caring the current member is an array or
4750 * Unlike mtype/msize/moff, mtrue_end does not
4751 * change. The naming difference ("_true") tells
4752 * that it is not always corresponding to
4753 * the current mtype/msize/moff.
4754 * It is the true end of the current
4755 * member (i.e. array in this case). That
4756 * will allow an int array to be accessed like
4758 * i.e. allow access beyond the size of
4759 * the array's element as long as it is
4760 * within the mtrue_end boundary.
4763 /* skip empty array */
4764 if (moff == mtrue_end)
4767 msize /= total_nelems;
4768 elem_idx = (off - moff) / msize;
4769 moff += elem_idx * msize;
4774 /* the 'off' we're looking for is either equal to start
4775 * of this field or inside of this struct
4777 if (btf_type_is_struct(mtype)) {
4778 /* our field must be inside that union or struct */
4781 /* return if the offset matches the member offset */
4787 /* adjust offset we're looking for */
4792 if (btf_type_is_ptr(mtype)) {
4793 const struct btf_type *stype;
4796 if (msize != size || off != moff) {
4798 "cannot access ptr member %s with moff %u in struct %s with off %u size %u\n",
4799 mname, moff, tname, off, size);
4802 stype = btf_type_skip_modifiers(btf_vmlinux, mtype->type, &id);
4803 if (btf_type_is_struct(stype)) {
4809 /* Allow more flexible access within an int as long as
4810 * it is within mtrue_end.
4811 * Since mtrue_end could be the end of an array,
4812 * that also allows using an array of int as a scratch
4813 * space. e.g. skb->cb[].
4815 if (off + size > mtrue_end) {
4817 "access beyond the end of member %s (mend:%u) in struct %s with off %u size %u\n",
4818 mname, mtrue_end, tname, off, size);
4824 bpf_log(log, "struct %s doesn't have field at offset %d\n", tname, off);
4828 int btf_struct_access(struct bpf_verifier_log *log,
4829 const struct btf_type *t, int off, int size,
4830 enum bpf_access_type atype __maybe_unused,
4837 err = btf_struct_walk(log, t, off, size, &id);
4841 /* If we found the pointer or scalar on t+off,
4845 return PTR_TO_BTF_ID;
4847 return SCALAR_VALUE;
4849 /* We found nested struct, so continue the search
4850 * by diving in it. At this point the offset is
4851 * aligned with the new type, so set it to 0.
4853 t = btf_type_by_id(btf_vmlinux, id);
4857 /* It's either error or unknown return value..
4860 if (WARN_ONCE(err > 0, "unknown btf_struct_walk return value"))
4869 bool btf_struct_ids_match(struct bpf_verifier_log *log,
4870 int off, u32 id, u32 need_type_id)
4872 const struct btf_type *type;
4875 /* Are we already done? */
4876 if (need_type_id == id && off == 0)
4880 type = btf_type_by_id(btf_vmlinux, id);
4883 err = btf_struct_walk(log, type, off, 1, &id);
4884 if (err != WALK_STRUCT)
4887 /* We found nested struct object. If it matches
4888 * the requested ID, we're done. Otherwise let's
4889 * continue the search with offset 0 in the new
4892 if (need_type_id != id) {
4900 static int __get_type_size(struct btf *btf, u32 btf_id,
4901 const struct btf_type **bad_type)
4903 const struct btf_type *t;
4908 t = btf_type_by_id(btf, btf_id);
4909 while (t && btf_type_is_modifier(t))
4910 t = btf_type_by_id(btf, t->type);
4912 *bad_type = btf->types[0];
4915 if (btf_type_is_ptr(t))
4916 /* kernel size of pointer. Not BPF's size of pointer*/
4917 return sizeof(void *);
4918 if (btf_type_is_int(t) || btf_type_is_enum(t))
4924 int btf_distill_func_proto(struct bpf_verifier_log *log,
4926 const struct btf_type *func,
4928 struct btf_func_model *m)
4930 const struct btf_param *args;
4931 const struct btf_type *t;
4936 /* BTF function prototype doesn't match the verifier types.
4937 * Fall back to 5 u64 args.
4939 for (i = 0; i < 5; i++)
4945 args = (const struct btf_param *)(func + 1);
4946 nargs = btf_type_vlen(func);
4947 if (nargs >= MAX_BPF_FUNC_ARGS) {
4949 "The function %s has %d arguments. Too many.\n",
4953 ret = __get_type_size(btf, func->type, &t);
4956 "The function %s return type %s is unsupported.\n",
4957 tname, btf_kind_str[BTF_INFO_KIND(t->info)]);
4962 for (i = 0; i < nargs; i++) {
4963 ret = __get_type_size(btf, args[i].type, &t);
4966 "The function %s arg%d type %s is unsupported.\n",
4967 tname, i, btf_kind_str[BTF_INFO_KIND(t->info)]);
4970 m->arg_size[i] = ret;
4976 /* Compare BTFs of two functions assuming only scalars and pointers to context.
4977 * t1 points to BTF_KIND_FUNC in btf1
4978 * t2 points to BTF_KIND_FUNC in btf2
4980 * EINVAL - function prototype mismatch
4981 * EFAULT - verifier bug
4982 * 0 - 99% match. The last 1% is validated by the verifier.
4984 static int btf_check_func_type_match(struct bpf_verifier_log *log,
4985 struct btf *btf1, const struct btf_type *t1,
4986 struct btf *btf2, const struct btf_type *t2)
4988 const struct btf_param *args1, *args2;
4989 const char *fn1, *fn2, *s1, *s2;
4990 u32 nargs1, nargs2, i;
4992 fn1 = btf_name_by_offset(btf1, t1->name_off);
4993 fn2 = btf_name_by_offset(btf2, t2->name_off);
4995 if (btf_func_linkage(t1) != BTF_FUNC_GLOBAL) {
4996 bpf_log(log, "%s() is not a global function\n", fn1);
4999 if (btf_func_linkage(t2) != BTF_FUNC_GLOBAL) {
5000 bpf_log(log, "%s() is not a global function\n", fn2);
5004 t1 = btf_type_by_id(btf1, t1->type);
5005 if (!t1 || !btf_type_is_func_proto(t1))
5007 t2 = btf_type_by_id(btf2, t2->type);
5008 if (!t2 || !btf_type_is_func_proto(t2))
5011 args1 = (const struct btf_param *)(t1 + 1);
5012 nargs1 = btf_type_vlen(t1);
5013 args2 = (const struct btf_param *)(t2 + 1);
5014 nargs2 = btf_type_vlen(t2);
5016 if (nargs1 != nargs2) {
5017 bpf_log(log, "%s() has %d args while %s() has %d args\n",
5018 fn1, nargs1, fn2, nargs2);
5022 t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
5023 t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
5024 if (t1->info != t2->info) {
5026 "Return type %s of %s() doesn't match type %s of %s()\n",
5027 btf_type_str(t1), fn1,
5028 btf_type_str(t2), fn2);
5032 for (i = 0; i < nargs1; i++) {
5033 t1 = btf_type_skip_modifiers(btf1, args1[i].type, NULL);
5034 t2 = btf_type_skip_modifiers(btf2, args2[i].type, NULL);
5036 if (t1->info != t2->info) {
5037 bpf_log(log, "arg%d in %s() is %s while %s() has %s\n",
5038 i, fn1, btf_type_str(t1),
5039 fn2, btf_type_str(t2));
5042 if (btf_type_has_size(t1) && t1->size != t2->size) {
5044 "arg%d in %s() has size %d while %s() has %d\n",
5050 /* global functions are validated with scalars and pointers
5051 * to context only. And only global functions can be replaced.
5052 * Hence type check only those types.
5054 if (btf_type_is_int(t1) || btf_type_is_enum(t1))
5056 if (!btf_type_is_ptr(t1)) {
5058 "arg%d in %s() has unrecognized type\n",
5062 t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
5063 t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
5064 if (!btf_type_is_struct(t1)) {
5066 "arg%d in %s() is not a pointer to context\n",
5070 if (!btf_type_is_struct(t2)) {
5072 "arg%d in %s() is not a pointer to context\n",
5076 /* This is an optional check to make program writing easier.
5077 * Compare names of structs and report an error to the user.
5078 * btf_prepare_func_args() already checked that t2 struct
5079 * is a context type. btf_prepare_func_args() will check
5080 * later that t1 struct is a context type as well.
5082 s1 = btf_name_by_offset(btf1, t1->name_off);
5083 s2 = btf_name_by_offset(btf2, t2->name_off);
5084 if (strcmp(s1, s2)) {
5086 "arg%d %s(struct %s *) doesn't match %s(struct %s *)\n",
5087 i, fn1, s1, fn2, s2);
5094 /* Compare BTFs of given program with BTF of target program */
5095 int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *prog,
5096 struct btf *btf2, const struct btf_type *t2)
5098 struct btf *btf1 = prog->aux->btf;
5099 const struct btf_type *t1;
5102 if (!prog->aux->func_info) {
5103 bpf_log(log, "Program extension requires BTF\n");
5107 btf_id = prog->aux->func_info[0].type_id;
5111 t1 = btf_type_by_id(btf1, btf_id);
5112 if (!t1 || !btf_type_is_func(t1))
5115 return btf_check_func_type_match(log, btf1, t1, btf2, t2);
5118 /* Compare BTF of a function with given bpf_reg_state.
5120 * EFAULT - there is a verifier bug. Abort verification.
5121 * EINVAL - there is a type mismatch or BTF is not available.
5122 * 0 - BTF matches with what bpf_reg_state expects.
5123 * Only PTR_TO_CTX and SCALAR_VALUE states are recognized.
5125 int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog,
5126 struct bpf_reg_state *reg)
5128 struct bpf_verifier_log *log = &env->log;
5129 struct bpf_prog *prog = env->prog;
5130 struct btf *btf = prog->aux->btf;
5131 const struct btf_param *args;
5132 const struct btf_type *t;
5133 u32 i, nargs, btf_id;
5136 if (!prog->aux->func_info)
5139 btf_id = prog->aux->func_info[subprog].type_id;
5143 if (prog->aux->func_info_aux[subprog].unreliable)
5146 t = btf_type_by_id(btf, btf_id);
5147 if (!t || !btf_type_is_func(t)) {
5148 /* These checks were already done by the verifier while loading
5149 * struct bpf_func_info
5151 bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n",
5155 tname = btf_name_by_offset(btf, t->name_off);
5157 t = btf_type_by_id(btf, t->type);
5158 if (!t || !btf_type_is_func_proto(t)) {
5159 bpf_log(log, "Invalid BTF of func %s\n", tname);
5162 args = (const struct btf_param *)(t + 1);
5163 nargs = btf_type_vlen(t);
5165 bpf_log(log, "Function %s has %d > 5 args\n", tname, nargs);
5168 /* check that BTF function arguments match actual types that the
5171 for (i = 0; i < nargs; i++) {
5172 t = btf_type_by_id(btf, args[i].type);
5173 while (btf_type_is_modifier(t))
5174 t = btf_type_by_id(btf, t->type);
5175 if (btf_type_is_int(t) || btf_type_is_enum(t)) {
5176 if (reg[i + 1].type == SCALAR_VALUE)
5178 bpf_log(log, "R%d is not a scalar\n", i + 1);
5181 if (btf_type_is_ptr(t)) {
5182 if (reg[i + 1].type == SCALAR_VALUE) {
5183 bpf_log(log, "R%d is not a pointer\n", i + 1);
5186 /* If function expects ctx type in BTF check that caller
5187 * is passing PTR_TO_CTX.
5189 if (btf_get_prog_ctx_type(log, btf, t, prog->type, i)) {
5190 if (reg[i + 1].type != PTR_TO_CTX) {
5192 "arg#%d expected pointer to ctx, but got %s\n",
5193 i, btf_kind_str[BTF_INFO_KIND(t->info)]);
5196 if (check_ctx_reg(env, ®[i + 1], i + 1))
5201 bpf_log(log, "Unrecognized arg#%d type %s\n",
5202 i, btf_kind_str[BTF_INFO_KIND(t->info)]);
5207 /* Compiler optimizations can remove arguments from static functions
5208 * or mismatched type can be passed into a global function.
5209 * In such cases mark the function as unreliable from BTF point of view.
5211 prog->aux->func_info_aux[subprog].unreliable = true;
5215 /* Convert BTF of a function into bpf_reg_state if possible
5217 * EFAULT - there is a verifier bug. Abort verification.
5218 * EINVAL - cannot convert BTF.
5219 * 0 - Successfully converted BTF into bpf_reg_state
5220 * (either PTR_TO_CTX or SCALAR_VALUE).
5222 int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog,
5223 struct bpf_reg_state *reg)
5225 struct bpf_verifier_log *log = &env->log;
5226 struct bpf_prog *prog = env->prog;
5227 enum bpf_prog_type prog_type = prog->type;
5228 struct btf *btf = prog->aux->btf;
5229 const struct btf_param *args;
5230 const struct btf_type *t;
5231 u32 i, nargs, btf_id;
5234 if (!prog->aux->func_info ||
5235 prog->aux->func_info_aux[subprog].linkage != BTF_FUNC_GLOBAL) {
5236 bpf_log(log, "Verifier bug\n");
5240 btf_id = prog->aux->func_info[subprog].type_id;
5242 bpf_log(log, "Global functions need valid BTF\n");
5246 t = btf_type_by_id(btf, btf_id);
5247 if (!t || !btf_type_is_func(t)) {
5248 /* These checks were already done by the verifier while loading
5249 * struct bpf_func_info
5251 bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n",
5255 tname = btf_name_by_offset(btf, t->name_off);
5257 if (log->level & BPF_LOG_LEVEL)
5258 bpf_log(log, "Validating %s() func#%d...\n",
5261 if (prog->aux->func_info_aux[subprog].unreliable) {
5262 bpf_log(log, "Verifier bug in function %s()\n", tname);
5265 if (prog_type == BPF_PROG_TYPE_EXT)
5266 prog_type = prog->aux->dst_prog->type;
5268 t = btf_type_by_id(btf, t->type);
5269 if (!t || !btf_type_is_func_proto(t)) {
5270 bpf_log(log, "Invalid type of function %s()\n", tname);
5273 args = (const struct btf_param *)(t + 1);
5274 nargs = btf_type_vlen(t);
5276 bpf_log(log, "Global function %s() with %d > 5 args. Buggy compiler.\n",
5280 /* check that function returns int */
5281 t = btf_type_by_id(btf, t->type);
5282 while (btf_type_is_modifier(t))
5283 t = btf_type_by_id(btf, t->type);
5284 if (!btf_type_is_int(t) && !btf_type_is_enum(t)) {
5286 "Global function %s() doesn't return scalar. Only those are supported.\n",
5290 /* Convert BTF function arguments into verifier types.
5291 * Only PTR_TO_CTX and SCALAR are supported atm.
5293 for (i = 0; i < nargs; i++) {
5294 t = btf_type_by_id(btf, args[i].type);
5295 while (btf_type_is_modifier(t))
5296 t = btf_type_by_id(btf, t->type);
5297 if (btf_type_is_int(t) || btf_type_is_enum(t)) {
5298 reg[i + 1].type = SCALAR_VALUE;
5301 if (btf_type_is_ptr(t) &&
5302 btf_get_prog_ctx_type(log, btf, t, prog_type, i)) {
5303 reg[i + 1].type = PTR_TO_CTX;
5306 bpf_log(log, "Arg#%d type %s in %s() is not supported yet.\n",
5307 i, btf_kind_str[BTF_INFO_KIND(t->info)], tname);
5313 static void btf_type_show(const struct btf *btf, u32 type_id, void *obj,
5314 struct btf_show *show)
5316 const struct btf_type *t = btf_type_by_id(btf, type_id);
5319 memset(&show->state, 0, sizeof(show->state));
5320 memset(&show->obj, 0, sizeof(show->obj));
5322 btf_type_ops(t)->show(btf, t, type_id, obj, 0, show);
5325 static void btf_seq_show(struct btf_show *show, const char *fmt,
5328 seq_vprintf((struct seq_file *)show->target, fmt, args);
5331 int btf_type_seq_show_flags(const struct btf *btf, u32 type_id,
5332 void *obj, struct seq_file *m, u64 flags)
5334 struct btf_show sseq;
5337 sseq.showfn = btf_seq_show;
5340 btf_type_show(btf, type_id, obj, &sseq);
5342 return sseq.state.status;
5345 void btf_type_seq_show(const struct btf *btf, u32 type_id, void *obj,
5348 (void) btf_type_seq_show_flags(btf, type_id, obj, m,
5349 BTF_SHOW_NONAME | BTF_SHOW_COMPACT |
5350 BTF_SHOW_ZERO | BTF_SHOW_UNSAFE);
5353 struct btf_show_snprintf {
5354 struct btf_show show;
5355 int len_left; /* space left in string */
5356 int len; /* length we would have written */
5359 static void btf_snprintf_show(struct btf_show *show, const char *fmt,
5362 struct btf_show_snprintf *ssnprintf = (struct btf_show_snprintf *)show;
5365 len = vsnprintf(show->target, ssnprintf->len_left, fmt, args);
5368 ssnprintf->len_left = 0;
5369 ssnprintf->len = len;
5370 } else if (len > ssnprintf->len_left) {
5371 /* no space, drive on to get length we would have written */
5372 ssnprintf->len_left = 0;
5373 ssnprintf->len += len;
5375 ssnprintf->len_left -= len;
5376 ssnprintf->len += len;
5377 show->target += len;
5381 int btf_type_snprintf_show(const struct btf *btf, u32 type_id, void *obj,
5382 char *buf, int len, u64 flags)
5384 struct btf_show_snprintf ssnprintf;
5386 ssnprintf.show.target = buf;
5387 ssnprintf.show.flags = flags;
5388 ssnprintf.show.showfn = btf_snprintf_show;
5389 ssnprintf.len_left = len;
5392 btf_type_show(btf, type_id, obj, (struct btf_show *)&ssnprintf);
5394 /* If we encontered an error, return it. */
5395 if (ssnprintf.show.state.status)
5396 return ssnprintf.show.state.status;
5398 /* Otherwise return length we would have written */
5399 return ssnprintf.len;
5402 #ifdef CONFIG_PROC_FS
5403 static void bpf_btf_show_fdinfo(struct seq_file *m, struct file *filp)
5405 const struct btf *btf = filp->private_data;
5407 seq_printf(m, "btf_id:\t%u\n", btf->id);
5411 static int btf_release(struct inode *inode, struct file *filp)
5413 btf_put(filp->private_data);
5417 const struct file_operations btf_fops = {
5418 #ifdef CONFIG_PROC_FS
5419 .show_fdinfo = bpf_btf_show_fdinfo,
5421 .release = btf_release,
5424 static int __btf_new_fd(struct btf *btf)
5426 return anon_inode_getfd("btf", &btf_fops, btf, O_RDONLY | O_CLOEXEC);
5429 int btf_new_fd(const union bpf_attr *attr)
5434 btf = btf_parse(u64_to_user_ptr(attr->btf),
5435 attr->btf_size, attr->btf_log_level,
5436 u64_to_user_ptr(attr->btf_log_buf),
5437 attr->btf_log_size);
5439 return PTR_ERR(btf);
5441 ret = btf_alloc_id(btf);
5448 * The BTF ID is published to the userspace.
5449 * All BTF free must go through call_rcu() from
5450 * now on (i.e. free by calling btf_put()).
5453 ret = __btf_new_fd(btf);
5460 struct btf *btf_get_by_fd(int fd)
5468 return ERR_PTR(-EBADF);
5470 if (f.file->f_op != &btf_fops) {
5472 return ERR_PTR(-EINVAL);
5475 btf = f.file->private_data;
5476 refcount_inc(&btf->refcnt);
5482 int btf_get_info_by_fd(const struct btf *btf,
5483 const union bpf_attr *attr,
5484 union bpf_attr __user *uattr)
5486 struct bpf_btf_info __user *uinfo;
5487 struct bpf_btf_info info;
5488 u32 info_copy, btf_copy;
5492 uinfo = u64_to_user_ptr(attr->info.info);
5493 uinfo_len = attr->info.info_len;
5495 info_copy = min_t(u32, uinfo_len, sizeof(info));
5496 memset(&info, 0, sizeof(info));
5497 if (copy_from_user(&info, uinfo, info_copy))
5501 ubtf = u64_to_user_ptr(info.btf);
5502 btf_copy = min_t(u32, btf->data_size, info.btf_size);
5503 if (copy_to_user(ubtf, btf->data, btf_copy))
5505 info.btf_size = btf->data_size;
5507 if (copy_to_user(uinfo, &info, info_copy) ||
5508 put_user(info_copy, &uattr->info.info_len))
5514 int btf_get_fd_by_id(u32 id)
5520 btf = idr_find(&btf_idr, id);
5521 if (!btf || !refcount_inc_not_zero(&btf->refcnt))
5522 btf = ERR_PTR(-ENOENT);
5526 return PTR_ERR(btf);
5528 fd = __btf_new_fd(btf);
5535 u32 btf_id(const struct btf *btf)
5540 static int btf_id_cmp_func(const void *a, const void *b)
5542 const int *pa = a, *pb = b;
5547 bool btf_id_set_contains(const struct btf_id_set *set, u32 id)
5549 return bsearch(&id, set->ids, set->cnt, sizeof(u32), btf_id_cmp_func) != NULL;