bpf_check

Name:bpf_check

Proto:int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, union bpf_attr __user *uattr)

Type:int

Parameter:

Type	Parameter	Name
struct bpf_prog **	prog
union bpf_attr *	attr
union bpf_attr __user *	uattr

9677

start_time = ktime_get_ns()

9680

ret = -EINVAL

9684

If ARRAY_SIZE - get the number of elements in array @arr*@arr: array to be sized(bpf_verifier_ops) == 0 Then Return -EINVAL

9690

env = kzalloc - allocate memory. The memory is set to zero.*@size: how many bytes of memory are required.*@flags: the type of memory to allocate (see kmalloc).

9691

If Not env Then Return -ENOMEM

9693

log = log

9695

len = Number of filter blocks

9696

array of per-insn state = vzalloc(array_size() - Calculate size of 2-dimensional array.*@a: dimension one*@b: dimension two* Calculates size of 2-dimensional array: @a *@b.* Returns: number of bytes needed to represent the array or SIZE_MAX on* overflow.)

9698

ret = -ENOMEM

9699

If Not array of per-insn state Then Go to err_free_env

9701

When i < len cycle original instruction index = i

9703

BPF program being verified = prog

9704

ops = bpf_verifier_ops[ Type of BPF program ]

9705

is_priv = Check operation authority

9707

If Not btf_vmlinux && IS_ENABLED(CONFIG_FOO) evaluates to 1 if CONFIG_FOO is set to 'y' or 'm',* 0 otherwise.(CONFIG_DEBUG_INFO_BTF) Then

9708

mutex_lock( & bpf_verifier_lock)

9709

If Not btf_vmlinux Then btf_vmlinux = btf_parse_vmlinux()

9711

mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.

9715

If Not is_priv Then mutex_lock( & bpf_verifier_lock)

9718

If verbosity level of verifier || log_buf || size of user buffer Then

9722

level = verbosity level of verifier

9723

ubuf = log_buf

9724

len_total = size of user buffer

9726

ret = -EINVAL

9728

If len_total < 128 || len_total > UINT_MAX >> 2 || Not level || Not ubuf || level & ~BPF_LOG_MASK Then Go to err_unlock

9733

If IS_ERR(btf_vmlinux) Then

9735

verbose(env, "in-kernel BTF is malformed\n")

9736

ret = PTR_ERR(btf_vmlinux)

9737

Go to skip_full_check

9740

ret = check_attach_btf_id(env)

9741

If ret Then Go to skip_full_check

9744

perform strict pointer alignment checks = Not Not (prog_flags & If BPF_F_STRICT_ALIGNMENT is used in BPF_PROG_LOAD command, the* verifier will perform strict alignment checking as if the kernel* has been built with CONFIG_EFFICIENT_UNALIGNED_ACCESS not set,* and NET_IP_ALIGN defined to 2.)

9745

If Not IS_ENABLED(CONFIG_FOO) evaluates to 1 if CONFIG_FOO is set to 'y' or 'm',* 0 otherwise.(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) Then perform strict pointer alignment checks = true

9747

If prog_flags & If BPF_F_ANY_ALIGNMENT is used in BPF_PROF_LOAD command, the* verifier will allow any alignment whatsoever. On platforms* with strict alignment requirements for loads ands stores (such* as sparc and mips) the verifier validates that all loads and Then perform strict pointer alignment checks = false

9750

allow_ptr_leaks = is_priv

9752

If is_priv Then st verifier with different pruning frequency = prog_flags & The verifier internal test flag. Behavior is undefined

9755

ret = look for pseudo eBPF instructions that access map FDs and* replace them with actual map pointers

9756

If ret < 0 Then Go to skip_full_check

9759

If bpf_prog_is_dev_bound( Auxiliary fields ) Then

9760

ret = bpf_prog_offload_verifier_prep(BPF program being verified )

9761

If ret Then Go to skip_full_check

9765

search pruning optimization = kvcalloc(state_htab_size(env), size of * , GFP_USER)

9768

ret = -ENOMEM

9769

If Not search pruning optimization Then Go to skip_full_check

9772

ret = check_subprogs(env)

9773

If ret < 0 Then Go to skip_full_check

9776

ret = check_btf_info(env, attr, uattr)

9777

If ret < 0 Then Go to skip_full_check

9780

ret = -recursive depth-first-search to detect loops in BPF program* loop == back-edge in directed graph

9781

If ret < 0 Then Go to skip_full_check

9784

ret = do_check(env)

9785

If current verifier state Then

9786

free_verifier_state(current verifier state , true)

9787

current verifier state = NULL

9790

If ret == 0 && bpf_prog_is_dev_bound( Auxiliary fields ) Then ret = bpf_prog_offload_finalize(env)

9793

skip_full_check :

9794

When Not pop_stack(env, NULL, NULL) cycle

9795

free_states(env)

9797

If ret == 0 Then ret = starting from main bpf function walk all instructions of the function* and recursively walk all callees that given function can call

9801

If is_priv Then

9802

If ret == 0 Then opt_hard_wire_dead_code_branches(env)

9804

If ret == 0 Then ret = opt_remove_dead_code(env)

9806

If ret == 0 Then ret = opt_remove_nops(env)

9808

Else

9809

If ret == 0 Then The verifier does more data flow analysis than llvm and will not* explore branches that are dead at run time. Malicious programs can* have dead code too. Therefore replace all dead at-run-time code* with 'ja -1'.* Just nops are not optimal, e

9813

If ret == 0 Then ret = vert load instructions that access fields of a context type into a* sequence of instructions that access fields of the underlying structure:* struct __sk_buff -> struct sk_buff* struct bpf_sock_ops -> struct sock

9817

If ret == 0 Then ret = xup insn->imm field of bpf_call instructions* and inline eligible helpers as explicit sequence of BPF instructions* this function is called after eBPF program passed verification

9823

If ret == 0 && Not bpf_prog_is_dev_bound( Auxiliary fields ) Then

9824

ret = opt_subreg_zext_lo32_rnd_hi32(env, attr)

9825

Zero extensions has been inserted by verifier. = Return TRUE if the JIT backend wants verifier to enable sub-register usage* analysis code and wants explicit zero extension inserted by verifier.* Otherwise, return FALSE. ? !ret : false

9829

If ret == 0 Then ret = fixup_call_args(env)

9832

al verification time = ktime_get_ns() - start_time

9833

print_verification_stats(env)

9835

If level && bpf_verifier_log_full(log) Then ret = -ENOSPC

9837

If level && Not ubuf Then

9838

ret = -EFAULT

9839

Go to err_release_maps

9842

If ret == 0 && umber of used maps Then

9844

used_maps = kmalloc_array - allocate memory for an array.*@n: number of elements.*@size: element size.*@flags: the type of memory to allocate (see kmalloc).

9848

If Not used_maps Then

9849

ret = -ENOMEM

9850

Go to err_release_maps

9853

No 3D Now!(used_maps, array of map's used by eBPF program , size of array of map's used by eBPF program [0] * umber of used maps )

9855

used_map_cnt = umber of used maps

9860

vert pseudo BPF_LD_IMM64 into generic BPF_LD_IMM64

9863

If ret == 0 Then adjust_btf_func(env)

9866

err_release_maps :

9867

If Not used_maps Then drop refcnt of maps used by the rejected program

9872

prog = BPF program being verified

9873

err_unlock :

9874

If Not is_priv Then mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.

9876

vfree(array of per-insn state )

9877

err_free_env :

9878

kfree(env)

9879

Return ret

**Caller**
Name	Describe
bpf_prog_load

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion

Function report