1 /* SPDX-License-Identifier: GPL-2.0 */
2 /* Copyright (c) 2018 Facebook */
4 #include <uapi/linux/btf.h>
5 #include <uapi/linux/types.h>
6 #include <linux/compiler.h>
7 #include <linux/errno.h>
8 #include <linux/slab.h>
9 #include <linux/uaccess.h>
10 #include <linux/kernel.h>
11 #include <linux/bpf_verifier.h>
12 #include <linux/btf.h>
14 /* BTF (BPF Type Format) is the meta data format which describes
15 * the data types of BPF program/map. Hence, it basically focus
16 * on the C programming language which the modern BPF is primary
21 * The BTF data is stored under the ".BTF" ELF section
25 * Each 'struct btf_type' object describes a C data type.
26 * Depending on the type it is describing, a 'struct btf_type'
27 * object may be followed by more data. F.e.
28 * To describe an array, 'struct btf_type' is followed by
31 * 'struct btf_type' and any extra data following it are
36 * The BTF type section contains a list of 'struct btf_type' objects.
37 * Each one describes a C type. Recall from the above section
38 * that a 'struct btf_type' object could be immediately followed by extra
39 * data in order to desribe some particular C types.
43 * Each btf_type object is identified by a type_id. The type_id
44 * is implicitly implied by the location of the btf_type object in
45 * the BTF type section. The first one has type_id 1. The second
46 * one has type_id 2...etc. Hence, an earlier btf_type has
49 * A btf_type object may refer to another btf_type object by using
50 * type_id (i.e. the "type" in the "struct btf_type").
52 * NOTE that we cannot assume any reference-order.
53 * A btf_type object can refer to an earlier btf_type object
54 * but it can also refer to a later btf_type object.
56 * For example, to describe "const void *". A btf_type
57 * object describing "const" may refer to another btf_type
58 * object describing "void *". This type-reference is done
59 * by specifying type_id:
61 * [1] CONST (anon) type_id=2
62 * [2] PTR (anon) type_id=0
64 * The above is the btf_verifier debug log:
65 * - Each line started with "[?]" is a btf_type object
66 * - [?] is the type_id of the btf_type object.
67 * - CONST/PTR is the BTF_KIND_XXX
68 * - "(anon)" is the name of the type. It just
69 * happens that CONST and PTR has no name.
70 * - type_id=XXX is the 'u32 type' in btf_type
72 * NOTE: "void" has type_id 0
76 * The BTF string section contains the names used by the type section.
77 * Each string is referred by an "offset" from the beginning of the
80 * Each string is '\0' terminated.
82 * The first character in the string section must be '\0'
83 * which is used to mean 'anonymous'. Some btf_type may not
89 * To verify BTF data, two passes are needed.
93 * The first pass is to collect all btf_type objects to
94 * an array: "btf->types".
96 * Depending on the C type that a btf_type is describing,
97 * a btf_type may be followed by extra data. We don't know
98 * how many btf_type is there, and more importantly we don't
99 * know where each btf_type is located in the type section.
101 * Without knowing the location of each type_id, most verifications
102 * cannot be done. e.g. an earlier btf_type may refer to a later
103 * btf_type (recall the "const void *" above), so we cannot
104 * check this type-reference in the first pass.
106 * In the first pass, it still does some verifications (e.g.
107 * checking the name is a valid offset to the string section).
110 #define BITS_PER_U64 (sizeof(u64) * BITS_PER_BYTE)
111 #define BITS_PER_BYTE_MASK (BITS_PER_BYTE - 1)
112 #define BITS_PER_BYTE_MASKED(bits) ((bits) & BITS_PER_BYTE_MASK)
113 #define BITS_ROUNDDOWN_BYTES(bits) ((bits) >> 3)
114 #define BITS_ROUNDUP_BYTES(bits) \
115 (BITS_ROUNDDOWN_BYTES(bits) + !!BITS_PER_BYTE_MASKED(bits))
117 /* 16MB for 64k structs and each has 16 members and
118 * a few MB spaces for the string section.
119 * The hard limit is S32_MAX.
121 #define BTF_MAX_SIZE (16 * 1024 * 1024)
122 /* 64k. We can raise it later. The hard limit is S32_MAX. */
123 #define BTF_MAX_NR_TYPES 65535
125 #define for_each_member(i, struct_type, member) \
126 for (i = 0, member = btf_type_member(struct_type); \
127 i < btf_type_vlen(struct_type); \
132 struct btf_header *hdr;
135 struct btf_type **types;
143 struct btf_verifier_env {
145 struct bpf_verifier_log log;
149 static const char * const btf_kind_str[NR_BTF_KINDS] = {
150 [BTF_KIND_UNKN] = "UNKNOWN",
151 [BTF_KIND_INT] = "INT",
152 [BTF_KIND_PTR] = "PTR",
153 [BTF_KIND_ARRAY] = "ARRAY",
154 [BTF_KIND_STRUCT] = "STRUCT",
155 [BTF_KIND_UNION] = "UNION",
156 [BTF_KIND_ENUM] = "ENUM",
157 [BTF_KIND_FWD] = "FWD",
158 [BTF_KIND_TYPEDEF] = "TYPEDEF",
159 [BTF_KIND_VOLATILE] = "VOLATILE",
160 [BTF_KIND_CONST] = "CONST",
161 [BTF_KIND_RESTRICT] = "RESTRICT",
164 struct btf_kind_operations {
165 s32 (*check_meta)(struct btf_verifier_env *env,
166 const struct btf_type *t,
168 void (*log_details)(struct btf_verifier_env *env,
169 const struct btf_type *t);
172 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS];
173 static struct btf_type btf_void;
175 static const char *btf_int_encoding_str(u8 encoding)
179 else if (encoding == BTF_INT_SIGNED)
181 else if (encoding == BTF_INT_CHAR)
183 else if (encoding == BTF_INT_BOOL)
185 else if (encoding == BTF_INT_VARARGS)
191 static u16 btf_type_vlen(const struct btf_type *t)
193 return BTF_INFO_VLEN(t->info);
196 static u32 btf_type_int(const struct btf_type *t)
198 return *(u32 *)(t + 1);
201 static const struct btf_array *btf_type_array(const struct btf_type *t)
203 return (const struct btf_array *)(t + 1);
206 static const struct btf_member *btf_type_member(const struct btf_type *t)
208 return (const struct btf_member *)(t + 1);
211 static const struct btf_enum *btf_type_enum(const struct btf_type *t)
213 return (const struct btf_enum *)(t + 1);
216 static const struct btf_kind_operations *btf_type_ops(const struct btf_type *t)
218 return kind_ops[BTF_INFO_KIND(t->info)];
221 static bool btf_name_offset_valid(const struct btf *btf, u32 offset)
223 return !BTF_STR_TBL_ELF_ID(offset) &&
224 BTF_STR_OFFSET(offset) < btf->hdr->str_len;
227 static const char *btf_name_by_offset(const struct btf *btf, u32 offset)
229 if (!BTF_STR_OFFSET(offset))
231 else if (BTF_STR_OFFSET(offset) < btf->hdr->str_len)
232 return &btf->strings[BTF_STR_OFFSET(offset)];
234 return "(invalid-name-offset)";
237 __printf(2, 3) static void __btf_verifier_log(struct bpf_verifier_log *log,
238 const char *fmt, ...)
243 bpf_verifier_vlog(log, fmt, args);
247 __printf(2, 3) static void btf_verifier_log(struct btf_verifier_env *env,
248 const char *fmt, ...)
250 struct bpf_verifier_log *log = &env->log;
253 if (!bpf_verifier_log_needed(log))
257 bpf_verifier_vlog(log, fmt, args);
261 __printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,
262 const struct btf_type *t,
264 const char *fmt, ...)
266 struct bpf_verifier_log *log = &env->log;
267 u8 kind = BTF_INFO_KIND(t->info);
268 struct btf *btf = env->btf;
271 if (!bpf_verifier_log_needed(log))
274 __btf_verifier_log(log, "[%u] %s %s%s",
277 btf_name_by_offset(btf, t->name),
278 log_details ? " " : "");
281 btf_type_ops(t)->log_details(env, t);
284 __btf_verifier_log(log, " ");
286 bpf_verifier_vlog(log, fmt, args);
290 __btf_verifier_log(log, "\n");
293 #define btf_verifier_log_type(env, t, ...) \
294 __btf_verifier_log_type((env), (t), true, __VA_ARGS__)
295 #define btf_verifier_log_basic(env, t, ...) \
296 __btf_verifier_log_type((env), (t), false, __VA_ARGS__)
299 static void btf_verifier_log_member(struct btf_verifier_env *env,
300 const struct btf_type *struct_type,
301 const struct btf_member *member,
302 const char *fmt, ...)
304 struct bpf_verifier_log *log = &env->log;
305 struct btf *btf = env->btf;
308 if (!bpf_verifier_log_needed(log))
311 __btf_verifier_log(log, "\t%s type_id=%u bits_offset=%u",
312 btf_name_by_offset(btf, member->name),
313 member->type, member->offset);
316 __btf_verifier_log(log, " ");
318 bpf_verifier_vlog(log, fmt, args);
322 __btf_verifier_log(log, "\n");
325 static void btf_verifier_log_hdr(struct btf_verifier_env *env)
327 struct bpf_verifier_log *log = &env->log;
328 const struct btf *btf = env->btf;
329 const struct btf_header *hdr;
331 if (!bpf_verifier_log_needed(log))
335 __btf_verifier_log(log, "magic: 0x%x\n", hdr->magic);
336 __btf_verifier_log(log, "version: %u\n", hdr->version);
337 __btf_verifier_log(log, "flags: 0x%x\n", hdr->flags);
338 __btf_verifier_log(log, "parent_label: %u\n", hdr->parent_label);
339 __btf_verifier_log(log, "parent_name: %u\n", hdr->parent_name);
340 __btf_verifier_log(log, "label_off: %u\n", hdr->label_off);
341 __btf_verifier_log(log, "object_off: %u\n", hdr->object_off);
342 __btf_verifier_log(log, "func_off: %u\n", hdr->func_off);
343 __btf_verifier_log(log, "type_off: %u\n", hdr->type_off);
344 __btf_verifier_log(log, "str_off: %u\n", hdr->str_off);
345 __btf_verifier_log(log, "str_len: %u\n", hdr->str_len);
346 __btf_verifier_log(log, "btf_total_size: %u\n", btf->data_size);
349 static int btf_add_type(struct btf_verifier_env *env, struct btf_type *t)
351 struct btf *btf = env->btf;
353 /* < 2 because +1 for btf_void which is always in btf->types[0].
354 * btf_void is not accounted in btf->nr_types because btf_void
355 * does not come from the BTF file.
357 if (btf->types_size - btf->nr_types < 2) {
358 /* Expand 'types' array */
360 struct btf_type **new_types;
361 u32 expand_by, new_size;
363 if (btf->types_size == BTF_MAX_NR_TYPES) {
364 btf_verifier_log(env, "Exceeded max num of types");
368 expand_by = max_t(u32, btf->types_size >> 2, 16);
369 new_size = min_t(u32, BTF_MAX_NR_TYPES,
370 btf->types_size + expand_by);
372 new_types = kvzalloc(new_size * sizeof(*new_types),
373 GFP_KERNEL | __GFP_NOWARN);
377 if (btf->nr_types == 0)
378 new_types[0] = &btf_void;
380 memcpy(new_types, btf->types,
381 sizeof(*btf->types) * (btf->nr_types + 1));
384 btf->types = new_types;
385 btf->types_size = new_size;
388 btf->types[++(btf->nr_types)] = t;
393 static void btf_free(struct btf *btf)
400 static void btf_verifier_env_free(struct btf_verifier_env *env)
405 static s32 btf_int_check_meta(struct btf_verifier_env *env,
406 const struct btf_type *t,
409 u32 int_data, nr_bits, meta_needed = sizeof(int_data);
412 if (meta_left < meta_needed) {
413 btf_verifier_log_basic(env, t,
414 "meta_left:%u meta_needed:%u",
415 meta_left, meta_needed);
419 if (btf_type_vlen(t)) {
420 btf_verifier_log_type(env, t, "vlen != 0");
424 int_data = btf_type_int(t);
425 nr_bits = BTF_INT_BITS(int_data) + BTF_INT_OFFSET(int_data);
427 if (nr_bits > BITS_PER_U64) {
428 btf_verifier_log_type(env, t, "nr_bits exceeds %zu",
433 if (BITS_ROUNDUP_BYTES(nr_bits) > t->size) {
434 btf_verifier_log_type(env, t, "nr_bits exceeds type_size");
438 encoding = BTF_INT_ENCODING(int_data);
440 encoding != BTF_INT_SIGNED &&
441 encoding != BTF_INT_CHAR &&
442 encoding != BTF_INT_BOOL &&
443 encoding != BTF_INT_VARARGS) {
444 btf_verifier_log_type(env, t, "Unsupported encoding");
448 btf_verifier_log_type(env, t, NULL);
453 static void btf_int_log(struct btf_verifier_env *env,
454 const struct btf_type *t)
456 int int_data = btf_type_int(t);
458 btf_verifier_log(env,
459 "size=%u bits_offset=%u nr_bits=%u encoding=%s",
460 t->size, BTF_INT_OFFSET(int_data),
461 BTF_INT_BITS(int_data),
462 btf_int_encoding_str(BTF_INT_ENCODING(int_data)));
465 static const struct btf_kind_operations int_ops = {
466 .check_meta = btf_int_check_meta,
467 .log_details = btf_int_log,
470 static int btf_ref_type_check_meta(struct btf_verifier_env *env,
471 const struct btf_type *t,
474 if (btf_type_vlen(t)) {
475 btf_verifier_log_type(env, t, "vlen != 0");
479 if (BTF_TYPE_PARENT(t->type)) {
480 btf_verifier_log_type(env, t, "Invalid type_id");
484 btf_verifier_log_type(env, t, NULL);
489 static void btf_ref_type_log(struct btf_verifier_env *env,
490 const struct btf_type *t)
492 btf_verifier_log(env, "type_id=%u", t->type);
495 static struct btf_kind_operations modifier_ops = {
496 .check_meta = btf_ref_type_check_meta,
497 .log_details = btf_ref_type_log,
500 static struct btf_kind_operations ptr_ops = {
501 .check_meta = btf_ref_type_check_meta,
502 .log_details = btf_ref_type_log,
505 static struct btf_kind_operations fwd_ops = {
506 .check_meta = btf_ref_type_check_meta,
507 .log_details = btf_ref_type_log,
510 static s32 btf_array_check_meta(struct btf_verifier_env *env,
511 const struct btf_type *t,
514 const struct btf_array *array = btf_type_array(t);
515 u32 meta_needed = sizeof(*array);
517 if (meta_left < meta_needed) {
518 btf_verifier_log_basic(env, t,
519 "meta_left:%u meta_needed:%u",
520 meta_left, meta_needed);
524 if (btf_type_vlen(t)) {
525 btf_verifier_log_type(env, t, "vlen != 0");
529 /* We are a little forgiving on array->index_type since
530 * the kernel is not using it.
532 /* Array elem cannot be in type void,
533 * so !array->type is not allowed.
535 if (!array->type || BTF_TYPE_PARENT(array->type)) {
536 btf_verifier_log_type(env, t, "Invalid type_id");
540 btf_verifier_log_type(env, t, NULL);
545 static void btf_array_log(struct btf_verifier_env *env,
546 const struct btf_type *t)
548 const struct btf_array *array = btf_type_array(t);
550 btf_verifier_log(env, "type_id=%u index_type_id=%u nr_elems=%u",
551 array->type, array->index_type, array->nelems);
554 static struct btf_kind_operations array_ops = {
555 .check_meta = btf_array_check_meta,
556 .log_details = btf_array_log,
559 static s32 btf_struct_check_meta(struct btf_verifier_env *env,
560 const struct btf_type *t,
563 bool is_union = BTF_INFO_KIND(t->info) == BTF_KIND_UNION;
564 const struct btf_member *member;
565 struct btf *btf = env->btf;
566 u32 struct_size = t->size;
570 meta_needed = btf_type_vlen(t) * sizeof(*member);
571 if (meta_left < meta_needed) {
572 btf_verifier_log_basic(env, t,
573 "meta_left:%u meta_needed:%u",
574 meta_left, meta_needed);
578 btf_verifier_log_type(env, t, NULL);
580 for_each_member(i, t, member) {
581 if (!btf_name_offset_valid(btf, member->name)) {
582 btf_verifier_log_member(env, t, member,
583 "Invalid member name_offset:%u",
588 /* A member cannot be in type void */
589 if (!member->type || BTF_TYPE_PARENT(member->type)) {
590 btf_verifier_log_member(env, t, member,
595 if (is_union && member->offset) {
596 btf_verifier_log_member(env, t, member,
597 "Invalid member bits_offset");
601 if (BITS_ROUNDUP_BYTES(member->offset) > struct_size) {
602 btf_verifier_log_member(env, t, member,
603 "Memmber bits_offset exceeds its struct size");
607 btf_verifier_log_member(env, t, member, NULL);
613 static void btf_struct_log(struct btf_verifier_env *env,
614 const struct btf_type *t)
616 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
619 static struct btf_kind_operations struct_ops = {
620 .check_meta = btf_struct_check_meta,
621 .log_details = btf_struct_log,
624 static s32 btf_enum_check_meta(struct btf_verifier_env *env,
625 const struct btf_type *t,
628 const struct btf_enum *enums = btf_type_enum(t);
629 struct btf *btf = env->btf;
633 nr_enums = btf_type_vlen(t);
634 meta_needed = nr_enums * sizeof(*enums);
636 if (meta_left < meta_needed) {
637 btf_verifier_log_basic(env, t,
638 "meta_left:%u meta_needed:%u",
639 meta_left, meta_needed);
643 if (t->size != sizeof(int)) {
644 btf_verifier_log_type(env, t, "Expected size:%zu",
649 btf_verifier_log_type(env, t, NULL);
651 for (i = 0; i < nr_enums; i++) {
652 if (!btf_name_offset_valid(btf, enums[i].name)) {
653 btf_verifier_log(env, "\tInvalid name_offset:%u",
658 btf_verifier_log(env, "\t%s val=%d\n",
659 btf_name_by_offset(btf, enums[i].name),
666 static void btf_enum_log(struct btf_verifier_env *env,
667 const struct btf_type *t)
669 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
672 static struct btf_kind_operations enum_ops = {
673 .check_meta = btf_enum_check_meta,
674 .log_details = btf_enum_log,
677 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS] = {
678 [BTF_KIND_INT] = &int_ops,
679 [BTF_KIND_PTR] = &ptr_ops,
680 [BTF_KIND_ARRAY] = &array_ops,
681 [BTF_KIND_STRUCT] = &struct_ops,
682 [BTF_KIND_UNION] = &struct_ops,
683 [BTF_KIND_ENUM] = &enum_ops,
684 [BTF_KIND_FWD] = &fwd_ops,
685 [BTF_KIND_TYPEDEF] = &modifier_ops,
686 [BTF_KIND_VOLATILE] = &modifier_ops,
687 [BTF_KIND_CONST] = &modifier_ops,
688 [BTF_KIND_RESTRICT] = &modifier_ops,
691 static s32 btf_check_meta(struct btf_verifier_env *env,
692 const struct btf_type *t,
695 u32 saved_meta_left = meta_left;
698 if (meta_left < sizeof(*t)) {
699 btf_verifier_log(env, "[%u] meta_left:%u meta_needed:%zu",
700 env->log_type_id, meta_left, sizeof(*t));
703 meta_left -= sizeof(*t);
705 if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX ||
706 BTF_INFO_KIND(t->info) == BTF_KIND_UNKN) {
707 btf_verifier_log(env, "[%u] Invalid kind:%u",
708 env->log_type_id, BTF_INFO_KIND(t->info));
712 if (!btf_name_offset_valid(env->btf, t->name)) {
713 btf_verifier_log(env, "[%u] Invalid name_offset:%u",
714 env->log_type_id, t->name);
718 var_meta_size = btf_type_ops(t)->check_meta(env, t, meta_left);
719 if (var_meta_size < 0)
720 return var_meta_size;
722 meta_left -= var_meta_size;
724 return saved_meta_left - meta_left;
727 static int btf_check_all_metas(struct btf_verifier_env *env)
729 struct btf *btf = env->btf;
730 struct btf_header *hdr;
734 cur = btf->nohdr_data + hdr->type_off;
735 end = btf->nohdr_data + hdr->str_off;
737 env->log_type_id = 1;
739 struct btf_type *t = cur;
742 meta_size = btf_check_meta(env, t, end - cur);
746 btf_add_type(env, t);
754 static int btf_parse_type_sec(struct btf_verifier_env *env)
756 return btf_check_all_metas(env);
759 static int btf_parse_str_sec(struct btf_verifier_env *env)
761 const struct btf_header *hdr;
762 struct btf *btf = env->btf;
763 const char *start, *end;
766 start = btf->nohdr_data + hdr->str_off;
767 end = start + hdr->str_len;
769 if (!hdr->str_len || hdr->str_len - 1 > BTF_MAX_NAME_OFFSET ||
770 start[0] || end[-1]) {
771 btf_verifier_log(env, "Invalid string section");
775 btf->strings = start;
780 static int btf_parse_hdr(struct btf_verifier_env *env)
782 const struct btf_header *hdr;
783 struct btf *btf = env->btf;
786 if (btf->data_size < sizeof(*hdr)) {
787 btf_verifier_log(env, "btf_header not found");
791 btf_verifier_log_hdr(env);
794 if (hdr->magic != BTF_MAGIC) {
795 btf_verifier_log(env, "Invalid magic");
799 if (hdr->version != BTF_VERSION) {
800 btf_verifier_log(env, "Unsupported version");
805 btf_verifier_log(env, "Unsupported flags");
809 meta_left = btf->data_size - sizeof(*hdr);
811 btf_verifier_log(env, "No data");
815 if (meta_left < hdr->type_off || hdr->str_off <= hdr->type_off ||
816 /* Type section must align to 4 bytes */
817 hdr->type_off & (sizeof(u32) - 1)) {
818 btf_verifier_log(env, "Invalid type_off");
822 if (meta_left < hdr->str_off ||
823 meta_left - hdr->str_off < hdr->str_len) {
824 btf_verifier_log(env, "Invalid str_off or str_len");
828 btf->nohdr_data = btf->hdr + 1;
833 static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size,
834 u32 log_level, char __user *log_ubuf, u32 log_size)
836 struct btf_verifier_env *env = NULL;
837 struct bpf_verifier_log *log;
838 struct btf *btf = NULL;
842 if (btf_data_size > BTF_MAX_SIZE)
843 return ERR_PTR(-E2BIG);
845 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
847 return ERR_PTR(-ENOMEM);
850 if (log_level || log_ubuf || log_size) {
851 /* user requested verbose verifier output
852 * and supplied buffer to store the verification trace
854 log->level = log_level;
855 log->ubuf = log_ubuf;
856 log->len_total = log_size;
858 /* log attributes have to be sane */
859 if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
860 !log->level || !log->ubuf) {
866 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
872 data = kvmalloc(btf_data_size, GFP_KERNEL | __GFP_NOWARN);
879 btf->data_size = btf_data_size;
881 if (copy_from_user(data, btf_data, btf_data_size)) {
888 err = btf_parse_hdr(env);
892 err = btf_parse_str_sec(env);
896 err = btf_parse_type_sec(env);
900 if (!err && log->level && bpf_verifier_log_full(log)) {
906 btf_verifier_env_free(env);
911 btf_verifier_env_free(env);
projects / linux.git / blob