1 /* SPDX-License-Identifier: GPL-2.0 */
2 /* Copyright (c) 2018 Facebook */
4 #include <uapi/linux/btf.h>
5 #include <uapi/linux/bpf.h>
6 #include <uapi/linux/bpf_perf_event.h>
7 #include <uapi/linux/types.h>
8 #include <linux/seq_file.h>
9 #include <linux/compiler.h>
10 #include <linux/ctype.h>
11 #include <linux/errno.h>
12 #include <linux/slab.h>
13 #include <linux/anon_inodes.h>
14 #include <linux/file.h>
15 #include <linux/uaccess.h>
16 #include <linux/kernel.h>
17 #include <linux/idr.h>
18 #include <linux/sort.h>
19 #include <linux/bpf_verifier.h>
20 #include <linux/btf.h>
21 #include <linux/btf_ids.h>
22 #include <linux/skmsg.h>
23 #include <linux/perf_event.h>
24 #include <linux/bsearch.h>
25 #include <linux/kobject.h>
26 #include <linux/sysfs.h>
29 /* BTF (BPF Type Format) is the meta data format which describes
30 * the data types of BPF program/map. Hence, it basically focus
31 * on the C programming language which the modern BPF is primary
36 * The BTF data is stored under the ".BTF" ELF section
40 * Each 'struct btf_type' object describes a C data type.
41 * Depending on the type it is describing, a 'struct btf_type'
42 * object may be followed by more data. F.e.
43 * To describe an array, 'struct btf_type' is followed by
46 * 'struct btf_type' and any extra data following it are
51 * The BTF type section contains a list of 'struct btf_type' objects.
52 * Each one describes a C type. Recall from the above section
53 * that a 'struct btf_type' object could be immediately followed by extra
54 * data in order to describe some particular C types.
58 * Each btf_type object is identified by a type_id. The type_id
59 * is implicitly implied by the location of the btf_type object in
60 * the BTF type section. The first one has type_id 1. The second
61 * one has type_id 2...etc. Hence, an earlier btf_type has
64 * A btf_type object may refer to another btf_type object by using
65 * type_id (i.e. the "type" in the "struct btf_type").
67 * NOTE that we cannot assume any reference-order.
68 * A btf_type object can refer to an earlier btf_type object
69 * but it can also refer to a later btf_type object.
71 * For example, to describe "const void *". A btf_type
72 * object describing "const" may refer to another btf_type
73 * object describing "void *". This type-reference is done
74 * by specifying type_id:
76 * [1] CONST (anon) type_id=2
77 * [2] PTR (anon) type_id=0
79 * The above is the btf_verifier debug log:
80 * - Each line started with "[?]" is a btf_type object
81 * - [?] is the type_id of the btf_type object.
82 * - CONST/PTR is the BTF_KIND_XXX
83 * - "(anon)" is the name of the type. It just
84 * happens that CONST and PTR has no name.
85 * - type_id=XXX is the 'u32 type' in btf_type
87 * NOTE: "void" has type_id 0
91 * The BTF string section contains the names used by the type section.
92 * Each string is referred by an "offset" from the beginning of the
95 * Each string is '\0' terminated.
97 * The first character in the string section must be '\0'
98 * which is used to mean 'anonymous'. Some btf_type may not
104 * To verify BTF data, two passes are needed.
108 * The first pass is to collect all btf_type objects to
109 * an array: "btf->types".
111 * Depending on the C type that a btf_type is describing,
112 * a btf_type may be followed by extra data. We don't know
113 * how many btf_type is there, and more importantly we don't
114 * know where each btf_type is located in the type section.
116 * Without knowing the location of each type_id, most verifications
117 * cannot be done. e.g. an earlier btf_type may refer to a later
118 * btf_type (recall the "const void *" above), so we cannot
119 * check this type-reference in the first pass.
121 * In the first pass, it still does some verifications (e.g.
122 * checking the name is a valid offset to the string section).
126 * The main focus is to resolve a btf_type that is referring
129 * We have to ensure the referring type:
130 * 1) does exist in the BTF (i.e. in btf->types[])
131 * 2) does not cause a loop:
140 * btf_type_needs_resolve() decides if a btf_type needs
143 * The needs_resolve type implements the "resolve()" ops which
144 * essentially does a DFS and detects backedge.
146 * During resolve (or DFS), different C types have different
147 * "RESOLVED" conditions.
149 * When resolving a BTF_KIND_STRUCT, we need to resolve all its
150 * members because a member is always referring to another
151 * type. A struct's member can be treated as "RESOLVED" if
152 * it is referring to a BTF_KIND_PTR. Otherwise, the
153 * following valid C struct would be rejected:
160 * When resolving a BTF_KIND_PTR, it needs to keep resolving if
161 * it is referring to another BTF_KIND_PTR. Otherwise, we cannot
162 * detect a pointer loop, e.g.:
163 * BTF_KIND_CONST -> BTF_KIND_PTR -> BTF_KIND_CONST -> BTF_KIND_PTR +
165 * +-----------------------------------------+
169 #define BITS_PER_U128 (sizeof(u64) * BITS_PER_BYTE * 2)
170 #define BITS_PER_BYTE_MASK (BITS_PER_BYTE - 1)
171 #define BITS_PER_BYTE_MASKED(bits) ((bits) & BITS_PER_BYTE_MASK)
172 #define BITS_ROUNDDOWN_BYTES(bits) ((bits) >> 3)
173 #define BITS_ROUNDUP_BYTES(bits) \
174 (BITS_ROUNDDOWN_BYTES(bits) + !!BITS_PER_BYTE_MASKED(bits))
176 #define BTF_INFO_MASK 0x9f00ffff
177 #define BTF_INT_MASK 0x0fffffff
178 #define BTF_TYPE_ID_VALID(type_id) ((type_id) <= BTF_MAX_TYPE)
179 #define BTF_STR_OFFSET_VALID(name_off) ((name_off) <= BTF_MAX_NAME_OFFSET)
181 /* 16MB for 64k structs and each has 16 members and
182 * a few MB spaces for the string section.
183 * The hard limit is S32_MAX.
185 #define BTF_MAX_SIZE (16 * 1024 * 1024)
187 #define for_each_member_from(i, from, struct_type, member) \
188 for (i = from, member = btf_type_member(struct_type) + from; \
189 i < btf_type_vlen(struct_type); \
192 #define for_each_vsi_from(i, from, struct_type, member) \
193 for (i = from, member = btf_type_var_secinfo(struct_type) + from; \
194 i < btf_type_vlen(struct_type); \
198 DEFINE_SPINLOCK(btf_idr_lock);
202 struct btf_type **types;
207 struct btf_header hdr;
208 u32 nr_types; /* includes VOID for base BTF */
215 /* split BTF support */
216 struct btf *base_btf;
217 u32 start_id; /* first type ID in this BTF (0 for base BTF) */
218 u32 start_str_off; /* first string offset (0 for base BTF) */
219 char name[MODULE_NAME_LEN];
223 enum verifier_phase {
228 struct resolve_vertex {
229 const struct btf_type *t;
241 RESOLVE_TBD, /* To Be Determined */
242 RESOLVE_PTR, /* Resolving for Pointer */
243 RESOLVE_STRUCT_OR_ARRAY, /* Resolving for struct/union
248 #define MAX_RESOLVE_DEPTH 32
250 struct btf_sec_info {
255 struct btf_verifier_env {
258 struct resolve_vertex stack[MAX_RESOLVE_DEPTH];
259 struct bpf_verifier_log log;
262 enum verifier_phase phase;
263 enum resolve_mode resolve_mode;
266 static const char * const btf_kind_str[NR_BTF_KINDS] = {
267 [BTF_KIND_UNKN] = "UNKNOWN",
268 [BTF_KIND_INT] = "INT",
269 [BTF_KIND_PTR] = "PTR",
270 [BTF_KIND_ARRAY] = "ARRAY",
271 [BTF_KIND_STRUCT] = "STRUCT",
272 [BTF_KIND_UNION] = "UNION",
273 [BTF_KIND_ENUM] = "ENUM",
274 [BTF_KIND_FWD] = "FWD",
275 [BTF_KIND_TYPEDEF] = "TYPEDEF",
276 [BTF_KIND_VOLATILE] = "VOLATILE",
277 [BTF_KIND_CONST] = "CONST",
278 [BTF_KIND_RESTRICT] = "RESTRICT",
279 [BTF_KIND_FUNC] = "FUNC",
280 [BTF_KIND_FUNC_PROTO] = "FUNC_PROTO",
281 [BTF_KIND_VAR] = "VAR",
282 [BTF_KIND_DATASEC] = "DATASEC",
283 [BTF_KIND_FLOAT] = "FLOAT",
284 [BTF_KIND_TAG] = "TAG",
287 const char *btf_type_str(const struct btf_type *t)
289 return btf_kind_str[BTF_INFO_KIND(t->info)];
292 /* Chunk size we use in safe copy of data to be shown. */
293 #define BTF_SHOW_OBJ_SAFE_SIZE 32
296 * This is the maximum size of a base type value (equivalent to a
297 * 128-bit int); if we are at the end of our safe buffer and have
298 * less than 16 bytes space we can't be assured of being able
299 * to copy the next type safely, so in such cases we will initiate
302 #define BTF_SHOW_OBJ_BASE_TYPE_SIZE 16
305 #define BTF_SHOW_NAME_SIZE 80
308 * Common data to all BTF show operations. Private show functions can add
309 * their own data to a structure containing a struct btf_show and consult it
310 * in the show callback. See btf_type_show() below.
312 * One challenge with showing nested data is we want to skip 0-valued
313 * data, but in order to figure out whether a nested object is all zeros
314 * we need to walk through it. As a result, we need to make two passes
315 * when handling structs, unions and arrays; the first path simply looks
316 * for nonzero data, while the second actually does the display. The first
317 * pass is signalled by show->state.depth_check being set, and if we
318 * encounter a non-zero value we set show->state.depth_to_show to
319 * the depth at which we encountered it. When we have completed the
320 * first pass, we will know if anything needs to be displayed if
321 * depth_to_show > depth. See btf_[struct,array]_show() for the
322 * implementation of this.
324 * Another problem is we want to ensure the data for display is safe to
325 * access. To support this, the anonymous "struct {} obj" tracks the data
326 * object and our safe copy of it. We copy portions of the data needed
327 * to the object "copy" buffer, but because its size is limited to
328 * BTF_SHOW_OBJ_COPY_LEN bytes, multiple copies may be required as we
329 * traverse larger objects for display.
331 * The various data type show functions all start with a call to
332 * btf_show_start_type() which returns a pointer to the safe copy
333 * of the data needed (or if BTF_SHOW_UNSAFE is specified, to the
334 * raw data itself). btf_show_obj_safe() is responsible for
335 * using copy_from_kernel_nofault() to update the safe data if necessary
336 * as we traverse the object's data. skbuff-like semantics are
339 * - obj.head points to the start of the toplevel object for display
340 * - obj.size is the size of the toplevel object
341 * - obj.data points to the current point in the original data at
342 * which our safe data starts. obj.data will advance as we copy
343 * portions of the data.
345 * In most cases a single copy will suffice, but larger data structures
346 * such as "struct task_struct" will require many copies. The logic in
347 * btf_show_obj_safe() handles the logic that determines if a new
348 * copy_from_kernel_nofault() is needed.
352 void *target; /* target of show operation (seq file, buffer) */
353 void (*showfn)(struct btf_show *show, const char *fmt, va_list args);
354 const struct btf *btf;
355 /* below are used during iteration */
364 int status; /* non-zero for error */
365 const struct btf_type *type;
366 const struct btf_member *member;
367 char name[BTF_SHOW_NAME_SIZE]; /* space for member name/type */
373 u8 safe[BTF_SHOW_OBJ_SAFE_SIZE];
377 struct btf_kind_operations {
378 s32 (*check_meta)(struct btf_verifier_env *env,
379 const struct btf_type *t,
381 int (*resolve)(struct btf_verifier_env *env,
382 const struct resolve_vertex *v);
383 int (*check_member)(struct btf_verifier_env *env,
384 const struct btf_type *struct_type,
385 const struct btf_member *member,
386 const struct btf_type *member_type);
387 int (*check_kflag_member)(struct btf_verifier_env *env,
388 const struct btf_type *struct_type,
389 const struct btf_member *member,
390 const struct btf_type *member_type);
391 void (*log_details)(struct btf_verifier_env *env,
392 const struct btf_type *t);
393 void (*show)(const struct btf *btf, const struct btf_type *t,
394 u32 type_id, void *data, u8 bits_offsets,
395 struct btf_show *show);
398 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS];
399 static struct btf_type btf_void;
401 static int btf_resolve(struct btf_verifier_env *env,
402 const struct btf_type *t, u32 type_id);
404 static bool btf_type_is_modifier(const struct btf_type *t)
406 /* Some of them is not strictly a C modifier
407 * but they are grouped into the same bucket
409 * A type (t) that refers to another
410 * type through t->type AND its size cannot
411 * be determined without following the t->type.
413 * ptr does not fall into this bucket
414 * because its size is always sizeof(void *).
416 switch (BTF_INFO_KIND(t->info)) {
417 case BTF_KIND_TYPEDEF:
418 case BTF_KIND_VOLATILE:
420 case BTF_KIND_RESTRICT:
427 bool btf_type_is_void(const struct btf_type *t)
429 return t == &btf_void;
432 static bool btf_type_is_fwd(const struct btf_type *t)
434 return BTF_INFO_KIND(t->info) == BTF_KIND_FWD;
437 static bool btf_type_nosize(const struct btf_type *t)
439 return btf_type_is_void(t) || btf_type_is_fwd(t) ||
440 btf_type_is_func(t) || btf_type_is_func_proto(t);
443 static bool btf_type_nosize_or_null(const struct btf_type *t)
445 return !t || btf_type_nosize(t);
448 static bool __btf_type_is_struct(const struct btf_type *t)
450 return BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT;
453 static bool btf_type_is_array(const struct btf_type *t)
455 return BTF_INFO_KIND(t->info) == BTF_KIND_ARRAY;
458 static bool btf_type_is_datasec(const struct btf_type *t)
460 return BTF_INFO_KIND(t->info) == BTF_KIND_DATASEC;
463 static bool btf_type_is_tag(const struct btf_type *t)
465 return BTF_INFO_KIND(t->info) == BTF_KIND_TAG;
468 static bool btf_type_is_tag_target(const struct btf_type *t)
470 return btf_type_is_func(t) || btf_type_is_struct(t) ||
474 u32 btf_nr_types(const struct btf *btf)
479 total += btf->nr_types;
486 s32 btf_find_by_name_kind(const struct btf *btf, const char *name, u8 kind)
488 const struct btf_type *t;
492 total = btf_nr_types(btf);
493 for (i = 1; i < total; i++) {
494 t = btf_type_by_id(btf, i);
495 if (BTF_INFO_KIND(t->info) != kind)
498 tname = btf_name_by_offset(btf, t->name_off);
499 if (!strcmp(tname, name))
506 const struct btf_type *btf_type_skip_modifiers(const struct btf *btf,
509 const struct btf_type *t = btf_type_by_id(btf, id);
511 while (btf_type_is_modifier(t)) {
513 t = btf_type_by_id(btf, t->type);
522 const struct btf_type *btf_type_resolve_ptr(const struct btf *btf,
525 const struct btf_type *t;
527 t = btf_type_skip_modifiers(btf, id, NULL);
528 if (!btf_type_is_ptr(t))
531 return btf_type_skip_modifiers(btf, t->type, res_id);
534 const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf,
537 const struct btf_type *ptype;
539 ptype = btf_type_resolve_ptr(btf, id, res_id);
540 if (ptype && btf_type_is_func_proto(ptype))
546 /* Types that act only as a source, not sink or intermediate
547 * type when resolving.
549 static bool btf_type_is_resolve_source_only(const struct btf_type *t)
551 return btf_type_is_var(t) ||
552 btf_type_is_tag(t) ||
553 btf_type_is_datasec(t);
556 /* What types need to be resolved?
558 * btf_type_is_modifier() is an obvious one.
560 * btf_type_is_struct() because its member refers to
561 * another type (through member->type).
563 * btf_type_is_var() because the variable refers to
564 * another type. btf_type_is_datasec() holds multiple
565 * btf_type_is_var() types that need resolving.
567 * btf_type_is_array() because its element (array->type)
568 * refers to another type. Array can be thought of a
569 * special case of struct while array just has the same
570 * member-type repeated by array->nelems of times.
572 static bool btf_type_needs_resolve(const struct btf_type *t)
574 return btf_type_is_modifier(t) ||
575 btf_type_is_ptr(t) ||
576 btf_type_is_struct(t) ||
577 btf_type_is_array(t) ||
578 btf_type_is_var(t) ||
579 btf_type_is_tag(t) ||
580 btf_type_is_datasec(t);
583 /* t->size can be used */
584 static bool btf_type_has_size(const struct btf_type *t)
586 switch (BTF_INFO_KIND(t->info)) {
588 case BTF_KIND_STRUCT:
591 case BTF_KIND_DATASEC:
599 static const char *btf_int_encoding_str(u8 encoding)
603 else if (encoding == BTF_INT_SIGNED)
605 else if (encoding == BTF_INT_CHAR)
607 else if (encoding == BTF_INT_BOOL)
613 static u32 btf_type_int(const struct btf_type *t)
615 return *(u32 *)(t + 1);
618 static const struct btf_array *btf_type_array(const struct btf_type *t)
620 return (const struct btf_array *)(t + 1);
623 static const struct btf_enum *btf_type_enum(const struct btf_type *t)
625 return (const struct btf_enum *)(t + 1);
628 static const struct btf_var *btf_type_var(const struct btf_type *t)
630 return (const struct btf_var *)(t + 1);
633 static const struct btf_tag *btf_type_tag(const struct btf_type *t)
635 return (const struct btf_tag *)(t + 1);
638 static const struct btf_kind_operations *btf_type_ops(const struct btf_type *t)
640 return kind_ops[BTF_INFO_KIND(t->info)];
643 static bool btf_name_offset_valid(const struct btf *btf, u32 offset)
645 if (!BTF_STR_OFFSET_VALID(offset))
648 while (offset < btf->start_str_off)
651 offset -= btf->start_str_off;
652 return offset < btf->hdr.str_len;
655 static bool __btf_name_char_ok(char c, bool first, bool dot_ok)
657 if ((first ? !isalpha(c) :
660 ((c == '.' && !dot_ok) ||
666 static const char *btf_str_by_offset(const struct btf *btf, u32 offset)
668 while (offset < btf->start_str_off)
671 offset -= btf->start_str_off;
672 if (offset < btf->hdr.str_len)
673 return &btf->strings[offset];
678 static bool __btf_name_valid(const struct btf *btf, u32 offset, bool dot_ok)
680 /* offset must be valid */
681 const char *src = btf_str_by_offset(btf, offset);
682 const char *src_limit;
684 if (!__btf_name_char_ok(*src, true, dot_ok))
687 /* set a limit on identifier length */
688 src_limit = src + KSYM_NAME_LEN;
690 while (*src && src < src_limit) {
691 if (!__btf_name_char_ok(*src, false, dot_ok))
699 /* Only C-style identifier is permitted. This can be relaxed if
702 static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
704 return __btf_name_valid(btf, offset, false);
707 static bool btf_name_valid_section(const struct btf *btf, u32 offset)
709 return __btf_name_valid(btf, offset, true);
712 static const char *__btf_name_by_offset(const struct btf *btf, u32 offset)
719 name = btf_str_by_offset(btf, offset);
720 return name ?: "(invalid-name-offset)";
723 const char *btf_name_by_offset(const struct btf *btf, u32 offset)
725 return btf_str_by_offset(btf, offset);
728 const struct btf_type *btf_type_by_id(const struct btf *btf, u32 type_id)
730 while (type_id < btf->start_id)
733 type_id -= btf->start_id;
734 if (type_id >= btf->nr_types)
736 return btf->types[type_id];
740 * Regular int is not a bit field and it must be either
741 * u8/u16/u32/u64 or __int128.
743 static bool btf_type_int_is_regular(const struct btf_type *t)
745 u8 nr_bits, nr_bytes;
748 int_data = btf_type_int(t);
749 nr_bits = BTF_INT_BITS(int_data);
750 nr_bytes = BITS_ROUNDUP_BYTES(nr_bits);
751 if (BITS_PER_BYTE_MASKED(nr_bits) ||
752 BTF_INT_OFFSET(int_data) ||
753 (nr_bytes != sizeof(u8) && nr_bytes != sizeof(u16) &&
754 nr_bytes != sizeof(u32) && nr_bytes != sizeof(u64) &&
755 nr_bytes != (2 * sizeof(u64)))) {
763 * Check that given struct member is a regular int with expected
766 bool btf_member_is_reg_int(const struct btf *btf, const struct btf_type *s,
767 const struct btf_member *m,
768 u32 expected_offset, u32 expected_size)
770 const struct btf_type *t;
775 t = btf_type_id_size(btf, &id, NULL);
776 if (!t || !btf_type_is_int(t))
779 int_data = btf_type_int(t);
780 nr_bits = BTF_INT_BITS(int_data);
781 if (btf_type_kflag(s)) {
782 u32 bitfield_size = BTF_MEMBER_BITFIELD_SIZE(m->offset);
783 u32 bit_offset = BTF_MEMBER_BIT_OFFSET(m->offset);
785 /* if kflag set, int should be a regular int and
786 * bit offset should be at byte boundary.
788 return !bitfield_size &&
789 BITS_ROUNDUP_BYTES(bit_offset) == expected_offset &&
790 BITS_ROUNDUP_BYTES(nr_bits) == expected_size;
793 if (BTF_INT_OFFSET(int_data) ||
794 BITS_PER_BYTE_MASKED(m->offset) ||
795 BITS_ROUNDUP_BYTES(m->offset) != expected_offset ||
796 BITS_PER_BYTE_MASKED(nr_bits) ||
797 BITS_ROUNDUP_BYTES(nr_bits) != expected_size)
803 /* Similar to btf_type_skip_modifiers() but does not skip typedefs. */
804 static const struct btf_type *btf_type_skip_qualifiers(const struct btf *btf,
807 const struct btf_type *t = btf_type_by_id(btf, id);
809 while (btf_type_is_modifier(t) &&
810 BTF_INFO_KIND(t->info) != BTF_KIND_TYPEDEF) {
811 t = btf_type_by_id(btf, t->type);
817 #define BTF_SHOW_MAX_ITER 10
819 #define BTF_KIND_BIT(kind) (1ULL << kind)
822 * Populate show->state.name with type name information.
823 * Format of type name is
825 * [.member_name = ] (type_name)
827 static const char *btf_show_name(struct btf_show *show)
829 /* BTF_MAX_ITER array suffixes "[]" */
830 const char *array_suffixes = "[][][][][][][][][][]";
831 const char *array_suffix = &array_suffixes[strlen(array_suffixes)];
832 /* BTF_MAX_ITER pointer suffixes "*" */
833 const char *ptr_suffixes = "**********";
834 const char *ptr_suffix = &ptr_suffixes[strlen(ptr_suffixes)];
835 const char *name = NULL, *prefix = "", *parens = "";
836 const struct btf_member *m = show->state.member;
837 const struct btf_type *t = show->state.type;
838 const struct btf_array *array;
839 u32 id = show->state.type_id;
840 const char *member = NULL;
841 bool show_member = false;
845 show->state.name[0] = '\0';
848 * Don't show type name if we're showing an array member;
849 * in that case we show the array type so don't need to repeat
850 * ourselves for each member.
852 if (show->state.array_member)
855 /* Retrieve member name, if any. */
857 member = btf_name_by_offset(show->btf, m->name_off);
858 show_member = strlen(member) > 0;
863 * Start with type_id, as we have resolved the struct btf_type *
864 * via btf_modifier_show() past the parent typedef to the child
865 * struct, int etc it is defined as. In such cases, the type_id
866 * still represents the starting type while the struct btf_type *
867 * in our show->state points at the resolved type of the typedef.
869 t = btf_type_by_id(show->btf, id);
874 * The goal here is to build up the right number of pointer and
875 * array suffixes while ensuring the type name for a typedef
876 * is represented. Along the way we accumulate a list of
877 * BTF kinds we have encountered, since these will inform later
878 * display; for example, pointer types will not require an
879 * opening "{" for struct, we will just display the pointer value.
881 * We also want to accumulate the right number of pointer or array
882 * indices in the format string while iterating until we get to
883 * the typedef/pointee/array member target type.
885 * We start by pointing at the end of pointer and array suffix
886 * strings; as we accumulate pointers and arrays we move the pointer
887 * or array string backwards so it will show the expected number of
888 * '*' or '[]' for the type. BTF_SHOW_MAX_ITER of nesting of pointers
889 * and/or arrays and typedefs are supported as a precaution.
891 * We also want to get typedef name while proceeding to resolve
892 * type it points to so that we can add parentheses if it is a
893 * "typedef struct" etc.
895 for (i = 0; i < BTF_SHOW_MAX_ITER; i++) {
897 switch (BTF_INFO_KIND(t->info)) {
898 case BTF_KIND_TYPEDEF:
900 name = btf_name_by_offset(show->btf,
902 kinds |= BTF_KIND_BIT(BTF_KIND_TYPEDEF);
906 kinds |= BTF_KIND_BIT(BTF_KIND_ARRAY);
910 array = btf_type_array(t);
911 if (array_suffix > array_suffixes)
916 kinds |= BTF_KIND_BIT(BTF_KIND_PTR);
917 if (ptr_suffix > ptr_suffixes)
927 t = btf_type_skip_qualifiers(show->btf, id);
929 /* We may not be able to represent this type; bail to be safe */
930 if (i == BTF_SHOW_MAX_ITER)
934 name = btf_name_by_offset(show->btf, t->name_off);
936 switch (BTF_INFO_KIND(t->info)) {
937 case BTF_KIND_STRUCT:
939 prefix = BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT ?
941 /* if it's an array of struct/union, parens is already set */
942 if (!(kinds & (BTF_KIND_BIT(BTF_KIND_ARRAY))))
952 /* pointer does not require parens */
953 if (kinds & BTF_KIND_BIT(BTF_KIND_PTR))
955 /* typedef does not require struct/union/enum prefix */
956 if (kinds & BTF_KIND_BIT(BTF_KIND_TYPEDEF))
962 /* Even if we don't want type name info, we want parentheses etc */
963 if (show->flags & BTF_SHOW_NONAME)
964 snprintf(show->state.name, sizeof(show->state.name), "%s",
967 snprintf(show->state.name, sizeof(show->state.name),
968 "%s%s%s(%s%s%s%s%s%s)%s",
969 /* first 3 strings comprise ".member = " */
970 show_member ? "." : "",
971 show_member ? member : "",
972 show_member ? " = " : "",
973 /* ...next is our prefix (struct, enum, etc) */
975 strlen(prefix) > 0 && strlen(name) > 0 ? " " : "",
976 /* ...this is the type name itself */
978 /* ...suffixed by the appropriate '*', '[]' suffixes */
979 strlen(ptr_suffix) > 0 ? " " : "", ptr_suffix,
980 array_suffix, parens);
982 return show->state.name;
985 static const char *__btf_show_indent(struct btf_show *show)
987 const char *indents = " ";
988 const char *indent = &indents[strlen(indents)];
990 if ((indent - show->state.depth) >= indents)
991 return indent - show->state.depth;
995 static const char *btf_show_indent(struct btf_show *show)
997 return show->flags & BTF_SHOW_COMPACT ? "" : __btf_show_indent(show);
1000 static const char *btf_show_newline(struct btf_show *show)
1002 return show->flags & BTF_SHOW_COMPACT ? "" : "\n";
1005 static const char *btf_show_delim(struct btf_show *show)
1007 if (show->state.depth == 0)
1010 if ((show->flags & BTF_SHOW_COMPACT) && show->state.type &&
1011 BTF_INFO_KIND(show->state.type->info) == BTF_KIND_UNION)
1017 __printf(2, 3) static void btf_show(struct btf_show *show, const char *fmt, ...)
1021 if (!show->state.depth_check) {
1022 va_start(args, fmt);
1023 show->showfn(show, fmt, args);
1028 /* Macros are used here as btf_show_type_value[s]() prepends and appends
1029 * format specifiers to the format specifier passed in; these do the work of
1030 * adding indentation, delimiters etc while the caller simply has to specify
1031 * the type value(s) in the format specifier + value(s).
1033 #define btf_show_type_value(show, fmt, value) \
1035 if ((value) != 0 || (show->flags & BTF_SHOW_ZERO) || \
1036 show->state.depth == 0) { \
1037 btf_show(show, "%s%s" fmt "%s%s", \
1038 btf_show_indent(show), \
1039 btf_show_name(show), \
1040 value, btf_show_delim(show), \
1041 btf_show_newline(show)); \
1042 if (show->state.depth > show->state.depth_to_show) \
1043 show->state.depth_to_show = show->state.depth; \
1047 #define btf_show_type_values(show, fmt, ...) \
1049 btf_show(show, "%s%s" fmt "%s%s", btf_show_indent(show), \
1050 btf_show_name(show), \
1051 __VA_ARGS__, btf_show_delim(show), \
1052 btf_show_newline(show)); \
1053 if (show->state.depth > show->state.depth_to_show) \
1054 show->state.depth_to_show = show->state.depth; \
1057 /* How much is left to copy to safe buffer after @data? */
1058 static int btf_show_obj_size_left(struct btf_show *show, void *data)
1060 return show->obj.head + show->obj.size - data;
1063 /* Is object pointed to by @data of @size already copied to our safe buffer? */
1064 static bool btf_show_obj_is_safe(struct btf_show *show, void *data, int size)
1066 return data >= show->obj.data &&
1067 (data + size) < (show->obj.data + BTF_SHOW_OBJ_SAFE_SIZE);
1071 * If object pointed to by @data of @size falls within our safe buffer, return
1072 * the equivalent pointer to the same safe data. Assumes
1073 * copy_from_kernel_nofault() has already happened and our safe buffer is
1076 static void *__btf_show_obj_safe(struct btf_show *show, void *data, int size)
1078 if (btf_show_obj_is_safe(show, data, size))
1079 return show->obj.safe + (data - show->obj.data);
1084 * Return a safe-to-access version of data pointed to by @data.
1085 * We do this by copying the relevant amount of information
1086 * to the struct btf_show obj.safe buffer using copy_from_kernel_nofault().
1088 * If BTF_SHOW_UNSAFE is specified, just return data as-is; no
1089 * safe copy is needed.
1091 * Otherwise we need to determine if we have the required amount
1092 * of data (determined by the @data pointer and the size of the
1093 * largest base type we can encounter (represented by
1094 * BTF_SHOW_OBJ_BASE_TYPE_SIZE). Having that much data ensures
1095 * that we will be able to print some of the current object,
1096 * and if more is needed a copy will be triggered.
1097 * Some objects such as structs will not fit into the buffer;
1098 * in such cases additional copies when we iterate over their
1099 * members may be needed.
1101 * btf_show_obj_safe() is used to return a safe buffer for
1102 * btf_show_start_type(); this ensures that as we recurse into
1103 * nested types we always have safe data for the given type.
1104 * This approach is somewhat wasteful; it's possible for example
1105 * that when iterating over a large union we'll end up copying the
1106 * same data repeatedly, but the goal is safety not performance.
1107 * We use stack data as opposed to per-CPU buffers because the
1108 * iteration over a type can take some time, and preemption handling
1109 * would greatly complicate use of the safe buffer.
1111 static void *btf_show_obj_safe(struct btf_show *show,
1112 const struct btf_type *t,
1115 const struct btf_type *rt;
1116 int size_left, size;
1119 if (show->flags & BTF_SHOW_UNSAFE)
1122 rt = btf_resolve_size(show->btf, t, &size);
1124 show->state.status = PTR_ERR(rt);
1129 * Is this toplevel object? If so, set total object size and
1130 * initialize pointers. Otherwise check if we still fall within
1131 * our safe object data.
1133 if (show->state.depth == 0) {
1134 show->obj.size = size;
1135 show->obj.head = data;
1138 * If the size of the current object is > our remaining
1139 * safe buffer we _may_ need to do a new copy. However
1140 * consider the case of a nested struct; it's size pushes
1141 * us over the safe buffer limit, but showing any individual
1142 * struct members does not. In such cases, we don't need
1143 * to initiate a fresh copy yet; however we definitely need
1144 * at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes left
1145 * in our buffer, regardless of the current object size.
1146 * The logic here is that as we resolve types we will
1147 * hit a base type at some point, and we need to be sure
1148 * the next chunk of data is safely available to display
1149 * that type info safely. We cannot rely on the size of
1150 * the current object here because it may be much larger
1151 * than our current buffer (e.g. task_struct is 8k).
1152 * All we want to do here is ensure that we can print the
1153 * next basic type, which we can if either
1154 * - the current type size is within the safe buffer; or
1155 * - at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes are left in
1158 safe = __btf_show_obj_safe(show, data,
1160 BTF_SHOW_OBJ_BASE_TYPE_SIZE));
1164 * We need a new copy to our safe object, either because we haven't
1165 * yet copied and are initializing safe data, or because the data
1166 * we want falls outside the boundaries of the safe object.
1169 size_left = btf_show_obj_size_left(show, data);
1170 if (size_left > BTF_SHOW_OBJ_SAFE_SIZE)
1171 size_left = BTF_SHOW_OBJ_SAFE_SIZE;
1172 show->state.status = copy_from_kernel_nofault(show->obj.safe,
1174 if (!show->state.status) {
1175 show->obj.data = data;
1176 safe = show->obj.safe;
1184 * Set the type we are starting to show and return a safe data pointer
1185 * to be used for showing the associated data.
1187 static void *btf_show_start_type(struct btf_show *show,
1188 const struct btf_type *t,
1189 u32 type_id, void *data)
1191 show->state.type = t;
1192 show->state.type_id = type_id;
1193 show->state.name[0] = '\0';
1195 return btf_show_obj_safe(show, t, data);
1198 static void btf_show_end_type(struct btf_show *show)
1200 show->state.type = NULL;
1201 show->state.type_id = 0;
1202 show->state.name[0] = '\0';
1205 static void *btf_show_start_aggr_type(struct btf_show *show,
1206 const struct btf_type *t,
1207 u32 type_id, void *data)
1209 void *safe_data = btf_show_start_type(show, t, type_id, data);
1214 btf_show(show, "%s%s%s", btf_show_indent(show),
1215 btf_show_name(show),
1216 btf_show_newline(show));
1217 show->state.depth++;
1221 static void btf_show_end_aggr_type(struct btf_show *show,
1224 show->state.depth--;
1225 btf_show(show, "%s%s%s%s", btf_show_indent(show), suffix,
1226 btf_show_delim(show), btf_show_newline(show));
1227 btf_show_end_type(show);
1230 static void btf_show_start_member(struct btf_show *show,
1231 const struct btf_member *m)
1233 show->state.member = m;
1236 static void btf_show_start_array_member(struct btf_show *show)
1238 show->state.array_member = 1;
1239 btf_show_start_member(show, NULL);
1242 static void btf_show_end_member(struct btf_show *show)
1244 show->state.member = NULL;
1247 static void btf_show_end_array_member(struct btf_show *show)
1249 show->state.array_member = 0;
1250 btf_show_end_member(show);
1253 static void *btf_show_start_array_type(struct btf_show *show,
1254 const struct btf_type *t,
1259 show->state.array_encoding = array_encoding;
1260 show->state.array_terminated = 0;
1261 return btf_show_start_aggr_type(show, t, type_id, data);
1264 static void btf_show_end_array_type(struct btf_show *show)
1266 show->state.array_encoding = 0;
1267 show->state.array_terminated = 0;
1268 btf_show_end_aggr_type(show, "]");
1271 static void *btf_show_start_struct_type(struct btf_show *show,
1272 const struct btf_type *t,
1276 return btf_show_start_aggr_type(show, t, type_id, data);
1279 static void btf_show_end_struct_type(struct btf_show *show)
1281 btf_show_end_aggr_type(show, "}");
1284 __printf(2, 3) static void __btf_verifier_log(struct bpf_verifier_log *log,
1285 const char *fmt, ...)
1289 va_start(args, fmt);
1290 bpf_verifier_vlog(log, fmt, args);
1294 __printf(2, 3) static void btf_verifier_log(struct btf_verifier_env *env,
1295 const char *fmt, ...)
1297 struct bpf_verifier_log *log = &env->log;
1300 if (!bpf_verifier_log_needed(log))
1303 va_start(args, fmt);
1304 bpf_verifier_vlog(log, fmt, args);
1308 __printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,
1309 const struct btf_type *t,
1311 const char *fmt, ...)
1313 struct bpf_verifier_log *log = &env->log;
1314 u8 kind = BTF_INFO_KIND(t->info);
1315 struct btf *btf = env->btf;
1318 if (!bpf_verifier_log_needed(log))
1321 /* btf verifier prints all types it is processing via
1322 * btf_verifier_log_type(..., fmt = NULL).
1323 * Skip those prints for in-kernel BTF verification.
1325 if (log->level == BPF_LOG_KERNEL && !fmt)
1328 __btf_verifier_log(log, "[%u] %s %s%s",
1331 __btf_name_by_offset(btf, t->name_off),
1332 log_details ? " " : "");
1335 btf_type_ops(t)->log_details(env, t);
1338 __btf_verifier_log(log, " ");
1339 va_start(args, fmt);
1340 bpf_verifier_vlog(log, fmt, args);
1344 __btf_verifier_log(log, "\n");
1347 #define btf_verifier_log_type(env, t, ...) \
1348 __btf_verifier_log_type((env), (t), true, __VA_ARGS__)
1349 #define btf_verifier_log_basic(env, t, ...) \
1350 __btf_verifier_log_type((env), (t), false, __VA_ARGS__)
1353 static void btf_verifier_log_member(struct btf_verifier_env *env,
1354 const struct btf_type *struct_type,
1355 const struct btf_member *member,
1356 const char *fmt, ...)
1358 struct bpf_verifier_log *log = &env->log;
1359 struct btf *btf = env->btf;
1362 if (!bpf_verifier_log_needed(log))
1365 if (log->level == BPF_LOG_KERNEL && !fmt)
1367 /* The CHECK_META phase already did a btf dump.
1369 * If member is logged again, it must hit an error in
1370 * parsing this member. It is useful to print out which
1371 * struct this member belongs to.
1373 if (env->phase != CHECK_META)
1374 btf_verifier_log_type(env, struct_type, NULL);
1376 if (btf_type_kflag(struct_type))
1377 __btf_verifier_log(log,
1378 "\t%s type_id=%u bitfield_size=%u bits_offset=%u",
1379 __btf_name_by_offset(btf, member->name_off),
1381 BTF_MEMBER_BITFIELD_SIZE(member->offset),
1382 BTF_MEMBER_BIT_OFFSET(member->offset));
1384 __btf_verifier_log(log, "\t%s type_id=%u bits_offset=%u",
1385 __btf_name_by_offset(btf, member->name_off),
1386 member->type, member->offset);
1389 __btf_verifier_log(log, " ");
1390 va_start(args, fmt);
1391 bpf_verifier_vlog(log, fmt, args);
1395 __btf_verifier_log(log, "\n");
1399 static void btf_verifier_log_vsi(struct btf_verifier_env *env,
1400 const struct btf_type *datasec_type,
1401 const struct btf_var_secinfo *vsi,
1402 const char *fmt, ...)
1404 struct bpf_verifier_log *log = &env->log;
1407 if (!bpf_verifier_log_needed(log))
1409 if (log->level == BPF_LOG_KERNEL && !fmt)
1411 if (env->phase != CHECK_META)
1412 btf_verifier_log_type(env, datasec_type, NULL);
1414 __btf_verifier_log(log, "\t type_id=%u offset=%u size=%u",
1415 vsi->type, vsi->offset, vsi->size);
1417 __btf_verifier_log(log, " ");
1418 va_start(args, fmt);
1419 bpf_verifier_vlog(log, fmt, args);
1423 __btf_verifier_log(log, "\n");
1426 static void btf_verifier_log_hdr(struct btf_verifier_env *env,
1429 struct bpf_verifier_log *log = &env->log;
1430 const struct btf *btf = env->btf;
1431 const struct btf_header *hdr;
1433 if (!bpf_verifier_log_needed(log))
1436 if (log->level == BPF_LOG_KERNEL)
1439 __btf_verifier_log(log, "magic: 0x%x\n", hdr->magic);
1440 __btf_verifier_log(log, "version: %u\n", hdr->version);
1441 __btf_verifier_log(log, "flags: 0x%x\n", hdr->flags);
1442 __btf_verifier_log(log, "hdr_len: %u\n", hdr->hdr_len);
1443 __btf_verifier_log(log, "type_off: %u\n", hdr->type_off);
1444 __btf_verifier_log(log, "type_len: %u\n", hdr->type_len);
1445 __btf_verifier_log(log, "str_off: %u\n", hdr->str_off);
1446 __btf_verifier_log(log, "str_len: %u\n", hdr->str_len);
1447 __btf_verifier_log(log, "btf_total_size: %u\n", btf_data_size);
1450 static int btf_add_type(struct btf_verifier_env *env, struct btf_type *t)
1452 struct btf *btf = env->btf;
1454 if (btf->types_size == btf->nr_types) {
1455 /* Expand 'types' array */
1457 struct btf_type **new_types;
1458 u32 expand_by, new_size;
1460 if (btf->start_id + btf->types_size == BTF_MAX_TYPE) {
1461 btf_verifier_log(env, "Exceeded max num of types");
1465 expand_by = max_t(u32, btf->types_size >> 2, 16);
1466 new_size = min_t(u32, BTF_MAX_TYPE,
1467 btf->types_size + expand_by);
1469 new_types = kvcalloc(new_size, sizeof(*new_types),
1470 GFP_KERNEL | __GFP_NOWARN);
1474 if (btf->nr_types == 0) {
1475 if (!btf->base_btf) {
1476 /* lazily init VOID type */
1477 new_types[0] = &btf_void;
1481 memcpy(new_types, btf->types,
1482 sizeof(*btf->types) * btf->nr_types);
1486 btf->types = new_types;
1487 btf->types_size = new_size;
1490 btf->types[btf->nr_types++] = t;
1495 static int btf_alloc_id(struct btf *btf)
1499 idr_preload(GFP_KERNEL);
1500 spin_lock_bh(&btf_idr_lock);
1501 id = idr_alloc_cyclic(&btf_idr, btf, 1, INT_MAX, GFP_ATOMIC);
1504 spin_unlock_bh(&btf_idr_lock);
1507 if (WARN_ON_ONCE(!id))
1510 return id > 0 ? 0 : id;
1513 static void btf_free_id(struct btf *btf)
1515 unsigned long flags;
1518 * In map-in-map, calling map_delete_elem() on outer
1519 * map will call bpf_map_put on the inner map.
1520 * It will then eventually call btf_free_id()
1521 * on the inner map. Some of the map_delete_elem()
1522 * implementation may have irq disabled, so
1523 * we need to use the _irqsave() version instead
1524 * of the _bh() version.
1526 spin_lock_irqsave(&btf_idr_lock, flags);
1527 idr_remove(&btf_idr, btf->id);
1528 spin_unlock_irqrestore(&btf_idr_lock, flags);
1531 static void btf_free(struct btf *btf)
1534 kvfree(btf->resolved_sizes);
1535 kvfree(btf->resolved_ids);
1540 static void btf_free_rcu(struct rcu_head *rcu)
1542 struct btf *btf = container_of(rcu, struct btf, rcu);
1547 void btf_get(struct btf *btf)
1549 refcount_inc(&btf->refcnt);
1552 void btf_put(struct btf *btf)
1554 if (btf && refcount_dec_and_test(&btf->refcnt)) {
1556 call_rcu(&btf->rcu, btf_free_rcu);
1560 static int env_resolve_init(struct btf_verifier_env *env)
1562 struct btf *btf = env->btf;
1563 u32 nr_types = btf->nr_types;
1564 u32 *resolved_sizes = NULL;
1565 u32 *resolved_ids = NULL;
1566 u8 *visit_states = NULL;
1568 resolved_sizes = kvcalloc(nr_types, sizeof(*resolved_sizes),
1569 GFP_KERNEL | __GFP_NOWARN);
1570 if (!resolved_sizes)
1573 resolved_ids = kvcalloc(nr_types, sizeof(*resolved_ids),
1574 GFP_KERNEL | __GFP_NOWARN);
1578 visit_states = kvcalloc(nr_types, sizeof(*visit_states),
1579 GFP_KERNEL | __GFP_NOWARN);
1583 btf->resolved_sizes = resolved_sizes;
1584 btf->resolved_ids = resolved_ids;
1585 env->visit_states = visit_states;
1590 kvfree(resolved_sizes);
1591 kvfree(resolved_ids);
1592 kvfree(visit_states);
1596 static void btf_verifier_env_free(struct btf_verifier_env *env)
1598 kvfree(env->visit_states);
1602 static bool env_type_is_resolve_sink(const struct btf_verifier_env *env,
1603 const struct btf_type *next_type)
1605 switch (env->resolve_mode) {
1607 /* int, enum or void is a sink */
1608 return !btf_type_needs_resolve(next_type);
1610 /* int, enum, void, struct, array, func or func_proto is a sink
1613 return !btf_type_is_modifier(next_type) &&
1614 !btf_type_is_ptr(next_type);
1615 case RESOLVE_STRUCT_OR_ARRAY:
1616 /* int, enum, void, ptr, func or func_proto is a sink
1617 * for struct and array
1619 return !btf_type_is_modifier(next_type) &&
1620 !btf_type_is_array(next_type) &&
1621 !btf_type_is_struct(next_type);
1627 static bool env_type_is_resolved(const struct btf_verifier_env *env,
1630 /* base BTF types should be resolved by now */
1631 if (type_id < env->btf->start_id)
1634 return env->visit_states[type_id - env->btf->start_id] == RESOLVED;
1637 static int env_stack_push(struct btf_verifier_env *env,
1638 const struct btf_type *t, u32 type_id)
1640 const struct btf *btf = env->btf;
1641 struct resolve_vertex *v;
1643 if (env->top_stack == MAX_RESOLVE_DEPTH)
1646 if (type_id < btf->start_id
1647 || env->visit_states[type_id - btf->start_id] != NOT_VISITED)
1650 env->visit_states[type_id - btf->start_id] = VISITED;
1652 v = &env->stack[env->top_stack++];
1654 v->type_id = type_id;
1657 if (env->resolve_mode == RESOLVE_TBD) {
1658 if (btf_type_is_ptr(t))
1659 env->resolve_mode = RESOLVE_PTR;
1660 else if (btf_type_is_struct(t) || btf_type_is_array(t))
1661 env->resolve_mode = RESOLVE_STRUCT_OR_ARRAY;
1667 static void env_stack_set_next_member(struct btf_verifier_env *env,
1670 env->stack[env->top_stack - 1].next_member = next_member;
1673 static void env_stack_pop_resolved(struct btf_verifier_env *env,
1674 u32 resolved_type_id,
1677 u32 type_id = env->stack[--(env->top_stack)].type_id;
1678 struct btf *btf = env->btf;
1680 type_id -= btf->start_id; /* adjust to local type id */
1681 btf->resolved_sizes[type_id] = resolved_size;
1682 btf->resolved_ids[type_id] = resolved_type_id;
1683 env->visit_states[type_id] = RESOLVED;
1686 static const struct resolve_vertex *env_stack_peak(struct btf_verifier_env *env)
1688 return env->top_stack ? &env->stack[env->top_stack - 1] : NULL;
1691 /* Resolve the size of a passed-in "type"
1693 * type: is an array (e.g. u32 array[x][y])
1694 * return type: type "u32[x][y]", i.e. BTF_KIND_ARRAY,
1695 * *type_size: (x * y * sizeof(u32)). Hence, *type_size always
1696 * corresponds to the return type.
1698 * *elem_id: id of u32
1699 * *total_nelems: (x * y). Hence, individual elem size is
1700 * (*type_size / *total_nelems)
1701 * *type_id: id of type if it's changed within the function, 0 if not
1703 * type: is not an array (e.g. const struct X)
1704 * return type: type "struct X"
1705 * *type_size: sizeof(struct X)
1706 * *elem_type: same as return type ("struct X")
1709 * *type_id: id of type if it's changed within the function, 0 if not
1711 static const struct btf_type *
1712 __btf_resolve_size(const struct btf *btf, const struct btf_type *type,
1713 u32 *type_size, const struct btf_type **elem_type,
1714 u32 *elem_id, u32 *total_nelems, u32 *type_id)
1716 const struct btf_type *array_type = NULL;
1717 const struct btf_array *array = NULL;
1718 u32 i, size, nelems = 1, id = 0;
1720 for (i = 0; i < MAX_RESOLVE_DEPTH; i++) {
1721 switch (BTF_INFO_KIND(type->info)) {
1722 /* type->size can be used */
1724 case BTF_KIND_STRUCT:
1725 case BTF_KIND_UNION:
1727 case BTF_KIND_FLOAT:
1732 size = sizeof(void *);
1736 case BTF_KIND_TYPEDEF:
1737 case BTF_KIND_VOLATILE:
1738 case BTF_KIND_CONST:
1739 case BTF_KIND_RESTRICT:
1741 type = btf_type_by_id(btf, type->type);
1744 case BTF_KIND_ARRAY:
1747 array = btf_type_array(type);
1748 if (nelems && array->nelems > U32_MAX / nelems)
1749 return ERR_PTR(-EINVAL);
1750 nelems *= array->nelems;
1751 type = btf_type_by_id(btf, array->type);
1754 /* type without size */
1756 return ERR_PTR(-EINVAL);
1760 return ERR_PTR(-EINVAL);
1763 if (nelems && size > U32_MAX / nelems)
1764 return ERR_PTR(-EINVAL);
1766 *type_size = nelems * size;
1768 *total_nelems = nelems;
1772 *elem_id = array ? array->type : 0;
1776 return array_type ? : type;
1779 const struct btf_type *
1780 btf_resolve_size(const struct btf *btf, const struct btf_type *type,
1783 return __btf_resolve_size(btf, type, type_size, NULL, NULL, NULL, NULL);
1786 static u32 btf_resolved_type_id(const struct btf *btf, u32 type_id)
1788 while (type_id < btf->start_id)
1789 btf = btf->base_btf;
1791 return btf->resolved_ids[type_id - btf->start_id];
1794 /* The input param "type_id" must point to a needs_resolve type */
1795 static const struct btf_type *btf_type_id_resolve(const struct btf *btf,
1798 *type_id = btf_resolved_type_id(btf, *type_id);
1799 return btf_type_by_id(btf, *type_id);
1802 static u32 btf_resolved_type_size(const struct btf *btf, u32 type_id)
1804 while (type_id < btf->start_id)
1805 btf = btf->base_btf;
1807 return btf->resolved_sizes[type_id - btf->start_id];
1810 const struct btf_type *btf_type_id_size(const struct btf *btf,
1811 u32 *type_id, u32 *ret_size)
1813 const struct btf_type *size_type;
1814 u32 size_type_id = *type_id;
1817 size_type = btf_type_by_id(btf, size_type_id);
1818 if (btf_type_nosize_or_null(size_type))
1821 if (btf_type_has_size(size_type)) {
1822 size = size_type->size;
1823 } else if (btf_type_is_array(size_type)) {
1824 size = btf_resolved_type_size(btf, size_type_id);
1825 } else if (btf_type_is_ptr(size_type)) {
1826 size = sizeof(void *);
1828 if (WARN_ON_ONCE(!btf_type_is_modifier(size_type) &&
1829 !btf_type_is_var(size_type)))
1832 size_type_id = btf_resolved_type_id(btf, size_type_id);
1833 size_type = btf_type_by_id(btf, size_type_id);
1834 if (btf_type_nosize_or_null(size_type))
1836 else if (btf_type_has_size(size_type))
1837 size = size_type->size;
1838 else if (btf_type_is_array(size_type))
1839 size = btf_resolved_type_size(btf, size_type_id);
1840 else if (btf_type_is_ptr(size_type))
1841 size = sizeof(void *);
1846 *type_id = size_type_id;
1853 static int btf_df_check_member(struct btf_verifier_env *env,
1854 const struct btf_type *struct_type,
1855 const struct btf_member *member,
1856 const struct btf_type *member_type)
1858 btf_verifier_log_basic(env, struct_type,
1859 "Unsupported check_member");
1863 static int btf_df_check_kflag_member(struct btf_verifier_env *env,
1864 const struct btf_type *struct_type,
1865 const struct btf_member *member,
1866 const struct btf_type *member_type)
1868 btf_verifier_log_basic(env, struct_type,
1869 "Unsupported check_kflag_member");
1873 /* Used for ptr, array struct/union and float type members.
1874 * int, enum and modifier types have their specific callback functions.
1876 static int btf_generic_check_kflag_member(struct btf_verifier_env *env,
1877 const struct btf_type *struct_type,
1878 const struct btf_member *member,
1879 const struct btf_type *member_type)
1881 if (BTF_MEMBER_BITFIELD_SIZE(member->offset)) {
1882 btf_verifier_log_member(env, struct_type, member,
1883 "Invalid member bitfield_size");
1887 /* bitfield size is 0, so member->offset represents bit offset only.
1888 * It is safe to call non kflag check_member variants.
1890 return btf_type_ops(member_type)->check_member(env, struct_type,
1895 static int btf_df_resolve(struct btf_verifier_env *env,
1896 const struct resolve_vertex *v)
1898 btf_verifier_log_basic(env, v->t, "Unsupported resolve");
1902 static void btf_df_show(const struct btf *btf, const struct btf_type *t,
1903 u32 type_id, void *data, u8 bits_offsets,
1904 struct btf_show *show)
1906 btf_show(show, "<unsupported kind:%u>", BTF_INFO_KIND(t->info));
1909 static int btf_int_check_member(struct btf_verifier_env *env,
1910 const struct btf_type *struct_type,
1911 const struct btf_member *member,
1912 const struct btf_type *member_type)
1914 u32 int_data = btf_type_int(member_type);
1915 u32 struct_bits_off = member->offset;
1916 u32 struct_size = struct_type->size;
1920 if (U32_MAX - struct_bits_off < BTF_INT_OFFSET(int_data)) {
1921 btf_verifier_log_member(env, struct_type, member,
1922 "bits_offset exceeds U32_MAX");
1926 struct_bits_off += BTF_INT_OFFSET(int_data);
1927 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1928 nr_copy_bits = BTF_INT_BITS(int_data) +
1929 BITS_PER_BYTE_MASKED(struct_bits_off);
1931 if (nr_copy_bits > BITS_PER_U128) {
1932 btf_verifier_log_member(env, struct_type, member,
1933 "nr_copy_bits exceeds 128");
1937 if (struct_size < bytes_offset ||
1938 struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
1939 btf_verifier_log_member(env, struct_type, member,
1940 "Member exceeds struct_size");
1947 static int btf_int_check_kflag_member(struct btf_verifier_env *env,
1948 const struct btf_type *struct_type,
1949 const struct btf_member *member,
1950 const struct btf_type *member_type)
1952 u32 struct_bits_off, nr_bits, nr_int_data_bits, bytes_offset;
1953 u32 int_data = btf_type_int(member_type);
1954 u32 struct_size = struct_type->size;
1957 /* a regular int type is required for the kflag int member */
1958 if (!btf_type_int_is_regular(member_type)) {
1959 btf_verifier_log_member(env, struct_type, member,
1960 "Invalid member base type");
1964 /* check sanity of bitfield size */
1965 nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
1966 struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
1967 nr_int_data_bits = BTF_INT_BITS(int_data);
1969 /* Not a bitfield member, member offset must be at byte
1972 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
1973 btf_verifier_log_member(env, struct_type, member,
1974 "Invalid member offset");
1978 nr_bits = nr_int_data_bits;
1979 } else if (nr_bits > nr_int_data_bits) {
1980 btf_verifier_log_member(env, struct_type, member,
1981 "Invalid member bitfield_size");
1985 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1986 nr_copy_bits = nr_bits + BITS_PER_BYTE_MASKED(struct_bits_off);
1987 if (nr_copy_bits > BITS_PER_U128) {
1988 btf_verifier_log_member(env, struct_type, member,
1989 "nr_copy_bits exceeds 128");
1993 if (struct_size < bytes_offset ||
1994 struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
1995 btf_verifier_log_member(env, struct_type, member,
1996 "Member exceeds struct_size");
2003 static s32 btf_int_check_meta(struct btf_verifier_env *env,
2004 const struct btf_type *t,
2007 u32 int_data, nr_bits, meta_needed = sizeof(int_data);
2010 if (meta_left < meta_needed) {
2011 btf_verifier_log_basic(env, t,
2012 "meta_left:%u meta_needed:%u",
2013 meta_left, meta_needed);
2017 if (btf_type_vlen(t)) {
2018 btf_verifier_log_type(env, t, "vlen != 0");
2022 if (btf_type_kflag(t)) {
2023 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
2027 int_data = btf_type_int(t);
2028 if (int_data & ~BTF_INT_MASK) {
2029 btf_verifier_log_basic(env, t, "Invalid int_data:%x",
2034 nr_bits = BTF_INT_BITS(int_data) + BTF_INT_OFFSET(int_data);
2036 if (nr_bits > BITS_PER_U128) {
2037 btf_verifier_log_type(env, t, "nr_bits exceeds %zu",
2042 if (BITS_ROUNDUP_BYTES(nr_bits) > t->size) {
2043 btf_verifier_log_type(env, t, "nr_bits exceeds type_size");
2048 * Only one of the encoding bits is allowed and it
2049 * should be sufficient for the pretty print purpose (i.e. decoding).
2050 * Multiple bits can be allowed later if it is found
2051 * to be insufficient.
2053 encoding = BTF_INT_ENCODING(int_data);
2055 encoding != BTF_INT_SIGNED &&
2056 encoding != BTF_INT_CHAR &&
2057 encoding != BTF_INT_BOOL) {
2058 btf_verifier_log_type(env, t, "Unsupported encoding");
2062 btf_verifier_log_type(env, t, NULL);
2067 static void btf_int_log(struct btf_verifier_env *env,
2068 const struct btf_type *t)
2070 int int_data = btf_type_int(t);
2072 btf_verifier_log(env,
2073 "size=%u bits_offset=%u nr_bits=%u encoding=%s",
2074 t->size, BTF_INT_OFFSET(int_data),
2075 BTF_INT_BITS(int_data),
2076 btf_int_encoding_str(BTF_INT_ENCODING(int_data)));
2079 static void btf_int128_print(struct btf_show *show, void *data)
2081 /* data points to a __int128 number.
2083 * int128_num = *(__int128 *)data;
2084 * The below formulas shows what upper_num and lower_num represents:
2085 * upper_num = int128_num >> 64;
2086 * lower_num = int128_num & 0xffffffffFFFFFFFFULL;
2088 u64 upper_num, lower_num;
2090 #ifdef __BIG_ENDIAN_BITFIELD
2091 upper_num = *(u64 *)data;
2092 lower_num = *(u64 *)(data + 8);
2094 upper_num = *(u64 *)(data + 8);
2095 lower_num = *(u64 *)data;
2098 btf_show_type_value(show, "0x%llx", lower_num);
2100 btf_show_type_values(show, "0x%llx%016llx", upper_num,
2104 static void btf_int128_shift(u64 *print_num, u16 left_shift_bits,
2105 u16 right_shift_bits)
2107 u64 upper_num, lower_num;
2109 #ifdef __BIG_ENDIAN_BITFIELD
2110 upper_num = print_num[0];
2111 lower_num = print_num[1];
2113 upper_num = print_num[1];
2114 lower_num = print_num[0];
2117 /* shake out un-needed bits by shift/or operations */
2118 if (left_shift_bits >= 64) {
2119 upper_num = lower_num << (left_shift_bits - 64);
2122 upper_num = (upper_num << left_shift_bits) |
2123 (lower_num >> (64 - left_shift_bits));
2124 lower_num = lower_num << left_shift_bits;
2127 if (right_shift_bits >= 64) {
2128 lower_num = upper_num >> (right_shift_bits - 64);
2131 lower_num = (lower_num >> right_shift_bits) |
2132 (upper_num << (64 - right_shift_bits));
2133 upper_num = upper_num >> right_shift_bits;
2136 #ifdef __BIG_ENDIAN_BITFIELD
2137 print_num[0] = upper_num;
2138 print_num[1] = lower_num;
2140 print_num[0] = lower_num;
2141 print_num[1] = upper_num;
2145 static void btf_bitfield_show(void *data, u8 bits_offset,
2146 u8 nr_bits, struct btf_show *show)
2148 u16 left_shift_bits, right_shift_bits;
2151 u64 print_num[2] = {};
2153 nr_copy_bits = nr_bits + bits_offset;
2154 nr_copy_bytes = BITS_ROUNDUP_BYTES(nr_copy_bits);
2156 memcpy(print_num, data, nr_copy_bytes);
2158 #ifdef __BIG_ENDIAN_BITFIELD
2159 left_shift_bits = bits_offset;
2161 left_shift_bits = BITS_PER_U128 - nr_copy_bits;
2163 right_shift_bits = BITS_PER_U128 - nr_bits;
2165 btf_int128_shift(print_num, left_shift_bits, right_shift_bits);
2166 btf_int128_print(show, print_num);
2170 static void btf_int_bits_show(const struct btf *btf,
2171 const struct btf_type *t,
2172 void *data, u8 bits_offset,
2173 struct btf_show *show)
2175 u32 int_data = btf_type_int(t);
2176 u8 nr_bits = BTF_INT_BITS(int_data);
2177 u8 total_bits_offset;
2180 * bits_offset is at most 7.
2181 * BTF_INT_OFFSET() cannot exceed 128 bits.
2183 total_bits_offset = bits_offset + BTF_INT_OFFSET(int_data);
2184 data += BITS_ROUNDDOWN_BYTES(total_bits_offset);
2185 bits_offset = BITS_PER_BYTE_MASKED(total_bits_offset);
2186 btf_bitfield_show(data, bits_offset, nr_bits, show);
2189 static void btf_int_show(const struct btf *btf, const struct btf_type *t,
2190 u32 type_id, void *data, u8 bits_offset,
2191 struct btf_show *show)
2193 u32 int_data = btf_type_int(t);
2194 u8 encoding = BTF_INT_ENCODING(int_data);
2195 bool sign = encoding & BTF_INT_SIGNED;
2196 u8 nr_bits = BTF_INT_BITS(int_data);
2199 safe_data = btf_show_start_type(show, t, type_id, data);
2203 if (bits_offset || BTF_INT_OFFSET(int_data) ||
2204 BITS_PER_BYTE_MASKED(nr_bits)) {
2205 btf_int_bits_show(btf, t, safe_data, bits_offset, show);
2211 btf_int128_print(show, safe_data);
2215 btf_show_type_value(show, "%lld", *(s64 *)safe_data);
2217 btf_show_type_value(show, "%llu", *(u64 *)safe_data);
2221 btf_show_type_value(show, "%d", *(s32 *)safe_data);
2223 btf_show_type_value(show, "%u", *(u32 *)safe_data);
2227 btf_show_type_value(show, "%d", *(s16 *)safe_data);
2229 btf_show_type_value(show, "%u", *(u16 *)safe_data);
2232 if (show->state.array_encoding == BTF_INT_CHAR) {
2233 /* check for null terminator */
2234 if (show->state.array_terminated)
2236 if (*(char *)data == '\0') {
2237 show->state.array_terminated = 1;
2240 if (isprint(*(char *)data)) {
2241 btf_show_type_value(show, "'%c'",
2242 *(char *)safe_data);
2247 btf_show_type_value(show, "%d", *(s8 *)safe_data);
2249 btf_show_type_value(show, "%u", *(u8 *)safe_data);
2252 btf_int_bits_show(btf, t, safe_data, bits_offset, show);
2256 btf_show_end_type(show);
2259 static const struct btf_kind_operations int_ops = {
2260 .check_meta = btf_int_check_meta,
2261 .resolve = btf_df_resolve,
2262 .check_member = btf_int_check_member,
2263 .check_kflag_member = btf_int_check_kflag_member,
2264 .log_details = btf_int_log,
2265 .show = btf_int_show,
2268 static int btf_modifier_check_member(struct btf_verifier_env *env,
2269 const struct btf_type *struct_type,
2270 const struct btf_member *member,
2271 const struct btf_type *member_type)
2273 const struct btf_type *resolved_type;
2274 u32 resolved_type_id = member->type;
2275 struct btf_member resolved_member;
2276 struct btf *btf = env->btf;
2278 resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
2279 if (!resolved_type) {
2280 btf_verifier_log_member(env, struct_type, member,
2285 resolved_member = *member;
2286 resolved_member.type = resolved_type_id;
2288 return btf_type_ops(resolved_type)->check_member(env, struct_type,
2293 static int btf_modifier_check_kflag_member(struct btf_verifier_env *env,
2294 const struct btf_type *struct_type,
2295 const struct btf_member *member,
2296 const struct btf_type *member_type)
2298 const struct btf_type *resolved_type;
2299 u32 resolved_type_id = member->type;
2300 struct btf_member resolved_member;
2301 struct btf *btf = env->btf;
2303 resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
2304 if (!resolved_type) {
2305 btf_verifier_log_member(env, struct_type, member,
2310 resolved_member = *member;
2311 resolved_member.type = resolved_type_id;
2313 return btf_type_ops(resolved_type)->check_kflag_member(env, struct_type,
2318 static int btf_ptr_check_member(struct btf_verifier_env *env,
2319 const struct btf_type *struct_type,
2320 const struct btf_member *member,
2321 const struct btf_type *member_type)
2323 u32 struct_size, struct_bits_off, bytes_offset;
2325 struct_size = struct_type->size;
2326 struct_bits_off = member->offset;
2327 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2329 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2330 btf_verifier_log_member(env, struct_type, member,
2331 "Member is not byte aligned");
2335 if (struct_size - bytes_offset < sizeof(void *)) {
2336 btf_verifier_log_member(env, struct_type, member,
2337 "Member exceeds struct_size");
2344 static int btf_ref_type_check_meta(struct btf_verifier_env *env,
2345 const struct btf_type *t,
2348 if (btf_type_vlen(t)) {
2349 btf_verifier_log_type(env, t, "vlen != 0");
2353 if (btf_type_kflag(t)) {
2354 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
2358 if (!BTF_TYPE_ID_VALID(t->type)) {
2359 btf_verifier_log_type(env, t, "Invalid type_id");
2363 /* typedef type must have a valid name, and other ref types,
2364 * volatile, const, restrict, should have a null name.
2366 if (BTF_INFO_KIND(t->info) == BTF_KIND_TYPEDEF) {
2368 !btf_name_valid_identifier(env->btf, t->name_off)) {
2369 btf_verifier_log_type(env, t, "Invalid name");
2374 btf_verifier_log_type(env, t, "Invalid name");
2379 btf_verifier_log_type(env, t, NULL);
2384 static int btf_modifier_resolve(struct btf_verifier_env *env,
2385 const struct resolve_vertex *v)
2387 const struct btf_type *t = v->t;
2388 const struct btf_type *next_type;
2389 u32 next_type_id = t->type;
2390 struct btf *btf = env->btf;
2392 next_type = btf_type_by_id(btf, next_type_id);
2393 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2394 btf_verifier_log_type(env, v->t, "Invalid type_id");
2398 if (!env_type_is_resolve_sink(env, next_type) &&
2399 !env_type_is_resolved(env, next_type_id))
2400 return env_stack_push(env, next_type, next_type_id);
2402 /* Figure out the resolved next_type_id with size.
2403 * They will be stored in the current modifier's
2404 * resolved_ids and resolved_sizes such that it can
2405 * save us a few type-following when we use it later (e.g. in
2408 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2409 if (env_type_is_resolved(env, next_type_id))
2410 next_type = btf_type_id_resolve(btf, &next_type_id);
2412 /* "typedef void new_void", "const void"...etc */
2413 if (!btf_type_is_void(next_type) &&
2414 !btf_type_is_fwd(next_type) &&
2415 !btf_type_is_func_proto(next_type)) {
2416 btf_verifier_log_type(env, v->t, "Invalid type_id");
2421 env_stack_pop_resolved(env, next_type_id, 0);
2426 static int btf_var_resolve(struct btf_verifier_env *env,
2427 const struct resolve_vertex *v)
2429 const struct btf_type *next_type;
2430 const struct btf_type *t = v->t;
2431 u32 next_type_id = t->type;
2432 struct btf *btf = env->btf;
2434 next_type = btf_type_by_id(btf, next_type_id);
2435 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2436 btf_verifier_log_type(env, v->t, "Invalid type_id");
2440 if (!env_type_is_resolve_sink(env, next_type) &&
2441 !env_type_is_resolved(env, next_type_id))
2442 return env_stack_push(env, next_type, next_type_id);
2444 if (btf_type_is_modifier(next_type)) {
2445 const struct btf_type *resolved_type;
2446 u32 resolved_type_id;
2448 resolved_type_id = next_type_id;
2449 resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
2451 if (btf_type_is_ptr(resolved_type) &&
2452 !env_type_is_resolve_sink(env, resolved_type) &&
2453 !env_type_is_resolved(env, resolved_type_id))
2454 return env_stack_push(env, resolved_type,
2458 /* We must resolve to something concrete at this point, no
2459 * forward types or similar that would resolve to size of
2462 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2463 btf_verifier_log_type(env, v->t, "Invalid type_id");
2467 env_stack_pop_resolved(env, next_type_id, 0);
2472 static int btf_ptr_resolve(struct btf_verifier_env *env,
2473 const struct resolve_vertex *v)
2475 const struct btf_type *next_type;
2476 const struct btf_type *t = v->t;
2477 u32 next_type_id = t->type;
2478 struct btf *btf = env->btf;
2480 next_type = btf_type_by_id(btf, next_type_id);
2481 if (!next_type || btf_type_is_resolve_source_only(next_type)) {
2482 btf_verifier_log_type(env, v->t, "Invalid type_id");
2486 if (!env_type_is_resolve_sink(env, next_type) &&
2487 !env_type_is_resolved(env, next_type_id))
2488 return env_stack_push(env, next_type, next_type_id);
2490 /* If the modifier was RESOLVED during RESOLVE_STRUCT_OR_ARRAY,
2491 * the modifier may have stopped resolving when it was resolved
2492 * to a ptr (last-resolved-ptr).
2494 * We now need to continue from the last-resolved-ptr to
2495 * ensure the last-resolved-ptr will not referring back to
2496 * the currenct ptr (t).
2498 if (btf_type_is_modifier(next_type)) {
2499 const struct btf_type *resolved_type;
2500 u32 resolved_type_id;
2502 resolved_type_id = next_type_id;
2503 resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
2505 if (btf_type_is_ptr(resolved_type) &&
2506 !env_type_is_resolve_sink(env, resolved_type) &&
2507 !env_type_is_resolved(env, resolved_type_id))
2508 return env_stack_push(env, resolved_type,
2512 if (!btf_type_id_size(btf, &next_type_id, NULL)) {
2513 if (env_type_is_resolved(env, next_type_id))
2514 next_type = btf_type_id_resolve(btf, &next_type_id);
2516 if (!btf_type_is_void(next_type) &&
2517 !btf_type_is_fwd(next_type) &&
2518 !btf_type_is_func_proto(next_type)) {
2519 btf_verifier_log_type(env, v->t, "Invalid type_id");
2524 env_stack_pop_resolved(env, next_type_id, 0);
2529 static void btf_modifier_show(const struct btf *btf,
2530 const struct btf_type *t,
2531 u32 type_id, void *data,
2532 u8 bits_offset, struct btf_show *show)
2534 if (btf->resolved_ids)
2535 t = btf_type_id_resolve(btf, &type_id);
2537 t = btf_type_skip_modifiers(btf, type_id, NULL);
2539 btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
2542 static void btf_var_show(const struct btf *btf, const struct btf_type *t,
2543 u32 type_id, void *data, u8 bits_offset,
2544 struct btf_show *show)
2546 t = btf_type_id_resolve(btf, &type_id);
2548 btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
2551 static void btf_ptr_show(const struct btf *btf, const struct btf_type *t,
2552 u32 type_id, void *data, u8 bits_offset,
2553 struct btf_show *show)
2557 safe_data = btf_show_start_type(show, t, type_id, data);
2561 /* It is a hashed value unless BTF_SHOW_PTR_RAW is specified */
2562 if (show->flags & BTF_SHOW_PTR_RAW)
2563 btf_show_type_value(show, "0x%px", *(void **)safe_data);
2565 btf_show_type_value(show, "0x%p", *(void **)safe_data);
2566 btf_show_end_type(show);
2569 static void btf_ref_type_log(struct btf_verifier_env *env,
2570 const struct btf_type *t)
2572 btf_verifier_log(env, "type_id=%u", t->type);
2575 static struct btf_kind_operations modifier_ops = {
2576 .check_meta = btf_ref_type_check_meta,
2577 .resolve = btf_modifier_resolve,
2578 .check_member = btf_modifier_check_member,
2579 .check_kflag_member = btf_modifier_check_kflag_member,
2580 .log_details = btf_ref_type_log,
2581 .show = btf_modifier_show,
2584 static struct btf_kind_operations ptr_ops = {
2585 .check_meta = btf_ref_type_check_meta,
2586 .resolve = btf_ptr_resolve,
2587 .check_member = btf_ptr_check_member,
2588 .check_kflag_member = btf_generic_check_kflag_member,
2589 .log_details = btf_ref_type_log,
2590 .show = btf_ptr_show,
2593 static s32 btf_fwd_check_meta(struct btf_verifier_env *env,
2594 const struct btf_type *t,
2597 if (btf_type_vlen(t)) {
2598 btf_verifier_log_type(env, t, "vlen != 0");
2603 btf_verifier_log_type(env, t, "type != 0");
2607 /* fwd type must have a valid name */
2609 !btf_name_valid_identifier(env->btf, t->name_off)) {
2610 btf_verifier_log_type(env, t, "Invalid name");
2614 btf_verifier_log_type(env, t, NULL);
2619 static void btf_fwd_type_log(struct btf_verifier_env *env,
2620 const struct btf_type *t)
2622 btf_verifier_log(env, "%s", btf_type_kflag(t) ? "union" : "struct");
2625 static struct btf_kind_operations fwd_ops = {
2626 .check_meta = btf_fwd_check_meta,
2627 .resolve = btf_df_resolve,
2628 .check_member = btf_df_check_member,
2629 .check_kflag_member = btf_df_check_kflag_member,
2630 .log_details = btf_fwd_type_log,
2631 .show = btf_df_show,
2634 static int btf_array_check_member(struct btf_verifier_env *env,
2635 const struct btf_type *struct_type,
2636 const struct btf_member *member,
2637 const struct btf_type *member_type)
2639 u32 struct_bits_off = member->offset;
2640 u32 struct_size, bytes_offset;
2641 u32 array_type_id, array_size;
2642 struct btf *btf = env->btf;
2644 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2645 btf_verifier_log_member(env, struct_type, member,
2646 "Member is not byte aligned");
2650 array_type_id = member->type;
2651 btf_type_id_size(btf, &array_type_id, &array_size);
2652 struct_size = struct_type->size;
2653 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2654 if (struct_size - bytes_offset < array_size) {
2655 btf_verifier_log_member(env, struct_type, member,
2656 "Member exceeds struct_size");
2663 static s32 btf_array_check_meta(struct btf_verifier_env *env,
2664 const struct btf_type *t,
2667 const struct btf_array *array = btf_type_array(t);
2668 u32 meta_needed = sizeof(*array);
2670 if (meta_left < meta_needed) {
2671 btf_verifier_log_basic(env, t,
2672 "meta_left:%u meta_needed:%u",
2673 meta_left, meta_needed);
2677 /* array type should not have a name */
2679 btf_verifier_log_type(env, t, "Invalid name");
2683 if (btf_type_vlen(t)) {
2684 btf_verifier_log_type(env, t, "vlen != 0");
2688 if (btf_type_kflag(t)) {
2689 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
2694 btf_verifier_log_type(env, t, "size != 0");
2698 /* Array elem type and index type cannot be in type void,
2699 * so !array->type and !array->index_type are not allowed.
2701 if (!array->type || !BTF_TYPE_ID_VALID(array->type)) {
2702 btf_verifier_log_type(env, t, "Invalid elem");
2706 if (!array->index_type || !BTF_TYPE_ID_VALID(array->index_type)) {
2707 btf_verifier_log_type(env, t, "Invalid index");
2711 btf_verifier_log_type(env, t, NULL);
2716 static int btf_array_resolve(struct btf_verifier_env *env,
2717 const struct resolve_vertex *v)
2719 const struct btf_array *array = btf_type_array(v->t);
2720 const struct btf_type *elem_type, *index_type;
2721 u32 elem_type_id, index_type_id;
2722 struct btf *btf = env->btf;
2725 /* Check array->index_type */
2726 index_type_id = array->index_type;
2727 index_type = btf_type_by_id(btf, index_type_id);
2728 if (btf_type_nosize_or_null(index_type) ||
2729 btf_type_is_resolve_source_only(index_type)) {
2730 btf_verifier_log_type(env, v->t, "Invalid index");
2734 if (!env_type_is_resolve_sink(env, index_type) &&
2735 !env_type_is_resolved(env, index_type_id))
2736 return env_stack_push(env, index_type, index_type_id);
2738 index_type = btf_type_id_size(btf, &index_type_id, NULL);
2739 if (!index_type || !btf_type_is_int(index_type) ||
2740 !btf_type_int_is_regular(index_type)) {
2741 btf_verifier_log_type(env, v->t, "Invalid index");
2745 /* Check array->type */
2746 elem_type_id = array->type;
2747 elem_type = btf_type_by_id(btf, elem_type_id);
2748 if (btf_type_nosize_or_null(elem_type) ||
2749 btf_type_is_resolve_source_only(elem_type)) {
2750 btf_verifier_log_type(env, v->t,
2755 if (!env_type_is_resolve_sink(env, elem_type) &&
2756 !env_type_is_resolved(env, elem_type_id))
2757 return env_stack_push(env, elem_type, elem_type_id);
2759 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
2761 btf_verifier_log_type(env, v->t, "Invalid elem");
2765 if (btf_type_is_int(elem_type) && !btf_type_int_is_regular(elem_type)) {
2766 btf_verifier_log_type(env, v->t, "Invalid array of int");
2770 if (array->nelems && elem_size > U32_MAX / array->nelems) {
2771 btf_verifier_log_type(env, v->t,
2772 "Array size overflows U32_MAX");
2776 env_stack_pop_resolved(env, elem_type_id, elem_size * array->nelems);
2781 static void btf_array_log(struct btf_verifier_env *env,
2782 const struct btf_type *t)
2784 const struct btf_array *array = btf_type_array(t);
2786 btf_verifier_log(env, "type_id=%u index_type_id=%u nr_elems=%u",
2787 array->type, array->index_type, array->nelems);
2790 static void __btf_array_show(const struct btf *btf, const struct btf_type *t,
2791 u32 type_id, void *data, u8 bits_offset,
2792 struct btf_show *show)
2794 const struct btf_array *array = btf_type_array(t);
2795 const struct btf_kind_operations *elem_ops;
2796 const struct btf_type *elem_type;
2797 u32 i, elem_size = 0, elem_type_id;
2800 elem_type_id = array->type;
2801 elem_type = btf_type_skip_modifiers(btf, elem_type_id, NULL);
2802 if (elem_type && btf_type_has_size(elem_type))
2803 elem_size = elem_type->size;
2805 if (elem_type && btf_type_is_int(elem_type)) {
2806 u32 int_type = btf_type_int(elem_type);
2808 encoding = BTF_INT_ENCODING(int_type);
2811 * BTF_INT_CHAR encoding never seems to be set for
2812 * char arrays, so if size is 1 and element is
2813 * printable as a char, we'll do that.
2816 encoding = BTF_INT_CHAR;
2819 if (!btf_show_start_array_type(show, t, type_id, encoding, data))
2824 elem_ops = btf_type_ops(elem_type);
2826 for (i = 0; i < array->nelems; i++) {
2828 btf_show_start_array_member(show);
2830 elem_ops->show(btf, elem_type, elem_type_id, data,
2834 btf_show_end_array_member(show);
2836 if (show->state.array_terminated)
2840 btf_show_end_array_type(show);
2843 static void btf_array_show(const struct btf *btf, const struct btf_type *t,
2844 u32 type_id, void *data, u8 bits_offset,
2845 struct btf_show *show)
2847 const struct btf_member *m = show->state.member;
2850 * First check if any members would be shown (are non-zero).
2851 * See comments above "struct btf_show" definition for more
2852 * details on how this works at a high-level.
2854 if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
2855 if (!show->state.depth_check) {
2856 show->state.depth_check = show->state.depth + 1;
2857 show->state.depth_to_show = 0;
2859 __btf_array_show(btf, t, type_id, data, bits_offset, show);
2860 show->state.member = m;
2862 if (show->state.depth_check != show->state.depth + 1)
2864 show->state.depth_check = 0;
2866 if (show->state.depth_to_show <= show->state.depth)
2869 * Reaching here indicates we have recursed and found
2870 * non-zero array member(s).
2873 __btf_array_show(btf, t, type_id, data, bits_offset, show);
2876 static struct btf_kind_operations array_ops = {
2877 .check_meta = btf_array_check_meta,
2878 .resolve = btf_array_resolve,
2879 .check_member = btf_array_check_member,
2880 .check_kflag_member = btf_generic_check_kflag_member,
2881 .log_details = btf_array_log,
2882 .show = btf_array_show,
2885 static int btf_struct_check_member(struct btf_verifier_env *env,
2886 const struct btf_type *struct_type,
2887 const struct btf_member *member,
2888 const struct btf_type *member_type)
2890 u32 struct_bits_off = member->offset;
2891 u32 struct_size, bytes_offset;
2893 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
2894 btf_verifier_log_member(env, struct_type, member,
2895 "Member is not byte aligned");
2899 struct_size = struct_type->size;
2900 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
2901 if (struct_size - bytes_offset < member_type->size) {
2902 btf_verifier_log_member(env, struct_type, member,
2903 "Member exceeds struct_size");
2910 static s32 btf_struct_check_meta(struct btf_verifier_env *env,
2911 const struct btf_type *t,
2914 bool is_union = BTF_INFO_KIND(t->info) == BTF_KIND_UNION;
2915 const struct btf_member *member;
2916 u32 meta_needed, last_offset;
2917 struct btf *btf = env->btf;
2918 u32 struct_size = t->size;
2922 meta_needed = btf_type_vlen(t) * sizeof(*member);
2923 if (meta_left < meta_needed) {
2924 btf_verifier_log_basic(env, t,
2925 "meta_left:%u meta_needed:%u",
2926 meta_left, meta_needed);
2930 /* struct type either no name or a valid one */
2932 !btf_name_valid_identifier(env->btf, t->name_off)) {
2933 btf_verifier_log_type(env, t, "Invalid name");
2937 btf_verifier_log_type(env, t, NULL);
2940 for_each_member(i, t, member) {
2941 if (!btf_name_offset_valid(btf, member->name_off)) {
2942 btf_verifier_log_member(env, t, member,
2943 "Invalid member name_offset:%u",
2948 /* struct member either no name or a valid one */
2949 if (member->name_off &&
2950 !btf_name_valid_identifier(btf, member->name_off)) {
2951 btf_verifier_log_member(env, t, member, "Invalid name");
2954 /* A member cannot be in type void */
2955 if (!member->type || !BTF_TYPE_ID_VALID(member->type)) {
2956 btf_verifier_log_member(env, t, member,
2961 offset = btf_member_bit_offset(t, member);
2962 if (is_union && offset) {
2963 btf_verifier_log_member(env, t, member,
2964 "Invalid member bits_offset");
2969 * ">" instead of ">=" because the last member could be
2972 if (last_offset > offset) {
2973 btf_verifier_log_member(env, t, member,
2974 "Invalid member bits_offset");
2978 if (BITS_ROUNDUP_BYTES(offset) > struct_size) {
2979 btf_verifier_log_member(env, t, member,
2980 "Member bits_offset exceeds its struct size");
2984 btf_verifier_log_member(env, t, member, NULL);
2985 last_offset = offset;
2991 static int btf_struct_resolve(struct btf_verifier_env *env,
2992 const struct resolve_vertex *v)
2994 const struct btf_member *member;
2998 /* Before continue resolving the next_member,
2999 * ensure the last member is indeed resolved to a
3000 * type with size info.
3002 if (v->next_member) {
3003 const struct btf_type *last_member_type;
3004 const struct btf_member *last_member;
3005 u16 last_member_type_id;
3007 last_member = btf_type_member(v->t) + v->next_member - 1;
3008 last_member_type_id = last_member->type;
3009 if (WARN_ON_ONCE(!env_type_is_resolved(env,
3010 last_member_type_id)))
3013 last_member_type = btf_type_by_id(env->btf,
3014 last_member_type_id);
3015 if (btf_type_kflag(v->t))
3016 err = btf_type_ops(last_member_type)->check_kflag_member(env, v->t,
3020 err = btf_type_ops(last_member_type)->check_member(env, v->t,
3027 for_each_member_from(i, v->next_member, v->t, member) {
3028 u32 member_type_id = member->type;
3029 const struct btf_type *member_type = btf_type_by_id(env->btf,
3032 if (btf_type_nosize_or_null(member_type) ||
3033 btf_type_is_resolve_source_only(member_type)) {
3034 btf_verifier_log_member(env, v->t, member,
3039 if (!env_type_is_resolve_sink(env, member_type) &&
3040 !env_type_is_resolved(env, member_type_id)) {
3041 env_stack_set_next_member(env, i + 1);
3042 return env_stack_push(env, member_type, member_type_id);
3045 if (btf_type_kflag(v->t))
3046 err = btf_type_ops(member_type)->check_kflag_member(env, v->t,
3050 err = btf_type_ops(member_type)->check_member(env, v->t,
3057 env_stack_pop_resolved(env, 0, 0);
3062 static void btf_struct_log(struct btf_verifier_env *env,
3063 const struct btf_type *t)
3065 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3068 static int btf_find_struct_field(const struct btf *btf, const struct btf_type *t,
3069 const char *name, int sz, int align)
3071 const struct btf_member *member;
3072 u32 i, off = -ENOENT;
3074 for_each_member(i, t, member) {
3075 const struct btf_type *member_type = btf_type_by_id(btf,
3077 if (!__btf_type_is_struct(member_type))
3079 if (member_type->size != sz)
3081 if (strcmp(__btf_name_by_offset(btf, member_type->name_off), name))
3084 /* only one such field is allowed */
3086 off = btf_member_bit_offset(t, member);
3088 /* valid C code cannot generate such BTF */
3097 static int btf_find_datasec_var(const struct btf *btf, const struct btf_type *t,
3098 const char *name, int sz, int align)
3100 const struct btf_var_secinfo *vsi;
3101 u32 i, off = -ENOENT;
3103 for_each_vsi(i, t, vsi) {
3104 const struct btf_type *var = btf_type_by_id(btf, vsi->type);
3105 const struct btf_type *var_type = btf_type_by_id(btf, var->type);
3107 if (!__btf_type_is_struct(var_type))
3109 if (var_type->size != sz)
3111 if (vsi->size != sz)
3113 if (strcmp(__btf_name_by_offset(btf, var_type->name_off), name))
3116 /* only one such field is allowed */
3125 static int btf_find_field(const struct btf *btf, const struct btf_type *t,
3126 const char *name, int sz, int align)
3129 if (__btf_type_is_struct(t))
3130 return btf_find_struct_field(btf, t, name, sz, align);
3131 else if (btf_type_is_datasec(t))
3132 return btf_find_datasec_var(btf, t, name, sz, align);
3136 /* find 'struct bpf_spin_lock' in map value.
3137 * return >= 0 offset if found
3138 * and < 0 in case of error
3140 int btf_find_spin_lock(const struct btf *btf, const struct btf_type *t)
3142 return btf_find_field(btf, t, "bpf_spin_lock",
3143 sizeof(struct bpf_spin_lock),
3144 __alignof__(struct bpf_spin_lock));
3147 int btf_find_timer(const struct btf *btf, const struct btf_type *t)
3149 return btf_find_field(btf, t, "bpf_timer",
3150 sizeof(struct bpf_timer),
3151 __alignof__(struct bpf_timer));
3154 static void __btf_struct_show(const struct btf *btf, const struct btf_type *t,
3155 u32 type_id, void *data, u8 bits_offset,
3156 struct btf_show *show)
3158 const struct btf_member *member;
3162 safe_data = btf_show_start_struct_type(show, t, type_id, data);
3166 for_each_member(i, t, member) {
3167 const struct btf_type *member_type = btf_type_by_id(btf,
3169 const struct btf_kind_operations *ops;
3170 u32 member_offset, bitfield_size;
3174 btf_show_start_member(show, member);
3176 member_offset = btf_member_bit_offset(t, member);
3177 bitfield_size = btf_member_bitfield_size(t, member);
3178 bytes_offset = BITS_ROUNDDOWN_BYTES(member_offset);
3179 bits8_offset = BITS_PER_BYTE_MASKED(member_offset);
3180 if (bitfield_size) {
3181 safe_data = btf_show_start_type(show, member_type,
3183 data + bytes_offset);
3185 btf_bitfield_show(safe_data,
3187 bitfield_size, show);
3188 btf_show_end_type(show);
3190 ops = btf_type_ops(member_type);
3191 ops->show(btf, member_type, member->type,
3192 data + bytes_offset, bits8_offset, show);
3195 btf_show_end_member(show);
3198 btf_show_end_struct_type(show);
3201 static void btf_struct_show(const struct btf *btf, const struct btf_type *t,
3202 u32 type_id, void *data, u8 bits_offset,
3203 struct btf_show *show)
3205 const struct btf_member *m = show->state.member;
3208 * First check if any members would be shown (are non-zero).
3209 * See comments above "struct btf_show" definition for more
3210 * details on how this works at a high-level.
3212 if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
3213 if (!show->state.depth_check) {
3214 show->state.depth_check = show->state.depth + 1;
3215 show->state.depth_to_show = 0;
3217 __btf_struct_show(btf, t, type_id, data, bits_offset, show);
3218 /* Restore saved member data here */
3219 show->state.member = m;
3220 if (show->state.depth_check != show->state.depth + 1)
3222 show->state.depth_check = 0;
3224 if (show->state.depth_to_show <= show->state.depth)
3227 * Reaching here indicates we have recursed and found
3228 * non-zero child values.
3232 __btf_struct_show(btf, t, type_id, data, bits_offset, show);
3235 static struct btf_kind_operations struct_ops = {
3236 .check_meta = btf_struct_check_meta,
3237 .resolve = btf_struct_resolve,
3238 .check_member = btf_struct_check_member,
3239 .check_kflag_member = btf_generic_check_kflag_member,
3240 .log_details = btf_struct_log,
3241 .show = btf_struct_show,
3244 static int btf_enum_check_member(struct btf_verifier_env *env,
3245 const struct btf_type *struct_type,
3246 const struct btf_member *member,
3247 const struct btf_type *member_type)
3249 u32 struct_bits_off = member->offset;
3250 u32 struct_size, bytes_offset;
3252 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
3253 btf_verifier_log_member(env, struct_type, member,
3254 "Member is not byte aligned");
3258 struct_size = struct_type->size;
3259 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
3260 if (struct_size - bytes_offset < member_type->size) {
3261 btf_verifier_log_member(env, struct_type, member,
3262 "Member exceeds struct_size");
3269 static int btf_enum_check_kflag_member(struct btf_verifier_env *env,
3270 const struct btf_type *struct_type,
3271 const struct btf_member *member,
3272 const struct btf_type *member_type)
3274 u32 struct_bits_off, nr_bits, bytes_end, struct_size;
3275 u32 int_bitsize = sizeof(int) * BITS_PER_BYTE;
3277 struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
3278 nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
3280 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
3281 btf_verifier_log_member(env, struct_type, member,
3282 "Member is not byte aligned");
3286 nr_bits = int_bitsize;
3287 } else if (nr_bits > int_bitsize) {
3288 btf_verifier_log_member(env, struct_type, member,
3289 "Invalid member bitfield_size");
3293 struct_size = struct_type->size;
3294 bytes_end = BITS_ROUNDUP_BYTES(struct_bits_off + nr_bits);
3295 if (struct_size < bytes_end) {
3296 btf_verifier_log_member(env, struct_type, member,
3297 "Member exceeds struct_size");
3304 static s32 btf_enum_check_meta(struct btf_verifier_env *env,
3305 const struct btf_type *t,
3308 const struct btf_enum *enums = btf_type_enum(t);
3309 struct btf *btf = env->btf;
3313 nr_enums = btf_type_vlen(t);
3314 meta_needed = nr_enums * sizeof(*enums);
3316 if (meta_left < meta_needed) {
3317 btf_verifier_log_basic(env, t,
3318 "meta_left:%u meta_needed:%u",
3319 meta_left, meta_needed);
3323 if (btf_type_kflag(t)) {
3324 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3328 if (t->size > 8 || !is_power_of_2(t->size)) {
3329 btf_verifier_log_type(env, t, "Unexpected size");
3333 /* enum type either no name or a valid one */
3335 !btf_name_valid_identifier(env->btf, t->name_off)) {
3336 btf_verifier_log_type(env, t, "Invalid name");
3340 btf_verifier_log_type(env, t, NULL);
3342 for (i = 0; i < nr_enums; i++) {
3343 if (!btf_name_offset_valid(btf, enums[i].name_off)) {
3344 btf_verifier_log(env, "\tInvalid name_offset:%u",
3349 /* enum member must have a valid name */
3350 if (!enums[i].name_off ||
3351 !btf_name_valid_identifier(btf, enums[i].name_off)) {
3352 btf_verifier_log_type(env, t, "Invalid name");
3356 if (env->log.level == BPF_LOG_KERNEL)
3358 btf_verifier_log(env, "\t%s val=%d\n",
3359 __btf_name_by_offset(btf, enums[i].name_off),
3366 static void btf_enum_log(struct btf_verifier_env *env,
3367 const struct btf_type *t)
3369 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3372 static void btf_enum_show(const struct btf *btf, const struct btf_type *t,
3373 u32 type_id, void *data, u8 bits_offset,
3374 struct btf_show *show)
3376 const struct btf_enum *enums = btf_type_enum(t);
3377 u32 i, nr_enums = btf_type_vlen(t);
3381 safe_data = btf_show_start_type(show, t, type_id, data);
3385 v = *(int *)safe_data;
3387 for (i = 0; i < nr_enums; i++) {
3388 if (v != enums[i].val)
3391 btf_show_type_value(show, "%s",
3392 __btf_name_by_offset(btf,
3393 enums[i].name_off));
3395 btf_show_end_type(show);
3399 btf_show_type_value(show, "%d", v);
3400 btf_show_end_type(show);
3403 static struct btf_kind_operations enum_ops = {
3404 .check_meta = btf_enum_check_meta,
3405 .resolve = btf_df_resolve,
3406 .check_member = btf_enum_check_member,
3407 .check_kflag_member = btf_enum_check_kflag_member,
3408 .log_details = btf_enum_log,
3409 .show = btf_enum_show,
3412 static s32 btf_func_proto_check_meta(struct btf_verifier_env *env,
3413 const struct btf_type *t,
3416 u32 meta_needed = btf_type_vlen(t) * sizeof(struct btf_param);
3418 if (meta_left < meta_needed) {
3419 btf_verifier_log_basic(env, t,
3420 "meta_left:%u meta_needed:%u",
3421 meta_left, meta_needed);
3426 btf_verifier_log_type(env, t, "Invalid name");
3430 if (btf_type_kflag(t)) {
3431 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3435 btf_verifier_log_type(env, t, NULL);
3440 static void btf_func_proto_log(struct btf_verifier_env *env,
3441 const struct btf_type *t)
3443 const struct btf_param *args = (const struct btf_param *)(t + 1);
3444 u16 nr_args = btf_type_vlen(t), i;
3446 btf_verifier_log(env, "return=%u args=(", t->type);
3448 btf_verifier_log(env, "void");
3452 if (nr_args == 1 && !args[0].type) {
3453 /* Only one vararg */
3454 btf_verifier_log(env, "vararg");
3458 btf_verifier_log(env, "%u %s", args[0].type,
3459 __btf_name_by_offset(env->btf,
3461 for (i = 1; i < nr_args - 1; i++)
3462 btf_verifier_log(env, ", %u %s", args[i].type,
3463 __btf_name_by_offset(env->btf,
3467 const struct btf_param *last_arg = &args[nr_args - 1];
3470 btf_verifier_log(env, ", %u %s", last_arg->type,
3471 __btf_name_by_offset(env->btf,
3472 last_arg->name_off));
3474 btf_verifier_log(env, ", vararg");
3478 btf_verifier_log(env, ")");
3481 static struct btf_kind_operations func_proto_ops = {
3482 .check_meta = btf_func_proto_check_meta,
3483 .resolve = btf_df_resolve,
3485 * BTF_KIND_FUNC_PROTO cannot be directly referred by
3486 * a struct's member.
3488 * It should be a function pointer instead.
3489 * (i.e. struct's member -> BTF_KIND_PTR -> BTF_KIND_FUNC_PROTO)
3491 * Hence, there is no btf_func_check_member().
3493 .check_member = btf_df_check_member,
3494 .check_kflag_member = btf_df_check_kflag_member,
3495 .log_details = btf_func_proto_log,
3496 .show = btf_df_show,
3499 static s32 btf_func_check_meta(struct btf_verifier_env *env,
3500 const struct btf_type *t,
3504 !btf_name_valid_identifier(env->btf, t->name_off)) {
3505 btf_verifier_log_type(env, t, "Invalid name");
3509 if (btf_type_vlen(t) > BTF_FUNC_GLOBAL) {
3510 btf_verifier_log_type(env, t, "Invalid func linkage");
3514 if (btf_type_kflag(t)) {
3515 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3519 btf_verifier_log_type(env, t, NULL);
3524 static struct btf_kind_operations func_ops = {
3525 .check_meta = btf_func_check_meta,
3526 .resolve = btf_df_resolve,
3527 .check_member = btf_df_check_member,
3528 .check_kflag_member = btf_df_check_kflag_member,
3529 .log_details = btf_ref_type_log,
3530 .show = btf_df_show,
3533 static s32 btf_var_check_meta(struct btf_verifier_env *env,
3534 const struct btf_type *t,
3537 const struct btf_var *var;
3538 u32 meta_needed = sizeof(*var);
3540 if (meta_left < meta_needed) {
3541 btf_verifier_log_basic(env, t,
3542 "meta_left:%u meta_needed:%u",
3543 meta_left, meta_needed);
3547 if (btf_type_vlen(t)) {
3548 btf_verifier_log_type(env, t, "vlen != 0");
3552 if (btf_type_kflag(t)) {
3553 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3558 !__btf_name_valid(env->btf, t->name_off, true)) {
3559 btf_verifier_log_type(env, t, "Invalid name");
3563 /* A var cannot be in type void */
3564 if (!t->type || !BTF_TYPE_ID_VALID(t->type)) {
3565 btf_verifier_log_type(env, t, "Invalid type_id");
3569 var = btf_type_var(t);
3570 if (var->linkage != BTF_VAR_STATIC &&
3571 var->linkage != BTF_VAR_GLOBAL_ALLOCATED) {
3572 btf_verifier_log_type(env, t, "Linkage not supported");
3576 btf_verifier_log_type(env, t, NULL);
3581 static void btf_var_log(struct btf_verifier_env *env, const struct btf_type *t)
3583 const struct btf_var *var = btf_type_var(t);
3585 btf_verifier_log(env, "type_id=%u linkage=%u", t->type, var->linkage);
3588 static const struct btf_kind_operations var_ops = {
3589 .check_meta = btf_var_check_meta,
3590 .resolve = btf_var_resolve,
3591 .check_member = btf_df_check_member,
3592 .check_kflag_member = btf_df_check_kflag_member,
3593 .log_details = btf_var_log,
3594 .show = btf_var_show,
3597 static s32 btf_datasec_check_meta(struct btf_verifier_env *env,
3598 const struct btf_type *t,
3601 const struct btf_var_secinfo *vsi;
3602 u64 last_vsi_end_off = 0, sum = 0;
3605 meta_needed = btf_type_vlen(t) * sizeof(*vsi);
3606 if (meta_left < meta_needed) {
3607 btf_verifier_log_basic(env, t,
3608 "meta_left:%u meta_needed:%u",
3609 meta_left, meta_needed);
3614 btf_verifier_log_type(env, t, "size == 0");
3618 if (btf_type_kflag(t)) {
3619 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3624 !btf_name_valid_section(env->btf, t->name_off)) {
3625 btf_verifier_log_type(env, t, "Invalid name");
3629 btf_verifier_log_type(env, t, NULL);
3631 for_each_vsi(i, t, vsi) {
3632 /* A var cannot be in type void */
3633 if (!vsi->type || !BTF_TYPE_ID_VALID(vsi->type)) {
3634 btf_verifier_log_vsi(env, t, vsi,
3639 if (vsi->offset < last_vsi_end_off || vsi->offset >= t->size) {
3640 btf_verifier_log_vsi(env, t, vsi,
3645 if (!vsi->size || vsi->size > t->size) {
3646 btf_verifier_log_vsi(env, t, vsi,
3651 last_vsi_end_off = vsi->offset + vsi->size;
3652 if (last_vsi_end_off > t->size) {
3653 btf_verifier_log_vsi(env, t, vsi,
3654 "Invalid offset+size");
3658 btf_verifier_log_vsi(env, t, vsi, NULL);
3662 if (t->size < sum) {
3663 btf_verifier_log_type(env, t, "Invalid btf_info size");
3670 static int btf_datasec_resolve(struct btf_verifier_env *env,
3671 const struct resolve_vertex *v)
3673 const struct btf_var_secinfo *vsi;
3674 struct btf *btf = env->btf;
3677 for_each_vsi_from(i, v->next_member, v->t, vsi) {
3678 u32 var_type_id = vsi->type, type_id, type_size = 0;
3679 const struct btf_type *var_type = btf_type_by_id(env->btf,
3681 if (!var_type || !btf_type_is_var(var_type)) {
3682 btf_verifier_log_vsi(env, v->t, vsi,
3683 "Not a VAR kind member");
3687 if (!env_type_is_resolve_sink(env, var_type) &&
3688 !env_type_is_resolved(env, var_type_id)) {
3689 env_stack_set_next_member(env, i + 1);
3690 return env_stack_push(env, var_type, var_type_id);
3693 type_id = var_type->type;
3694 if (!btf_type_id_size(btf, &type_id, &type_size)) {
3695 btf_verifier_log_vsi(env, v->t, vsi, "Invalid type");
3699 if (vsi->size < type_size) {
3700 btf_verifier_log_vsi(env, v->t, vsi, "Invalid size");
3705 env_stack_pop_resolved(env, 0, 0);
3709 static void btf_datasec_log(struct btf_verifier_env *env,
3710 const struct btf_type *t)
3712 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
3715 static void btf_datasec_show(const struct btf *btf,
3716 const struct btf_type *t, u32 type_id,
3717 void *data, u8 bits_offset,
3718 struct btf_show *show)
3720 const struct btf_var_secinfo *vsi;
3721 const struct btf_type *var;
3724 if (!btf_show_start_type(show, t, type_id, data))
3727 btf_show_type_value(show, "section (\"%s\") = {",
3728 __btf_name_by_offset(btf, t->name_off));
3729 for_each_vsi(i, t, vsi) {
3730 var = btf_type_by_id(btf, vsi->type);
3732 btf_show(show, ",");
3733 btf_type_ops(var)->show(btf, var, vsi->type,
3734 data + vsi->offset, bits_offset, show);
3736 btf_show_end_type(show);
3739 static const struct btf_kind_operations datasec_ops = {
3740 .check_meta = btf_datasec_check_meta,
3741 .resolve = btf_datasec_resolve,
3742 .check_member = btf_df_check_member,
3743 .check_kflag_member = btf_df_check_kflag_member,
3744 .log_details = btf_datasec_log,
3745 .show = btf_datasec_show,
3748 static s32 btf_float_check_meta(struct btf_verifier_env *env,
3749 const struct btf_type *t,
3752 if (btf_type_vlen(t)) {
3753 btf_verifier_log_type(env, t, "vlen != 0");
3757 if (btf_type_kflag(t)) {
3758 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3762 if (t->size != 2 && t->size != 4 && t->size != 8 && t->size != 12 &&
3764 btf_verifier_log_type(env, t, "Invalid type_size");
3768 btf_verifier_log_type(env, t, NULL);
3773 static int btf_float_check_member(struct btf_verifier_env *env,
3774 const struct btf_type *struct_type,
3775 const struct btf_member *member,
3776 const struct btf_type *member_type)
3778 u64 start_offset_bytes;
3779 u64 end_offset_bytes;
3784 /* Different architectures have different alignment requirements, so
3785 * here we check only for the reasonable minimum. This way we ensure
3786 * that types after CO-RE can pass the kernel BTF verifier.
3788 align_bytes = min_t(u64, sizeof(void *), member_type->size);
3789 align_bits = align_bytes * BITS_PER_BYTE;
3790 div64_u64_rem(member->offset, align_bits, &misalign_bits);
3791 if (misalign_bits) {
3792 btf_verifier_log_member(env, struct_type, member,
3793 "Member is not properly aligned");
3797 start_offset_bytes = member->offset / BITS_PER_BYTE;
3798 end_offset_bytes = start_offset_bytes + member_type->size;
3799 if (end_offset_bytes > struct_type->size) {
3800 btf_verifier_log_member(env, struct_type, member,
3801 "Member exceeds struct_size");
3808 static void btf_float_log(struct btf_verifier_env *env,
3809 const struct btf_type *t)
3811 btf_verifier_log(env, "size=%u", t->size);
3814 static const struct btf_kind_operations float_ops = {
3815 .check_meta = btf_float_check_meta,
3816 .resolve = btf_df_resolve,
3817 .check_member = btf_float_check_member,
3818 .check_kflag_member = btf_generic_check_kflag_member,
3819 .log_details = btf_float_log,
3820 .show = btf_df_show,
3823 static s32 btf_tag_check_meta(struct btf_verifier_env *env,
3824 const struct btf_type *t,
3827 const struct btf_tag *tag;
3828 u32 meta_needed = sizeof(*tag);
3832 if (meta_left < meta_needed) {
3833 btf_verifier_log_basic(env, t,
3834 "meta_left:%u meta_needed:%u",
3835 meta_left, meta_needed);
3839 value = btf_name_by_offset(env->btf, t->name_off);
3840 if (!value || !value[0]) {
3841 btf_verifier_log_type(env, t, "Invalid value");
3845 if (btf_type_vlen(t)) {
3846 btf_verifier_log_type(env, t, "vlen != 0");
3850 if (btf_type_kflag(t)) {
3851 btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
3855 component_idx = btf_type_tag(t)->component_idx;
3856 if (component_idx < -1) {
3857 btf_verifier_log_type(env, t, "Invalid component_idx");
3861 btf_verifier_log_type(env, t, NULL);
3866 static int btf_tag_resolve(struct btf_verifier_env *env,
3867 const struct resolve_vertex *v)
3869 const struct btf_type *next_type;
3870 const struct btf_type *t = v->t;
3871 u32 next_type_id = t->type;
3872 struct btf *btf = env->btf;
3876 next_type = btf_type_by_id(btf, next_type_id);
3877 if (!next_type || !btf_type_is_tag_target(next_type)) {
3878 btf_verifier_log_type(env, v->t, "Invalid type_id");
3882 if (!env_type_is_resolve_sink(env, next_type) &&
3883 !env_type_is_resolved(env, next_type_id))
3884 return env_stack_push(env, next_type, next_type_id);
3886 component_idx = btf_type_tag(t)->component_idx;
3887 if (component_idx != -1) {
3888 if (btf_type_is_var(next_type)) {
3889 btf_verifier_log_type(env, v->t, "Invalid component_idx");
3893 if (btf_type_is_struct(next_type)) {
3894 vlen = btf_type_vlen(next_type);
3896 /* next_type should be a function */
3897 next_type = btf_type_by_id(btf, next_type->type);
3898 vlen = btf_type_vlen(next_type);
3901 if ((u32)component_idx >= vlen) {
3902 btf_verifier_log_type(env, v->t, "Invalid component_idx");
3907 env_stack_pop_resolved(env, next_type_id, 0);
3912 static void btf_tag_log(struct btf_verifier_env *env, const struct btf_type *t)
3914 btf_verifier_log(env, "type=%u component_idx=%d", t->type,
3915 btf_type_tag(t)->component_idx);
3918 static const struct btf_kind_operations tag_ops = {
3919 .check_meta = btf_tag_check_meta,
3920 .resolve = btf_tag_resolve,
3921 .check_member = btf_df_check_member,
3922 .check_kflag_member = btf_df_check_kflag_member,
3923 .log_details = btf_tag_log,
3924 .show = btf_df_show,
3927 static int btf_func_proto_check(struct btf_verifier_env *env,
3928 const struct btf_type *t)
3930 const struct btf_type *ret_type;
3931 const struct btf_param *args;
3932 const struct btf *btf;
3937 args = (const struct btf_param *)(t + 1);
3938 nr_args = btf_type_vlen(t);
3940 /* Check func return type which could be "void" (t->type == 0) */
3942 u32 ret_type_id = t->type;
3944 ret_type = btf_type_by_id(btf, ret_type_id);
3946 btf_verifier_log_type(env, t, "Invalid return type");
3950 if (btf_type_needs_resolve(ret_type) &&
3951 !env_type_is_resolved(env, ret_type_id)) {
3952 err = btf_resolve(env, ret_type, ret_type_id);
3957 /* Ensure the return type is a type that has a size */
3958 if (!btf_type_id_size(btf, &ret_type_id, NULL)) {
3959 btf_verifier_log_type(env, t, "Invalid return type");
3967 /* Last func arg type_id could be 0 if it is a vararg */
3968 if (!args[nr_args - 1].type) {
3969 if (args[nr_args - 1].name_off) {
3970 btf_verifier_log_type(env, t, "Invalid arg#%u",
3978 for (i = 0; i < nr_args; i++) {
3979 const struct btf_type *arg_type;
3982 arg_type_id = args[i].type;
3983 arg_type = btf_type_by_id(btf, arg_type_id);
3985 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
3990 if (args[i].name_off &&
3991 (!btf_name_offset_valid(btf, args[i].name_off) ||
3992 !btf_name_valid_identifier(btf, args[i].name_off))) {
3993 btf_verifier_log_type(env, t,
3994 "Invalid arg#%u", i + 1);
3999 if (btf_type_needs_resolve(arg_type) &&
4000 !env_type_is_resolved(env, arg_type_id)) {
4001 err = btf_resolve(env, arg_type, arg_type_id);
4006 if (!btf_type_id_size(btf, &arg_type_id, NULL)) {
4007 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
4016 static int btf_func_check(struct btf_verifier_env *env,
4017 const struct btf_type *t)
4019 const struct btf_type *proto_type;
4020 const struct btf_param *args;
4021 const struct btf *btf;
4025 proto_type = btf_type_by_id(btf, t->type);
4027 if (!proto_type || !btf_type_is_func_proto(proto_type)) {
4028 btf_verifier_log_type(env, t, "Invalid type_id");
4032 args = (const struct btf_param *)(proto_type + 1);
4033 nr_args = btf_type_vlen(proto_type);
4034 for (i = 0; i < nr_args; i++) {
4035 if (!args[i].name_off && args[i].type) {
4036 btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
4044 static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS] = {
4045 [BTF_KIND_INT] = &int_ops,
4046 [BTF_KIND_PTR] = &ptr_ops,
4047 [BTF_KIND_ARRAY] = &array_ops,
4048 [BTF_KIND_STRUCT] = &struct_ops,
4049 [BTF_KIND_UNION] = &struct_ops,
4050 [BTF_KIND_ENUM] = &enum_ops,
4051 [BTF_KIND_FWD] = &fwd_ops,
4052 [BTF_KIND_TYPEDEF] = &modifier_ops,
4053 [BTF_KIND_VOLATILE] = &modifier_ops,
4054 [BTF_KIND_CONST] = &modifier_ops,
4055 [BTF_KIND_RESTRICT] = &modifier_ops,
4056 [BTF_KIND_FUNC] = &func_ops,
4057 [BTF_KIND_FUNC_PROTO] = &func_proto_ops,
4058 [BTF_KIND_VAR] = &var_ops,
4059 [BTF_KIND_DATASEC] = &datasec_ops,
4060 [BTF_KIND_FLOAT] = &float_ops,
4061 [BTF_KIND_TAG] = &tag_ops,
4064 static s32 btf_check_meta(struct btf_verifier_env *env,
4065 const struct btf_type *t,
4068 u32 saved_meta_left = meta_left;
4071 if (meta_left < sizeof(*t)) {
4072 btf_verifier_log(env, "[%u] meta_left:%u meta_needed:%zu",
4073 env->log_type_id, meta_left, sizeof(*t));
4076 meta_left -= sizeof(*t);
4078 if (t->info & ~BTF_INFO_MASK) {
4079 btf_verifier_log(env, "[%u] Invalid btf_info:%x",
4080 env->log_type_id, t->info);
4084 if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX ||
4085 BTF_INFO_KIND(t->info) == BTF_KIND_UNKN) {
4086 btf_verifier_log(env, "[%u] Invalid kind:%u",
4087 env->log_type_id, BTF_INFO_KIND(t->info));
4091 if (!btf_name_offset_valid(env->btf, t->name_off)) {
4092 btf_verifier_log(env, "[%u] Invalid name_offset:%u",
4093 env->log_type_id, t->name_off);
4097 var_meta_size = btf_type_ops(t)->check_meta(env, t, meta_left);
4098 if (var_meta_size < 0)
4099 return var_meta_size;
4101 meta_left -= var_meta_size;
4103 return saved_meta_left - meta_left;
4106 static int btf_check_all_metas(struct btf_verifier_env *env)
4108 struct btf *btf = env->btf;
4109 struct btf_header *hdr;
4113 cur = btf->nohdr_data + hdr->type_off;
4114 end = cur + hdr->type_len;
4116 env->log_type_id = btf->base_btf ? btf->start_id : 1;
4118 struct btf_type *t = cur;
4121 meta_size = btf_check_meta(env, t, end - cur);
4125 btf_add_type(env, t);
4133 static bool btf_resolve_valid(struct btf_verifier_env *env,
4134 const struct btf_type *t,
4137 struct btf *btf = env->btf;
4139 if (!env_type_is_resolved(env, type_id))
4142 if (btf_type_is_struct(t) || btf_type_is_datasec(t))
4143 return !btf_resolved_type_id(btf, type_id) &&
4144 !btf_resolved_type_size(btf, type_id);
4146 if (btf_type_is_tag(t))
4147 return btf_resolved_type_id(btf, type_id) &&
4148 !btf_resolved_type_size(btf, type_id);
4150 if (btf_type_is_modifier(t) || btf_type_is_ptr(t) ||
4151 btf_type_is_var(t)) {
4152 t = btf_type_id_resolve(btf, &type_id);
4154 !btf_type_is_modifier(t) &&
4155 !btf_type_is_var(t) &&
4156 !btf_type_is_datasec(t);
4159 if (btf_type_is_array(t)) {
4160 const struct btf_array *array = btf_type_array(t);
4161 const struct btf_type *elem_type;
4162 u32 elem_type_id = array->type;
4165 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
4166 return elem_type && !btf_type_is_modifier(elem_type) &&
4167 (array->nelems * elem_size ==
4168 btf_resolved_type_size(btf, type_id));
4174 static int btf_resolve(struct btf_verifier_env *env,
4175 const struct btf_type *t, u32 type_id)
4177 u32 save_log_type_id = env->log_type_id;
4178 const struct resolve_vertex *v;
4181 env->resolve_mode = RESOLVE_TBD;
4182 env_stack_push(env, t, type_id);
4183 while (!err && (v = env_stack_peak(env))) {
4184 env->log_type_id = v->type_id;
4185 err = btf_type_ops(v->t)->resolve(env, v);
4188 env->log_type_id = type_id;
4189 if (err == -E2BIG) {
4190 btf_verifier_log_type(env, t,
4191 "Exceeded max resolving depth:%u",
4193 } else if (err == -EEXIST) {
4194 btf_verifier_log_type(env, t, "Loop detected");
4197 /* Final sanity check */
4198 if (!err && !btf_resolve_valid(env, t, type_id)) {
4199 btf_verifier_log_type(env, t, "Invalid resolve state");
4203 env->log_type_id = save_log_type_id;
4207 static int btf_check_all_types(struct btf_verifier_env *env)
4209 struct btf *btf = env->btf;
4210 const struct btf_type *t;
4214 err = env_resolve_init(env);
4219 for (i = btf->base_btf ? 0 : 1; i < btf->nr_types; i++) {
4220 type_id = btf->start_id + i;
4221 t = btf_type_by_id(btf, type_id);
4223 env->log_type_id = type_id;
4224 if (btf_type_needs_resolve(t) &&
4225 !env_type_is_resolved(env, type_id)) {
4226 err = btf_resolve(env, t, type_id);
4231 if (btf_type_is_func_proto(t)) {
4232 err = btf_func_proto_check(env, t);
4237 if (btf_type_is_func(t)) {
4238 err = btf_func_check(env, t);
4247 static int btf_parse_type_sec(struct btf_verifier_env *env)
4249 const struct btf_header *hdr = &env->btf->hdr;
4252 /* Type section must align to 4 bytes */
4253 if (hdr->type_off & (sizeof(u32) - 1)) {
4254 btf_verifier_log(env, "Unaligned type_off");
4258 if (!env->btf->base_btf && !hdr->type_len) {
4259 btf_verifier_log(env, "No type found");
4263 err = btf_check_all_metas(env);
4267 return btf_check_all_types(env);
4270 static int btf_parse_str_sec(struct btf_verifier_env *env)
4272 const struct btf_header *hdr;
4273 struct btf *btf = env->btf;
4274 const char *start, *end;
4277 start = btf->nohdr_data + hdr->str_off;
4278 end = start + hdr->str_len;
4280 if (end != btf->data + btf->data_size) {
4281 btf_verifier_log(env, "String section is not at the end");
4285 btf->strings = start;
4287 if (btf->base_btf && !hdr->str_len)
4289 if (!hdr->str_len || hdr->str_len - 1 > BTF_MAX_NAME_OFFSET || end[-1]) {
4290 btf_verifier_log(env, "Invalid string section");
4293 if (!btf->base_btf && start[0]) {
4294 btf_verifier_log(env, "Invalid string section");
4301 static const size_t btf_sec_info_offset[] = {
4302 offsetof(struct btf_header, type_off),
4303 offsetof(struct btf_header, str_off),
4306 static int btf_sec_info_cmp(const void *a, const void *b)
4308 const struct btf_sec_info *x = a;
4309 const struct btf_sec_info *y = b;
4311 return (int)(x->off - y->off) ? : (int)(x->len - y->len);
4314 static int btf_check_sec_info(struct btf_verifier_env *env,
4317 struct btf_sec_info secs[ARRAY_SIZE(btf_sec_info_offset)];
4318 u32 total, expected_total, i;
4319 const struct btf_header *hdr;
4320 const struct btf *btf;
4325 /* Populate the secs from hdr */
4326 for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++)
4327 secs[i] = *(struct btf_sec_info *)((void *)hdr +
4328 btf_sec_info_offset[i]);
4330 sort(secs, ARRAY_SIZE(btf_sec_info_offset),
4331 sizeof(struct btf_sec_info), btf_sec_info_cmp, NULL);
4333 /* Check for gaps and overlap among sections */
4335 expected_total = btf_data_size - hdr->hdr_len;
4336 for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++) {
4337 if (expected_total < secs[i].off) {
4338 btf_verifier_log(env, "Invalid section offset");
4341 if (total < secs[i].off) {
4343 btf_verifier_log(env, "Unsupported section found");
4346 if (total > secs[i].off) {
4347 btf_verifier_log(env, "Section overlap found");
4350 if (expected_total - total < secs[i].len) {
4351 btf_verifier_log(env,
4352 "Total section length too long");
4355 total += secs[i].len;
4358 /* There is data other than hdr and known sections */
4359 if (expected_total != total) {
4360 btf_verifier_log(env, "Unsupported section found");
4367 static int btf_parse_hdr(struct btf_verifier_env *env)
4369 u32 hdr_len, hdr_copy, btf_data_size;
4370 const struct btf_header *hdr;
4375 btf_data_size = btf->data_size;
4378 offsetof(struct btf_header, hdr_len) + sizeof(hdr->hdr_len)) {
4379 btf_verifier_log(env, "hdr_len not found");
4384 hdr_len = hdr->hdr_len;
4385 if (btf_data_size < hdr_len) {
4386 btf_verifier_log(env, "btf_header not found");
4390 /* Ensure the unsupported header fields are zero */
4391 if (hdr_len > sizeof(btf->hdr)) {
4392 u8 *expected_zero = btf->data + sizeof(btf->hdr);
4393 u8 *end = btf->data + hdr_len;
4395 for (; expected_zero < end; expected_zero++) {
4396 if (*expected_zero) {
4397 btf_verifier_log(env, "Unsupported btf_header");
4403 hdr_copy = min_t(u32, hdr_len, sizeof(btf->hdr));
4404 memcpy(&btf->hdr, btf->data, hdr_copy);
4408 btf_verifier_log_hdr(env, btf_data_size);
4410 if (hdr->magic != BTF_MAGIC) {
4411 btf_verifier_log(env, "Invalid magic");
4415 if (hdr->version != BTF_VERSION) {
4416 btf_verifier_log(env, "Unsupported version");
4421 btf_verifier_log(env, "Unsupported flags");
4425 if (!btf->base_btf && btf_data_size == hdr->hdr_len) {
4426 btf_verifier_log(env, "No data");
4430 err = btf_check_sec_info(env, btf_data_size);
4437 static struct btf *btf_parse(bpfptr_t btf_data, u32 btf_data_size,
4438 u32 log_level, char __user *log_ubuf, u32 log_size)
4440 struct btf_verifier_env *env = NULL;
4441 struct bpf_verifier_log *log;
4442 struct btf *btf = NULL;
4446 if (btf_data_size > BTF_MAX_SIZE)
4447 return ERR_PTR(-E2BIG);
4449 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
4451 return ERR_PTR(-ENOMEM);
4454 if (log_level || log_ubuf || log_size) {
4455 /* user requested verbose verifier output
4456 * and supplied buffer to store the verification trace
4458 log->level = log_level;
4459 log->ubuf = log_ubuf;
4460 log->len_total = log_size;
4462 /* log attributes have to be sane */
4463 if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
4464 !log->level || !log->ubuf) {
4470 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
4477 data = kvmalloc(btf_data_size, GFP_KERNEL | __GFP_NOWARN);
4484 btf->data_size = btf_data_size;
4486 if (copy_from_bpfptr(data, btf_data, btf_data_size)) {
4491 err = btf_parse_hdr(env);
4495 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
4497 err = btf_parse_str_sec(env);
4501 err = btf_parse_type_sec(env);
4505 if (log->level && bpf_verifier_log_full(log)) {
4510 btf_verifier_env_free(env);
4511 refcount_set(&btf->refcnt, 1);
4515 btf_verifier_env_free(env);
4518 return ERR_PTR(err);
4521 extern char __weak __start_BTF[];
4522 extern char __weak __stop_BTF[];
4523 extern struct btf *btf_vmlinux;
4525 #define BPF_MAP_TYPE(_id, _ops)
4526 #define BPF_LINK_TYPE(_id, _name)
4528 struct bpf_ctx_convert {
4529 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4530 prog_ctx_type _id##_prog; \
4531 kern_ctx_type _id##_kern;
4532 #include <linux/bpf_types.h>
4533 #undef BPF_PROG_TYPE
4535 /* 't' is written once under lock. Read many times. */
4536 const struct btf_type *t;
4539 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4541 #include <linux/bpf_types.h>
4542 #undef BPF_PROG_TYPE
4543 __ctx_convert_unused, /* to avoid empty enum in extreme .config */
4545 static u8 bpf_ctx_convert_map[] = {
4546 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
4547 [_id] = __ctx_convert##_id,
4548 #include <linux/bpf_types.h>
4549 #undef BPF_PROG_TYPE
4550 0, /* avoid empty array */
4553 #undef BPF_LINK_TYPE
4555 static const struct btf_member *
4556 btf_get_prog_ctx_type(struct bpf_verifier_log *log, const struct btf *btf,
4557 const struct btf_type *t, enum bpf_prog_type prog_type,
4560 const struct btf_type *conv_struct;
4561 const struct btf_type *ctx_struct;
4562 const struct btf_member *ctx_type;
4563 const char *tname, *ctx_tname;
4565 conv_struct = bpf_ctx_convert.t;
4567 bpf_log(log, "btf_vmlinux is malformed\n");
4570 t = btf_type_by_id(btf, t->type);
4571 while (btf_type_is_modifier(t))
4572 t = btf_type_by_id(btf, t->type);
4573 if (!btf_type_is_struct(t)) {
4574 /* Only pointer to struct is supported for now.
4575 * That means that BPF_PROG_TYPE_TRACEPOINT with BTF
4576 * is not supported yet.
4577 * BPF_PROG_TYPE_RAW_TRACEPOINT is fine.
4581 tname = btf_name_by_offset(btf, t->name_off);
4583 bpf_log(log, "arg#%d struct doesn't have a name\n", arg);
4586 /* prog_type is valid bpf program type. No need for bounds check. */
4587 ctx_type = btf_type_member(conv_struct) + bpf_ctx_convert_map[prog_type] * 2;
4588 /* ctx_struct is a pointer to prog_ctx_type in vmlinux.
4589 * Like 'struct __sk_buff'
4591 ctx_struct = btf_type_by_id(btf_vmlinux, ctx_type->type);
4593 /* should not happen */
4595 ctx_tname = btf_name_by_offset(btf_vmlinux, ctx_struct->name_off);
4597 /* should not happen */
4598 bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n");
4601 /* only compare that prog's ctx type name is the same as
4602 * kernel expects. No need to compare field by field.
4603 * It's ok for bpf prog to do:
4604 * struct __sk_buff {};
4605 * int socket_filter_bpf_prog(struct __sk_buff *skb)
4606 * { // no fields of skb are ever used }
4608 if (strcmp(ctx_tname, tname))
4613 static const struct bpf_map_ops * const btf_vmlinux_map_ops[] = {
4614 #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
4615 #define BPF_LINK_TYPE(_id, _name)
4616 #define BPF_MAP_TYPE(_id, _ops) \
4618 #include <linux/bpf_types.h>
4619 #undef BPF_PROG_TYPE
4620 #undef BPF_LINK_TYPE
4624 static int btf_vmlinux_map_ids_init(const struct btf *btf,
4625 struct bpf_verifier_log *log)
4627 const struct bpf_map_ops *ops;
4630 for (i = 0; i < ARRAY_SIZE(btf_vmlinux_map_ops); ++i) {
4631 ops = btf_vmlinux_map_ops[i];
4632 if (!ops || (!ops->map_btf_name && !ops->map_btf_id))
4634 if (!ops->map_btf_name || !ops->map_btf_id) {
4635 bpf_log(log, "map type %d is misconfigured\n", i);
4638 btf_id = btf_find_by_name_kind(btf, ops->map_btf_name,
4642 *ops->map_btf_id = btf_id;
4648 static int btf_translate_to_vmlinux(struct bpf_verifier_log *log,
4650 const struct btf_type *t,
4651 enum bpf_prog_type prog_type,
4654 const struct btf_member *prog_ctx_type, *kern_ctx_type;
4656 prog_ctx_type = btf_get_prog_ctx_type(log, btf, t, prog_type, arg);
4659 kern_ctx_type = prog_ctx_type + 1;
4660 return kern_ctx_type->type;
4663 BTF_ID_LIST(bpf_ctx_convert_btf_id)
4664 BTF_ID(struct, bpf_ctx_convert)
4666 struct btf *btf_parse_vmlinux(void)
4668 struct btf_verifier_env *env = NULL;
4669 struct bpf_verifier_log *log;
4670 struct btf *btf = NULL;
4673 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
4675 return ERR_PTR(-ENOMEM);
4678 log->level = BPF_LOG_KERNEL;
4680 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
4687 btf->data = __start_BTF;
4688 btf->data_size = __stop_BTF - __start_BTF;
4689 btf->kernel_btf = true;
4690 snprintf(btf->name, sizeof(btf->name), "vmlinux");
4692 err = btf_parse_hdr(env);
4696 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
4698 err = btf_parse_str_sec(env);
4702 err = btf_check_all_metas(env);
4706 /* btf_parse_vmlinux() runs under bpf_verifier_lock */
4707 bpf_ctx_convert.t = btf_type_by_id(btf, bpf_ctx_convert_btf_id[0]);
4709 /* find bpf map structs for map_ptr access checking */
4710 err = btf_vmlinux_map_ids_init(btf, log);
4714 bpf_struct_ops_init(btf, log);
4716 refcount_set(&btf->refcnt, 1);
4718 err = btf_alloc_id(btf);
4722 btf_verifier_env_free(env);
4726 btf_verifier_env_free(env);
4731 return ERR_PTR(err);
4734 #ifdef CONFIG_DEBUG_INFO_BTF_MODULES
4736 static struct btf *btf_parse_module(const char *module_name, const void *data, unsigned int data_size)
4738 struct btf_verifier_env *env = NULL;
4739 struct bpf_verifier_log *log;
4740 struct btf *btf = NULL, *base_btf;
4743 base_btf = bpf_get_btf_vmlinux();
4744 if (IS_ERR(base_btf))
4747 return ERR_PTR(-EINVAL);
4749 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
4751 return ERR_PTR(-ENOMEM);
4754 log->level = BPF_LOG_KERNEL;
4756 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
4763 btf->base_btf = base_btf;
4764 btf->start_id = base_btf->nr_types;
4765 btf->start_str_off = base_btf->hdr.str_len;
4766 btf->kernel_btf = true;
4767 snprintf(btf->name, sizeof(btf->name), "%s", module_name);
4769 btf->data = kvmalloc(data_size, GFP_KERNEL | __GFP_NOWARN);
4774 memcpy(btf->data, data, data_size);
4775 btf->data_size = data_size;
4777 err = btf_parse_hdr(env);
4781 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
4783 err = btf_parse_str_sec(env);
4787 err = btf_check_all_metas(env);
4791 btf_verifier_env_free(env);
4792 refcount_set(&btf->refcnt, 1);
4796 btf_verifier_env_free(env);
4802 return ERR_PTR(err);
4805 #endif /* CONFIG_DEBUG_INFO_BTF_MODULES */
4807 struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog)
4809 struct bpf_prog *tgt_prog = prog->aux->dst_prog;
4812 return tgt_prog->aux->btf;
4814 return prog->aux->attach_btf;
4817 static bool is_string_ptr(struct btf *btf, const struct btf_type *t)
4819 /* t comes in already as a pointer */
4820 t = btf_type_by_id(btf, t->type);
4823 if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST)
4824 t = btf_type_by_id(btf, t->type);
4826 /* char, signed char, unsigned char */
4827 return btf_type_is_int(t) && t->size == 1;
4830 bool btf_ctx_access(int off, int size, enum bpf_access_type type,
4831 const struct bpf_prog *prog,
4832 struct bpf_insn_access_aux *info)
4834 const struct btf_type *t = prog->aux->attach_func_proto;
4835 struct bpf_prog *tgt_prog = prog->aux->dst_prog;
4836 struct btf *btf = bpf_prog_get_target_btf(prog);
4837 const char *tname = prog->aux->attach_func_name;
4838 struct bpf_verifier_log *log = info->log;
4839 const struct btf_param *args;
4844 bpf_log(log, "func '%s' offset %d is not multiple of 8\n",
4849 args = (const struct btf_param *)(t + 1);
4850 /* if (t == NULL) Fall back to default BPF prog with
4851 * MAX_BPF_FUNC_REG_ARGS u64 arguments.
4853 nr_args = t ? btf_type_vlen(t) : MAX_BPF_FUNC_REG_ARGS;
4854 if (prog->aux->attach_btf_trace) {
4855 /* skip first 'void *__data' argument in btf_trace_##name typedef */
4860 if (arg > nr_args) {
4861 bpf_log(log, "func '%s' doesn't have %d-th argument\n",
4866 if (arg == nr_args) {
4867 switch (prog->expected_attach_type) {
4869 case BPF_TRACE_FEXIT:
4870 /* When LSM programs are attached to void LSM hooks
4871 * they use FEXIT trampolines and when attached to
4872 * int LSM hooks, they use MODIFY_RETURN trampolines.
4874 * While the LSM programs are BPF_MODIFY_RETURN-like
4877 * if (ret_type != 'int')
4880 * is _not_ done here. This is still safe as LSM hooks
4881 * have only void and int return types.
4885 t = btf_type_by_id(btf, t->type);
4887 case BPF_MODIFY_RETURN:
4888 /* For now the BPF_MODIFY_RETURN can only be attached to
4889 * functions that return an int.
4894 t = btf_type_skip_modifiers(btf, t->type, NULL);
4895 if (!btf_type_is_small_int(t)) {
4897 "ret type %s not allowed for fmod_ret\n",
4898 btf_kind_str[BTF_INFO_KIND(t->info)]);
4903 bpf_log(log, "func '%s' doesn't have %d-th argument\n",
4909 /* Default prog with MAX_BPF_FUNC_REG_ARGS args */
4911 t = btf_type_by_id(btf, args[arg].type);
4914 /* skip modifiers */
4915 while (btf_type_is_modifier(t))
4916 t = btf_type_by_id(btf, t->type);
4917 if (btf_type_is_small_int(t) || btf_type_is_enum(t))
4918 /* accessing a scalar */
4920 if (!btf_type_is_ptr(t)) {
4922 "func '%s' arg%d '%s' has type %s. Only pointer access is allowed\n",
4924 __btf_name_by_offset(btf, t->name_off),
4925 btf_kind_str[BTF_INFO_KIND(t->info)]);
4929 /* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */
4930 for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
4931 const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
4933 if (ctx_arg_info->offset == off &&
4934 (ctx_arg_info->reg_type == PTR_TO_RDONLY_BUF_OR_NULL ||
4935 ctx_arg_info->reg_type == PTR_TO_RDWR_BUF_OR_NULL)) {
4936 info->reg_type = ctx_arg_info->reg_type;
4942 /* This is a pointer to void.
4943 * It is the same as scalar from the verifier safety pov.
4944 * No further pointer walking is allowed.
4948 if (is_string_ptr(btf, t))
4951 /* this is a pointer to another type */
4952 for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
4953 const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
4955 if (ctx_arg_info->offset == off) {
4956 if (!ctx_arg_info->btf_id) {
4957 bpf_log(log,"invalid btf_id for context argument offset %u\n", off);
4961 info->reg_type = ctx_arg_info->reg_type;
4962 info->btf = btf_vmlinux;
4963 info->btf_id = ctx_arg_info->btf_id;
4968 info->reg_type = PTR_TO_BTF_ID;
4970 enum bpf_prog_type tgt_type;
4972 if (tgt_prog->type == BPF_PROG_TYPE_EXT)
4973 tgt_type = tgt_prog->aux->saved_dst_prog_type;
4975 tgt_type = tgt_prog->type;
4977 ret = btf_translate_to_vmlinux(log, btf, t, tgt_type, arg);
4979 info->btf = btf_vmlinux;
4988 info->btf_id = t->type;
4989 t = btf_type_by_id(btf, t->type);
4990 /* skip modifiers */
4991 while (btf_type_is_modifier(t)) {
4992 info->btf_id = t->type;
4993 t = btf_type_by_id(btf, t->type);
4995 if (!btf_type_is_struct(t)) {
4997 "func '%s' arg%d type %s is not a struct\n",
4998 tname, arg, btf_kind_str[BTF_INFO_KIND(t->info)]);
5001 bpf_log(log, "func '%s' arg%d has btf_id %d type %s '%s'\n",
5002 tname, arg, info->btf_id, btf_kind_str[BTF_INFO_KIND(t->info)],
5003 __btf_name_by_offset(btf, t->name_off));
5007 enum bpf_struct_walk_result {
5014 static int btf_struct_walk(struct bpf_verifier_log *log, const struct btf *btf,
5015 const struct btf_type *t, int off, int size,
5018 u32 i, moff, mtrue_end, msize = 0, total_nelems = 0;
5019 const struct btf_type *mtype, *elem_type = NULL;
5020 const struct btf_member *member;
5021 const char *tname, *mname;
5022 u32 vlen, elem_id, mid;
5025 tname = __btf_name_by_offset(btf, t->name_off);
5026 if (!btf_type_is_struct(t)) {
5027 bpf_log(log, "Type '%s' is not a struct\n", tname);
5031 vlen = btf_type_vlen(t);
5032 if (off + size > t->size) {
5033 /* If the last element is a variable size array, we may
5034 * need to relax the rule.
5036 struct btf_array *array_elem;
5041 member = btf_type_member(t) + vlen - 1;
5042 mtype = btf_type_skip_modifiers(btf, member->type,
5044 if (!btf_type_is_array(mtype))
5047 array_elem = (struct btf_array *)(mtype + 1);
5048 if (array_elem->nelems != 0)
5051 moff = btf_member_bit_offset(t, member) / 8;
5055 /* Only allow structure for now, can be relaxed for
5056 * other types later.
5058 t = btf_type_skip_modifiers(btf, array_elem->type,
5060 if (!btf_type_is_struct(t))
5063 off = (off - moff) % t->size;
5067 bpf_log(log, "access beyond struct %s at off %u size %u\n",
5072 for_each_member(i, t, member) {
5073 /* offset of the field in bytes */
5074 moff = btf_member_bit_offset(t, member) / 8;
5075 if (off + size <= moff)
5076 /* won't find anything, field is already too far */
5079 if (btf_member_bitfield_size(t, member)) {
5080 u32 end_bit = btf_member_bit_offset(t, member) +
5081 btf_member_bitfield_size(t, member);
5083 /* off <= moff instead of off == moff because clang
5084 * does not generate a BTF member for anonymous
5085 * bitfield like the ":16" here:
5092 BITS_ROUNDUP_BYTES(end_bit) <= off + size)
5095 /* off may be accessing a following member
5099 * Doing partial access at either end of this
5100 * bitfield. Continue on this case also to
5101 * treat it as not accessing this bitfield
5102 * and eventually error out as field not
5103 * found to keep it simple.
5104 * It could be relaxed if there was a legit
5105 * partial access case later.
5110 /* In case of "off" is pointing to holes of a struct */
5114 /* type of the field */
5116 mtype = btf_type_by_id(btf, member->type);
5117 mname = __btf_name_by_offset(btf, member->name_off);
5119 mtype = __btf_resolve_size(btf, mtype, &msize,
5120 &elem_type, &elem_id, &total_nelems,
5122 if (IS_ERR(mtype)) {
5123 bpf_log(log, "field %s doesn't have size\n", mname);
5127 mtrue_end = moff + msize;
5128 if (off >= mtrue_end)
5129 /* no overlap with member, keep iterating */
5132 if (btf_type_is_array(mtype)) {
5135 /* __btf_resolve_size() above helps to
5136 * linearize a multi-dimensional array.
5138 * The logic here is treating an array
5139 * in a struct as the following way:
5142 * struct inner array[2][2];
5148 * struct inner array_elem0;
5149 * struct inner array_elem1;
5150 * struct inner array_elem2;
5151 * struct inner array_elem3;
5154 * When accessing outer->array[1][0], it moves
5155 * moff to "array_elem2", set mtype to
5156 * "struct inner", and msize also becomes
5157 * sizeof(struct inner). Then most of the
5158 * remaining logic will fall through without
5159 * caring the current member is an array or
5162 * Unlike mtype/msize/moff, mtrue_end does not
5163 * change. The naming difference ("_true") tells
5164 * that it is not always corresponding to
5165 * the current mtype/msize/moff.
5166 * It is the true end of the current
5167 * member (i.e. array in this case). That
5168 * will allow an int array to be accessed like
5170 * i.e. allow access beyond the size of
5171 * the array's element as long as it is
5172 * within the mtrue_end boundary.
5175 /* skip empty array */
5176 if (moff == mtrue_end)
5179 msize /= total_nelems;
5180 elem_idx = (off - moff) / msize;
5181 moff += elem_idx * msize;
5186 /* the 'off' we're looking for is either equal to start
5187 * of this field or inside of this struct
5189 if (btf_type_is_struct(mtype)) {
5190 /* our field must be inside that union or struct */
5193 /* return if the offset matches the member offset */
5199 /* adjust offset we're looking for */
5204 if (btf_type_is_ptr(mtype)) {
5205 const struct btf_type *stype;
5208 if (msize != size || off != moff) {
5210 "cannot access ptr member %s with moff %u in struct %s with off %u size %u\n",
5211 mname, moff, tname, off, size);
5214 stype = btf_type_skip_modifiers(btf, mtype->type, &id);
5215 if (btf_type_is_struct(stype)) {
5221 /* Allow more flexible access within an int as long as
5222 * it is within mtrue_end.
5223 * Since mtrue_end could be the end of an array,
5224 * that also allows using an array of int as a scratch
5225 * space. e.g. skb->cb[].
5227 if (off + size > mtrue_end) {
5229 "access beyond the end of member %s (mend:%u) in struct %s with off %u size %u\n",
5230 mname, mtrue_end, tname, off, size);
5236 bpf_log(log, "struct %s doesn't have field at offset %d\n", tname, off);
5240 int btf_struct_access(struct bpf_verifier_log *log, const struct btf *btf,
5241 const struct btf_type *t, int off, int size,
5242 enum bpf_access_type atype __maybe_unused,
5249 err = btf_struct_walk(log, btf, t, off, size, &id);
5253 /* If we found the pointer or scalar on t+off,
5257 return PTR_TO_BTF_ID;
5259 return SCALAR_VALUE;
5261 /* We found nested struct, so continue the search
5262 * by diving in it. At this point the offset is
5263 * aligned with the new type, so set it to 0.
5265 t = btf_type_by_id(btf, id);
5269 /* It's either error or unknown return value..
5272 if (WARN_ONCE(err > 0, "unknown btf_struct_walk return value"))
5281 /* Check that two BTF types, each specified as an BTF object + id, are exactly
5282 * the same. Trivial ID check is not enough due to module BTFs, because we can
5283 * end up with two different module BTFs, but IDs point to the common type in
5286 static bool btf_types_are_same(const struct btf *btf1, u32 id1,
5287 const struct btf *btf2, u32 id2)
5293 return btf_type_by_id(btf1, id1) == btf_type_by_id(btf2, id2);
5296 bool btf_struct_ids_match(struct bpf_verifier_log *log,
5297 const struct btf *btf, u32 id, int off,
5298 const struct btf *need_btf, u32 need_type_id)
5300 const struct btf_type *type;
5303 /* Are we already done? */
5304 if (off == 0 && btf_types_are_same(btf, id, need_btf, need_type_id))
5308 type = btf_type_by_id(btf, id);
5311 err = btf_struct_walk(log, btf, type, off, 1, &id);
5312 if (err != WALK_STRUCT)
5315 /* We found nested struct object. If it matches
5316 * the requested ID, we're done. Otherwise let's
5317 * continue the search with offset 0 in the new
5320 if (!btf_types_are_same(btf, id, need_btf, need_type_id)) {
5328 static int __get_type_size(struct btf *btf, u32 btf_id,
5329 const struct btf_type **bad_type)
5331 const struct btf_type *t;
5336 t = btf_type_by_id(btf, btf_id);
5337 while (t && btf_type_is_modifier(t))
5338 t = btf_type_by_id(btf, t->type);
5340 *bad_type = btf_type_by_id(btf, 0);
5343 if (btf_type_is_ptr(t))
5344 /* kernel size of pointer. Not BPF's size of pointer*/
5345 return sizeof(void *);
5346 if (btf_type_is_int(t) || btf_type_is_enum(t))
5352 int btf_distill_func_proto(struct bpf_verifier_log *log,
5354 const struct btf_type *func,
5356 struct btf_func_model *m)
5358 const struct btf_param *args;
5359 const struct btf_type *t;
5364 /* BTF function prototype doesn't match the verifier types.
5365 * Fall back to MAX_BPF_FUNC_REG_ARGS u64 args.
5367 for (i = 0; i < MAX_BPF_FUNC_REG_ARGS; i++)
5370 m->nr_args = MAX_BPF_FUNC_REG_ARGS;
5373 args = (const struct btf_param *)(func + 1);
5374 nargs = btf_type_vlen(func);
5375 if (nargs >= MAX_BPF_FUNC_ARGS) {
5377 "The function %s has %d arguments. Too many.\n",
5381 ret = __get_type_size(btf, func->type, &t);
5384 "The function %s return type %s is unsupported.\n",
5385 tname, btf_kind_str[BTF_INFO_KIND(t->info)]);
5390 for (i = 0; i < nargs; i++) {
5391 if (i == nargs - 1 && args[i].type == 0) {
5393 "The function %s with variable args is unsupported.\n",
5397 ret = __get_type_size(btf, args[i].type, &t);
5400 "The function %s arg%d type %s is unsupported.\n",
5401 tname, i, btf_kind_str[BTF_INFO_KIND(t->info)]);
5406 "The function %s has malformed void argument.\n",
5410 m->arg_size[i] = ret;
5416 /* Compare BTFs of two functions assuming only scalars and pointers to context.
5417 * t1 points to BTF_KIND_FUNC in btf1
5418 * t2 points to BTF_KIND_FUNC in btf2
5420 * EINVAL - function prototype mismatch
5421 * EFAULT - verifier bug
5422 * 0 - 99% match. The last 1% is validated by the verifier.
5424 static int btf_check_func_type_match(struct bpf_verifier_log *log,
5425 struct btf *btf1, const struct btf_type *t1,
5426 struct btf *btf2, const struct btf_type *t2)
5428 const struct btf_param *args1, *args2;
5429 const char *fn1, *fn2, *s1, *s2;
5430 u32 nargs1, nargs2, i;
5432 fn1 = btf_name_by_offset(btf1, t1->name_off);
5433 fn2 = btf_name_by_offset(btf2, t2->name_off);
5435 if (btf_func_linkage(t1) != BTF_FUNC_GLOBAL) {
5436 bpf_log(log, "%s() is not a global function\n", fn1);
5439 if (btf_func_linkage(t2) != BTF_FUNC_GLOBAL) {
5440 bpf_log(log, "%s() is not a global function\n", fn2);
5444 t1 = btf_type_by_id(btf1, t1->type);
5445 if (!t1 || !btf_type_is_func_proto(t1))
5447 t2 = btf_type_by_id(btf2, t2->type);
5448 if (!t2 || !btf_type_is_func_proto(t2))
5451 args1 = (const struct btf_param *)(t1 + 1);
5452 nargs1 = btf_type_vlen(t1);
5453 args2 = (const struct btf_param *)(t2 + 1);
5454 nargs2 = btf_type_vlen(t2);
5456 if (nargs1 != nargs2) {
5457 bpf_log(log, "%s() has %d args while %s() has %d args\n",
5458 fn1, nargs1, fn2, nargs2);
5462 t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
5463 t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
5464 if (t1->info != t2->info) {
5466 "Return type %s of %s() doesn't match type %s of %s()\n",
5467 btf_type_str(t1), fn1,
5468 btf_type_str(t2), fn2);
5472 for (i = 0; i < nargs1; i++) {
5473 t1 = btf_type_skip_modifiers(btf1, args1[i].type, NULL);
5474 t2 = btf_type_skip_modifiers(btf2, args2[i].type, NULL);
5476 if (t1->info != t2->info) {
5477 bpf_log(log, "arg%d in %s() is %s while %s() has %s\n",
5478 i, fn1, btf_type_str(t1),
5479 fn2, btf_type_str(t2));
5482 if (btf_type_has_size(t1) && t1->size != t2->size) {
5484 "arg%d in %s() has size %d while %s() has %d\n",
5490 /* global functions are validated with scalars and pointers
5491 * to context only. And only global functions can be replaced.
5492 * Hence type check only those types.
5494 if (btf_type_is_int(t1) || btf_type_is_enum(t1))
5496 if (!btf_type_is_ptr(t1)) {
5498 "arg%d in %s() has unrecognized type\n",
5502 t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
5503 t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
5504 if (!btf_type_is_struct(t1)) {
5506 "arg%d in %s() is not a pointer to context\n",
5510 if (!btf_type_is_struct(t2)) {
5512 "arg%d in %s() is not a pointer to context\n",
5516 /* This is an optional check to make program writing easier.
5517 * Compare names of structs and report an error to the user.
5518 * btf_prepare_func_args() already checked that t2 struct
5519 * is a context type. btf_prepare_func_args() will check
5520 * later that t1 struct is a context type as well.
5522 s1 = btf_name_by_offset(btf1, t1->name_off);
5523 s2 = btf_name_by_offset(btf2, t2->name_off);
5524 if (strcmp(s1, s2)) {
5526 "arg%d %s(struct %s *) doesn't match %s(struct %s *)\n",
5527 i, fn1, s1, fn2, s2);
5534 /* Compare BTFs of given program with BTF of target program */
5535 int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *prog,
5536 struct btf *btf2, const struct btf_type *t2)
5538 struct btf *btf1 = prog->aux->btf;
5539 const struct btf_type *t1;
5542 if (!prog->aux->func_info) {
5543 bpf_log(log, "Program extension requires BTF\n");
5547 btf_id = prog->aux->func_info[0].type_id;
5551 t1 = btf_type_by_id(btf1, btf_id);
5552 if (!t1 || !btf_type_is_func(t1))
5555 return btf_check_func_type_match(log, btf1, t1, btf2, t2);
5558 static u32 *reg2btf_ids[__BPF_REG_TYPE_MAX] = {
5560 [PTR_TO_SOCKET] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK],
5561 [PTR_TO_SOCK_COMMON] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON],
5562 [PTR_TO_TCP_SOCK] = &btf_sock_ids[BTF_SOCK_TYPE_TCP],
5566 static int btf_check_func_arg_match(struct bpf_verifier_env *env,
5567 const struct btf *btf, u32 func_id,
5568 struct bpf_reg_state *regs,
5571 struct bpf_verifier_log *log = &env->log;
5572 const char *func_name, *ref_tname;
5573 const struct btf_type *t, *ref_t;
5574 const struct btf_param *args;
5575 u32 i, nargs, ref_id;
5577 t = btf_type_by_id(btf, func_id);
5578 if (!t || !btf_type_is_func(t)) {
5579 /* These checks were already done by the verifier while loading
5580 * struct bpf_func_info or in add_kfunc_call().
5582 bpf_log(log, "BTF of func_id %u doesn't point to KIND_FUNC\n",
5586 func_name = btf_name_by_offset(btf, t->name_off);
5588 t = btf_type_by_id(btf, t->type);
5589 if (!t || !btf_type_is_func_proto(t)) {
5590 bpf_log(log, "Invalid BTF of func %s\n", func_name);
5593 args = (const struct btf_param *)(t + 1);
5594 nargs = btf_type_vlen(t);
5595 if (nargs > MAX_BPF_FUNC_REG_ARGS) {
5596 bpf_log(log, "Function %s has %d > %d args\n", func_name, nargs,
5597 MAX_BPF_FUNC_REG_ARGS);
5601 /* check that BTF function arguments match actual types that the
5604 for (i = 0; i < nargs; i++) {
5606 struct bpf_reg_state *reg = ®s[regno];
5608 t = btf_type_skip_modifiers(btf, args[i].type, NULL);
5609 if (btf_type_is_scalar(t)) {
5610 if (reg->type == SCALAR_VALUE)
5612 bpf_log(log, "R%d is not a scalar\n", regno);
5616 if (!btf_type_is_ptr(t)) {
5617 bpf_log(log, "Unrecognized arg#%d type %s\n",
5618 i, btf_type_str(t));
5622 ref_t = btf_type_skip_modifiers(btf, t->type, &ref_id);
5623 ref_tname = btf_name_by_offset(btf, ref_t->name_off);
5624 if (btf_is_kernel(btf)) {
5625 const struct btf_type *reg_ref_t;
5626 const struct btf *reg_btf;
5627 const char *reg_ref_tname;
5630 if (!btf_type_is_struct(ref_t)) {
5631 bpf_log(log, "kernel function %s args#%d pointer type %s %s is not supported\n",
5632 func_name, i, btf_type_str(ref_t),
5637 if (reg->type == PTR_TO_BTF_ID) {
5639 reg_ref_id = reg->btf_id;
5640 } else if (reg2btf_ids[reg->type]) {
5641 reg_btf = btf_vmlinux;
5642 reg_ref_id = *reg2btf_ids[reg->type];
5644 bpf_log(log, "kernel function %s args#%d expected pointer to %s %s but R%d is not a pointer to btf_id\n",
5646 btf_type_str(ref_t), ref_tname, regno);
5650 reg_ref_t = btf_type_skip_modifiers(reg_btf, reg_ref_id,
5652 reg_ref_tname = btf_name_by_offset(reg_btf,
5653 reg_ref_t->name_off);
5654 if (!btf_struct_ids_match(log, reg_btf, reg_ref_id,
5655 reg->off, btf, ref_id)) {
5656 bpf_log(log, "kernel function %s args#%d expected pointer to %s %s but R%d has a pointer to %s %s\n",
5658 btf_type_str(ref_t), ref_tname,
5659 regno, btf_type_str(reg_ref_t),
5663 } else if (btf_get_prog_ctx_type(log, btf, t,
5664 env->prog->type, i)) {
5665 /* If function expects ctx type in BTF check that caller
5666 * is passing PTR_TO_CTX.
5668 if (reg->type != PTR_TO_CTX) {
5670 "arg#%d expected pointer to ctx, but got %s\n",
5671 i, btf_type_str(t));
5674 if (check_ctx_reg(env, reg, regno))
5676 } else if (ptr_to_mem_ok) {
5677 const struct btf_type *resolve_ret;
5680 resolve_ret = btf_resolve_size(btf, ref_t, &type_size);
5681 if (IS_ERR(resolve_ret)) {
5683 "arg#%d reference type('%s %s') size cannot be determined: %ld\n",
5684 i, btf_type_str(ref_t), ref_tname,
5685 PTR_ERR(resolve_ret));
5689 if (check_mem_reg(env, reg, regno, type_size))
5699 /* Compare BTF of a function with given bpf_reg_state.
5701 * EFAULT - there is a verifier bug. Abort verification.
5702 * EINVAL - there is a type mismatch or BTF is not available.
5703 * 0 - BTF matches with what bpf_reg_state expects.
5704 * Only PTR_TO_CTX and SCALAR_VALUE states are recognized.
5706 int btf_check_subprog_arg_match(struct bpf_verifier_env *env, int subprog,
5707 struct bpf_reg_state *regs)
5709 struct bpf_prog *prog = env->prog;
5710 struct btf *btf = prog->aux->btf;
5715 if (!prog->aux->func_info)
5718 btf_id = prog->aux->func_info[subprog].type_id;
5722 if (prog->aux->func_info_aux[subprog].unreliable)
5725 is_global = prog->aux->func_info_aux[subprog].linkage == BTF_FUNC_GLOBAL;
5726 err = btf_check_func_arg_match(env, btf, btf_id, regs, is_global);
5728 /* Compiler optimizations can remove arguments from static functions
5729 * or mismatched type can be passed into a global function.
5730 * In such cases mark the function as unreliable from BTF point of view.
5733 prog->aux->func_info_aux[subprog].unreliable = true;
5737 int btf_check_kfunc_arg_match(struct bpf_verifier_env *env,
5738 const struct btf *btf, u32 func_id,
5739 struct bpf_reg_state *regs)
5741 return btf_check_func_arg_match(env, btf, func_id, regs, false);
5744 /* Convert BTF of a function into bpf_reg_state if possible
5746 * EFAULT - there is a verifier bug. Abort verification.
5747 * EINVAL - cannot convert BTF.
5748 * 0 - Successfully converted BTF into bpf_reg_state
5749 * (either PTR_TO_CTX or SCALAR_VALUE).
5751 int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog,
5752 struct bpf_reg_state *regs)
5754 struct bpf_verifier_log *log = &env->log;
5755 struct bpf_prog *prog = env->prog;
5756 enum bpf_prog_type prog_type = prog->type;
5757 struct btf *btf = prog->aux->btf;
5758 const struct btf_param *args;
5759 const struct btf_type *t, *ref_t;
5760 u32 i, nargs, btf_id;
5763 if (!prog->aux->func_info ||
5764 prog->aux->func_info_aux[subprog].linkage != BTF_FUNC_GLOBAL) {
5765 bpf_log(log, "Verifier bug\n");
5769 btf_id = prog->aux->func_info[subprog].type_id;
5771 bpf_log(log, "Global functions need valid BTF\n");
5775 t = btf_type_by_id(btf, btf_id);
5776 if (!t || !btf_type_is_func(t)) {
5777 /* These checks were already done by the verifier while loading
5778 * struct bpf_func_info
5780 bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n",
5784 tname = btf_name_by_offset(btf, t->name_off);
5786 if (log->level & BPF_LOG_LEVEL)
5787 bpf_log(log, "Validating %s() func#%d...\n",
5790 if (prog->aux->func_info_aux[subprog].unreliable) {
5791 bpf_log(log, "Verifier bug in function %s()\n", tname);
5794 if (prog_type == BPF_PROG_TYPE_EXT)
5795 prog_type = prog->aux->dst_prog->type;
5797 t = btf_type_by_id(btf, t->type);
5798 if (!t || !btf_type_is_func_proto(t)) {
5799 bpf_log(log, "Invalid type of function %s()\n", tname);
5802 args = (const struct btf_param *)(t + 1);
5803 nargs = btf_type_vlen(t);
5804 if (nargs > MAX_BPF_FUNC_REG_ARGS) {
5805 bpf_log(log, "Global function %s() with %d > %d args. Buggy compiler.\n",
5806 tname, nargs, MAX_BPF_FUNC_REG_ARGS);
5809 /* check that function returns int */
5810 t = btf_type_by_id(btf, t->type);
5811 while (btf_type_is_modifier(t))
5812 t = btf_type_by_id(btf, t->type);
5813 if (!btf_type_is_int(t) && !btf_type_is_enum(t)) {
5815 "Global function %s() doesn't return scalar. Only those are supported.\n",
5819 /* Convert BTF function arguments into verifier types.
5820 * Only PTR_TO_CTX and SCALAR are supported atm.
5822 for (i = 0; i < nargs; i++) {
5823 struct bpf_reg_state *reg = ®s[i + 1];
5825 t = btf_type_by_id(btf, args[i].type);
5826 while (btf_type_is_modifier(t))
5827 t = btf_type_by_id(btf, t->type);
5828 if (btf_type_is_int(t) || btf_type_is_enum(t)) {
5829 reg->type = SCALAR_VALUE;
5832 if (btf_type_is_ptr(t)) {
5833 if (btf_get_prog_ctx_type(log, btf, t, prog_type, i)) {
5834 reg->type = PTR_TO_CTX;
5838 t = btf_type_skip_modifiers(btf, t->type, NULL);
5840 ref_t = btf_resolve_size(btf, t, ®->mem_size);
5841 if (IS_ERR(ref_t)) {
5843 "arg#%d reference type('%s %s') size cannot be determined: %ld\n",
5844 i, btf_type_str(t), btf_name_by_offset(btf, t->name_off),
5849 reg->type = PTR_TO_MEM_OR_NULL;
5850 reg->id = ++env->id_gen;
5854 bpf_log(log, "Arg#%d type %s in %s() is not supported yet.\n",
5855 i, btf_kind_str[BTF_INFO_KIND(t->info)], tname);
5861 static void btf_type_show(const struct btf *btf, u32 type_id, void *obj,
5862 struct btf_show *show)
5864 const struct btf_type *t = btf_type_by_id(btf, type_id);
5867 memset(&show->state, 0, sizeof(show->state));
5868 memset(&show->obj, 0, sizeof(show->obj));
5870 btf_type_ops(t)->show(btf, t, type_id, obj, 0, show);
5873 static void btf_seq_show(struct btf_show *show, const char *fmt,
5876 seq_vprintf((struct seq_file *)show->target, fmt, args);
5879 int btf_type_seq_show_flags(const struct btf *btf, u32 type_id,
5880 void *obj, struct seq_file *m, u64 flags)
5882 struct btf_show sseq;
5885 sseq.showfn = btf_seq_show;
5888 btf_type_show(btf, type_id, obj, &sseq);
5890 return sseq.state.status;
5893 void btf_type_seq_show(const struct btf *btf, u32 type_id, void *obj,
5896 (void) btf_type_seq_show_flags(btf, type_id, obj, m,
5897 BTF_SHOW_NONAME | BTF_SHOW_COMPACT |
5898 BTF_SHOW_ZERO | BTF_SHOW_UNSAFE);
5901 struct btf_show_snprintf {
5902 struct btf_show show;
5903 int len_left; /* space left in string */
5904 int len; /* length we would have written */
5907 static void btf_snprintf_show(struct btf_show *show, const char *fmt,
5910 struct btf_show_snprintf *ssnprintf = (struct btf_show_snprintf *)show;
5913 len = vsnprintf(show->target, ssnprintf->len_left, fmt, args);
5916 ssnprintf->len_left = 0;
5917 ssnprintf->len = len;
5918 } else if (len > ssnprintf->len_left) {
5919 /* no space, drive on to get length we would have written */
5920 ssnprintf->len_left = 0;
5921 ssnprintf->len += len;
5923 ssnprintf->len_left -= len;
5924 ssnprintf->len += len;
5925 show->target += len;
5929 int btf_type_snprintf_show(const struct btf *btf, u32 type_id, void *obj,
5930 char *buf, int len, u64 flags)
5932 struct btf_show_snprintf ssnprintf;
5934 ssnprintf.show.target = buf;
5935 ssnprintf.show.flags = flags;
5936 ssnprintf.show.showfn = btf_snprintf_show;
5937 ssnprintf.len_left = len;
5940 btf_type_show(btf, type_id, obj, (struct btf_show *)&ssnprintf);
5942 /* If we encontered an error, return it. */
5943 if (ssnprintf.show.state.status)
5944 return ssnprintf.show.state.status;
5946 /* Otherwise return length we would have written */
5947 return ssnprintf.len;
5950 #ifdef CONFIG_PROC_FS
5951 static void bpf_btf_show_fdinfo(struct seq_file *m, struct file *filp)
5953 const struct btf *btf = filp->private_data;
5955 seq_printf(m, "btf_id:\t%u\n", btf->id);
5959 static int btf_release(struct inode *inode, struct file *filp)
5961 btf_put(filp->private_data);
5965 const struct file_operations btf_fops = {
5966 #ifdef CONFIG_PROC_FS
5967 .show_fdinfo = bpf_btf_show_fdinfo,
5969 .release = btf_release,
5972 static int __btf_new_fd(struct btf *btf)
5974 return anon_inode_getfd("btf", &btf_fops, btf, O_RDONLY | O_CLOEXEC);
5977 int btf_new_fd(const union bpf_attr *attr, bpfptr_t uattr)
5982 btf = btf_parse(make_bpfptr(attr->btf, uattr.is_kernel),
5983 attr->btf_size, attr->btf_log_level,
5984 u64_to_user_ptr(attr->btf_log_buf),
5985 attr->btf_log_size);
5987 return PTR_ERR(btf);
5989 ret = btf_alloc_id(btf);
5996 * The BTF ID is published to the userspace.
5997 * All BTF free must go through call_rcu() from
5998 * now on (i.e. free by calling btf_put()).
6001 ret = __btf_new_fd(btf);
6008 struct btf *btf_get_by_fd(int fd)
6016 return ERR_PTR(-EBADF);
6018 if (f.file->f_op != &btf_fops) {
6020 return ERR_PTR(-EINVAL);
6023 btf = f.file->private_data;
6024 refcount_inc(&btf->refcnt);
6030 int btf_get_info_by_fd(const struct btf *btf,
6031 const union bpf_attr *attr,
6032 union bpf_attr __user *uattr)
6034 struct bpf_btf_info __user *uinfo;
6035 struct bpf_btf_info info;
6036 u32 info_copy, btf_copy;
6039 u32 uinfo_len, uname_len, name_len;
6042 uinfo = u64_to_user_ptr(attr->info.info);
6043 uinfo_len = attr->info.info_len;
6045 info_copy = min_t(u32, uinfo_len, sizeof(info));
6046 memset(&info, 0, sizeof(info));
6047 if (copy_from_user(&info, uinfo, info_copy))
6051 ubtf = u64_to_user_ptr(info.btf);
6052 btf_copy = min_t(u32, btf->data_size, info.btf_size);
6053 if (copy_to_user(ubtf, btf->data, btf_copy))
6055 info.btf_size = btf->data_size;
6057 info.kernel_btf = btf->kernel_btf;
6059 uname = u64_to_user_ptr(info.name);
6060 uname_len = info.name_len;
6061 if (!uname ^ !uname_len)
6064 name_len = strlen(btf->name);
6065 info.name_len = name_len;
6068 if (uname_len >= name_len + 1) {
6069 if (copy_to_user(uname, btf->name, name_len + 1))
6074 if (copy_to_user(uname, btf->name, uname_len - 1))
6076 if (put_user(zero, uname + uname_len - 1))
6078 /* let user-space know about too short buffer */
6083 if (copy_to_user(uinfo, &info, info_copy) ||
6084 put_user(info_copy, &uattr->info.info_len))
6090 int btf_get_fd_by_id(u32 id)
6096 btf = idr_find(&btf_idr, id);
6097 if (!btf || !refcount_inc_not_zero(&btf->refcnt))
6098 btf = ERR_PTR(-ENOENT);
6102 return PTR_ERR(btf);
6104 fd = __btf_new_fd(btf);
6111 u32 btf_obj_id(const struct btf *btf)
6116 bool btf_is_kernel(const struct btf *btf)
6118 return btf->kernel_btf;
6121 bool btf_is_module(const struct btf *btf)
6123 return btf->kernel_btf && strcmp(btf->name, "vmlinux") != 0;
6126 static int btf_id_cmp_func(const void *a, const void *b)
6128 const int *pa = a, *pb = b;
6133 bool btf_id_set_contains(const struct btf_id_set *set, u32 id)
6135 return bsearch(&id, set->ids, set->cnt, sizeof(u32), btf_id_cmp_func) != NULL;
6138 #ifdef CONFIG_DEBUG_INFO_BTF_MODULES
6140 struct list_head list;
6141 struct module *module;
6143 struct bin_attribute *sysfs_attr;
6146 static LIST_HEAD(btf_modules);
6147 static DEFINE_MUTEX(btf_module_mutex);
6150 btf_module_read(struct file *file, struct kobject *kobj,
6151 struct bin_attribute *bin_attr,
6152 char *buf, loff_t off, size_t len)
6154 const struct btf *btf = bin_attr->private;
6156 memcpy(buf, btf->data + off, len);
6160 static int btf_module_notify(struct notifier_block *nb, unsigned long op,
6163 struct btf_module *btf_mod, *tmp;
6164 struct module *mod = module;
6168 if (mod->btf_data_size == 0 ||
6169 (op != MODULE_STATE_COMING && op != MODULE_STATE_GOING))
6173 case MODULE_STATE_COMING:
6174 btf_mod = kzalloc(sizeof(*btf_mod), GFP_KERNEL);
6179 btf = btf_parse_module(mod->name, mod->btf_data, mod->btf_data_size);
6181 pr_warn("failed to validate module [%s] BTF: %ld\n",
6182 mod->name, PTR_ERR(btf));
6187 err = btf_alloc_id(btf);
6194 mutex_lock(&btf_module_mutex);
6195 btf_mod->module = module;
6197 list_add(&btf_mod->list, &btf_modules);
6198 mutex_unlock(&btf_module_mutex);
6200 if (IS_ENABLED(CONFIG_SYSFS)) {
6201 struct bin_attribute *attr;
6203 attr = kzalloc(sizeof(*attr), GFP_KERNEL);
6207 sysfs_bin_attr_init(attr);
6208 attr->attr.name = btf->name;
6209 attr->attr.mode = 0444;
6210 attr->size = btf->data_size;
6211 attr->private = btf;
6212 attr->read = btf_module_read;
6214 err = sysfs_create_bin_file(btf_kobj, attr);
6216 pr_warn("failed to register module [%s] BTF in sysfs: %d\n",
6223 btf_mod->sysfs_attr = attr;
6227 case MODULE_STATE_GOING:
6228 mutex_lock(&btf_module_mutex);
6229 list_for_each_entry_safe(btf_mod, tmp, &btf_modules, list) {
6230 if (btf_mod->module != module)
6233 list_del(&btf_mod->list);
6234 if (btf_mod->sysfs_attr)
6235 sysfs_remove_bin_file(btf_kobj, btf_mod->sysfs_attr);
6236 btf_put(btf_mod->btf);
6237 kfree(btf_mod->sysfs_attr);
6241 mutex_unlock(&btf_module_mutex);
6245 return notifier_from_errno(err);
6248 static struct notifier_block btf_module_nb = {
6249 .notifier_call = btf_module_notify,
6252 static int __init btf_module_init(void)
6254 register_module_notifier(&btf_module_nb);
6258 fs_initcall(btf_module_init);
6259 #endif /* CONFIG_DEBUG_INFO_BTF_MODULES */
6261 struct module *btf_try_get_module(const struct btf *btf)
6263 struct module *res = NULL;
6264 #ifdef CONFIG_DEBUG_INFO_BTF_MODULES
6265 struct btf_module *btf_mod, *tmp;
6267 mutex_lock(&btf_module_mutex);
6268 list_for_each_entry_safe(btf_mod, tmp, &btf_modules, list) {
6269 if (btf_mod->btf != btf)
6272 if (try_module_get(btf_mod->module))
6273 res = btf_mod->module;
6277 mutex_unlock(&btf_module_mutex);
6283 BPF_CALL_4(bpf_btf_find_by_name_kind, char *, name, int, name_sz, u32, kind, int, flags)
6291 if (name_sz <= 1 || name[name_sz - 1])
6294 btf = bpf_get_btf_vmlinux();
6296 return PTR_ERR(btf);
6298 ret = btf_find_by_name_kind(btf, name, kind);
6299 /* ret is never zero, since btf_find_by_name_kind returns
6300 * positive btf_id or negative error.
6303 struct btf *mod_btf;
6306 /* If name is not found in vmlinux's BTF then search in module's BTFs */
6307 spin_lock_bh(&btf_idr_lock);
6308 idr_for_each_entry(&btf_idr, mod_btf, id) {
6309 if (!btf_is_module(mod_btf))
6311 /* linear search could be slow hence unlock/lock
6312 * the IDR to avoiding holding it for too long
6315 spin_unlock_bh(&btf_idr_lock);
6316 ret = btf_find_by_name_kind(mod_btf, name, kind);
6320 btf_obj_fd = __btf_new_fd(mod_btf);
6321 if (btf_obj_fd < 0) {
6325 return ret | (((u64)btf_obj_fd) << 32);
6327 spin_lock_bh(&btf_idr_lock);
6330 spin_unlock_bh(&btf_idr_lock);
6335 const struct bpf_func_proto bpf_btf_find_by_name_kind_proto = {
6336 .func = bpf_btf_find_by_name_kind,
6338 .ret_type = RET_INTEGER,
6339 .arg1_type = ARG_PTR_TO_MEM,
6340 .arg2_type = ARG_CONST_SIZE,
6341 .arg3_type = ARG_ANYTHING,
6342 .arg4_type = ARG_ANYTHING,
6345 BTF_ID_LIST_GLOBAL_SINGLE(btf_task_struct_ids, struct, task_struct)
6347 /* BTF ID set registration API for modules */
6349 struct kfunc_btf_id_list {
6350 struct list_head list;
6354 #ifdef CONFIG_DEBUG_INFO_BTF_MODULES
6356 void register_kfunc_btf_id_set(struct kfunc_btf_id_list *l,
6357 struct kfunc_btf_id_set *s)
6359 mutex_lock(&l->mutex);
6360 list_add(&s->list, &l->list);
6361 mutex_unlock(&l->mutex);
6363 EXPORT_SYMBOL_GPL(register_kfunc_btf_id_set);
6365 void unregister_kfunc_btf_id_set(struct kfunc_btf_id_list *l,
6366 struct kfunc_btf_id_set *s)
6368 mutex_lock(&l->mutex);
6369 list_del_init(&s->list);
6370 mutex_unlock(&l->mutex);
6372 EXPORT_SYMBOL_GPL(unregister_kfunc_btf_id_set);
6374 bool bpf_check_mod_kfunc_call(struct kfunc_btf_id_list *klist, u32 kfunc_id,
6375 struct module *owner)
6377 struct kfunc_btf_id_set *s;
6381 mutex_lock(&klist->mutex);
6382 list_for_each_entry(s, &klist->list, list) {
6383 if (s->owner == owner && btf_id_set_contains(s->set, kfunc_id)) {
6384 mutex_unlock(&klist->mutex);
6388 mutex_unlock(&klist->mutex);
6394 #define DEFINE_KFUNC_BTF_ID_LIST(name) \
6395 struct kfunc_btf_id_list name = { LIST_HEAD_INIT(name.list), \
6396 __MUTEX_INITIALIZER(name.mutex) }; \
6397 EXPORT_SYMBOL_GPL(name)
6399 DEFINE_KFUNC_BTF_ID_LIST(bpf_tcp_ca_kfunc_list);
6400 DEFINE_KFUNC_BTF_ID_LIST(prog_test_kfunc_list);
projects / linux.git / blob