projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
bpf: btf: Check array->index_type
[linux-2.6-block.git] / kernel / bpf / btf.c
CommitLineData
69b693f0
MKL		 1/* SPDX-License-Identifier: GPL-2.0 */
2/* Copyright (c) 2018 Facebook */
3
4#include <uapi/linux/btf.h>
5#include <uapi/linux/types.h>
b00b8dae 6#include <linux/seq_file.h>
69b693f0
MKL		 7#include <linux/compiler.h>
8#include <linux/errno.h>
9#include <linux/slab.h>
f56a653c
MKL		 10#include <linux/anon_inodes.h>
11#include <linux/file.h>
69b693f0
MKL		 12#include <linux/uaccess.h>
13#include <linux/kernel.h>
78958fca 14#include <linux/idr.h>
f80442a4 15#include <linux/sort.h>
69b693f0
MKL		 16#include <linux/bpf_verifier.h>
17#include <linux/btf.h>
18
19/* BTF (BPF Type Format) is the meta data format which describes
20 * the data types of BPF program/map. Hence, it basically focus
21 * on the C programming language which the modern BPF is primary
22 * using.
23 *
24 * ELF Section:
25 * ~~~~~~~~~~~
26 * The BTF data is stored under the ".BTF" ELF section
27 *
28 * struct btf_type:
29 * ~~~~~~~~~~~~~~~
30 * Each 'struct btf_type' object describes a C data type.
31 * Depending on the type it is describing, a 'struct btf_type'
32 * object may be followed by more data. F.e.
33 * To describe an array, 'struct btf_type' is followed by
34 * 'struct btf_array'.
35 *
36 * 'struct btf_type' and any extra data following it are
37 * 4 bytes aligned.
38 *
39 * Type section:
40 * ~~~~~~~~~~~~~
41 * The BTF type section contains a list of 'struct btf_type' objects.
42 * Each one describes a C type. Recall from the above section
43 * that a 'struct btf_type' object could be immediately followed by extra
44 * data in order to desribe some particular C types.
45 *
46 * type_id:
47 * ~~~~~~~
48 * Each btf_type object is identified by a type_id. The type_id
49 * is implicitly implied by the location of the btf_type object in
50 * the BTF type section. The first one has type_id 1. The second
51 * one has type_id 2...etc. Hence, an earlier btf_type has
52 * a smaller type_id.
53 *
54 * A btf_type object may refer to another btf_type object by using
55 * type_id (i.e. the "type" in the "struct btf_type").
56 *
57 * NOTE that we cannot assume any reference-order.
58 * A btf_type object can refer to an earlier btf_type object
59 * but it can also refer to a later btf_type object.
60 *
61 * For example, to describe "const void *". A btf_type
62 * object describing "const" may refer to another btf_type
63 * object describing "void *". This type-reference is done
64 * by specifying type_id:
65 *
66 * [1] CONST (anon) type_id=2
67 * [2] PTR (anon) type_id=0
68 *
69 * The above is the btf_verifier debug log:
70 * - Each line started with "[?]" is a btf_type object
71 * - [?] is the type_id of the btf_type object.
72 * - CONST/PTR is the BTF_KIND_XXX
73 * - "(anon)" is the name of the type. It just
74 * happens that CONST and PTR has no name.
75 * - type_id=XXX is the 'u32 type' in btf_type
76 *
77 * NOTE: "void" has type_id 0
78 *
79 * String section:
80 * ~~~~~~~~~~~~~~
81 * The BTF string section contains the names used by the type section.
82 * Each string is referred by an "offset" from the beginning of the
83 * string section.
84 *
85 * Each string is '\0' terminated.
86 *
87 * The first character in the string section must be '\0'
88 * which is used to mean 'anonymous'. Some btf_type may not
89 * have a name.
90 */
91
92/* BTF verification:
93 *
94 * To verify BTF data, two passes are needed.
95 *
96 * Pass #1
97 * ~~~~~~~
98 * The first pass is to collect all btf_type objects to
99 * an array: "btf->types".
100 *
101 * Depending on the C type that a btf_type is describing,
102 * a btf_type may be followed by extra data. We don't know
103 * how many btf_type is there, and more importantly we don't
104 * know where each btf_type is located in the type section.
105 *
106 * Without knowing the location of each type_id, most verifications
107 * cannot be done. e.g. an earlier btf_type may refer to a later
108 * btf_type (recall the "const void *" above), so we cannot
109 * check this type-reference in the first pass.
110 *
111 * In the first pass, it still does some verifications (e.g.
112 * checking the name is a valid offset to the string section).
eb3f595d
MKL		 113 *
114 * Pass #2
115 * ~~~~~~~
116 * The main focus is to resolve a btf_type that is referring
117 * to another type.
118 *
119 * We have to ensure the referring type:
120 * 1) does exist in the BTF (i.e. in btf->types[])
121 * 2) does not cause a loop:
122 * struct A {
123 * struct B b;
124 * };
125 *
126 * struct B {
127 * struct A a;
128 * };
129 *
130 * btf_type_needs_resolve() decides if a btf_type needs
131 * to be resolved.
132 *
133 * The needs_resolve type implements the "resolve()" ops which
134 * essentially does a DFS and detects backedge.
135 *
136 * During resolve (or DFS), different C types have different
137 * "RESOLVED" conditions.
138 *
139 * When resolving a BTF_KIND_STRUCT, we need to resolve all its
140 * members because a member is always referring to another
141 * type. A struct's member can be treated as "RESOLVED" if
142 * it is referring to a BTF_KIND_PTR. Otherwise, the
143 * following valid C struct would be rejected:
144 *
145 * struct A {
146 * int m;
147 * struct A *a;
148 * };
149 *
150 * When resolving a BTF_KIND_PTR, it needs to keep resolving if
151 * it is referring to another BTF_KIND_PTR. Otherwise, we cannot
152 * detect a pointer loop, e.g.:
153 * BTF_KIND_CONST -> BTF_KIND_PTR -> BTF_KIND_CONST -> BTF_KIND_PTR +
154 * ^ |
155 * +-----------------------------------------+
156 *
69b693f0
MKL		 157 */
158
159#define BITS_PER_U64 (sizeof(u64) * BITS_PER_BYTE)
160#define BITS_PER_BYTE_MASK (BITS_PER_BYTE - 1)
161#define BITS_PER_BYTE_MASKED(bits) ((bits) & BITS_PER_BYTE_MASK)
162#define BITS_ROUNDDOWN_BYTES(bits) ((bits) >> 3)
163#define BITS_ROUNDUP_BYTES(bits) \
164 (BITS_ROUNDDOWN_BYTES(bits) + !!BITS_PER_BYTE_MASKED(bits))
165
166/* 16MB for 64k structs and each has 16 members and
167 * a few MB spaces for the string section.
168 * The hard limit is S32_MAX.
169 */
170#define BTF_MAX_SIZE (16 * 1024 * 1024)
171/* 64k. We can raise it later. The hard limit is S32_MAX. */
172#define BTF_MAX_NR_TYPES 65535
173
174#define for_each_member(i, struct_type, member) \
175 for (i = 0, member = btf_type_member(struct_type); \
176 i < btf_type_vlen(struct_type); \
177 i++, member++)
178
eb3f595d
MKL		 179#define for_each_member_from(i, from, struct_type, member) \
180 for (i = from, member = btf_type_member(struct_type) + from; \
181 i < btf_type_vlen(struct_type); \
182 i++, member++)
183
78958fca
MKL		 184static DEFINE_IDR(btf_idr);
185static DEFINE_SPINLOCK(btf_idr_lock);
186
69b693f0 187struct btf {
f80442a4 188 void *data;
69b693f0 189 struct btf_type **types;
eb3f595d
MKL		 190 u32 *resolved_ids;
191 u32 *resolved_sizes;
69b693f0
MKL		 192 const char *strings;
193 void *nohdr_data;
f80442a4 194 struct btf_header hdr;
69b693f0
MKL		 195 u32 nr_types;
196 u32 types_size;
197 u32 data_size;
f56a653c 198 refcount_t refcnt;
78958fca
MKL		 199 u32 id;
200 struct rcu_head rcu;
69b693f0
MKL		 201};
202
eb3f595d
MKL		 203enum verifier_phase {
204 CHECK_META,
205 CHECK_TYPE,
206};
207
208struct resolve_vertex {
209 const struct btf_type *t;
210 u32 type_id;
211 u16 next_member;
212};
213
214enum visit_state {
215 NOT_VISITED,
216 VISITED,
217 RESOLVED,
218};
219
220enum resolve_mode {
221 RESOLVE_TBD, /* To Be Determined */
222 RESOLVE_PTR, /* Resolving for Pointer */
223 RESOLVE_STRUCT_OR_ARRAY, /* Resolving for struct/union
224 * or array
225 */
226};
227
228#define MAX_RESOLVE_DEPTH 32
229
f80442a4
MKL		 230struct btf_sec_info {
231 u32 off;
232 u32 len;
233};
234
69b693f0
MKL		 235struct btf_verifier_env {
236 struct btf *btf;
eb3f595d
MKL		 237 u8 *visit_states;
238 struct resolve_vertex stack[MAX_RESOLVE_DEPTH];
69b693f0
MKL		 239 struct bpf_verifier_log log;
240 u32 log_type_id;
eb3f595d
MKL		 241 u32 top_stack;
242 enum verifier_phase phase;
243 enum resolve_mode resolve_mode;
69b693f0
MKL		 244};
245
246static const char * const btf_kind_str[NR_BTF_KINDS] = {
247 [BTF_KIND_UNKN] = "UNKNOWN",
248 [BTF_KIND_INT] = "INT",
249 [BTF_KIND_PTR] = "PTR",
250 [BTF_KIND_ARRAY] = "ARRAY",
251 [BTF_KIND_STRUCT] = "STRUCT",
252 [BTF_KIND_UNION] = "UNION",
253 [BTF_KIND_ENUM] = "ENUM",
254 [BTF_KIND_FWD] = "FWD",
255 [BTF_KIND_TYPEDEF] = "TYPEDEF",
256 [BTF_KIND_VOLATILE] = "VOLATILE",
257 [BTF_KIND_CONST] = "CONST",
258 [BTF_KIND_RESTRICT] = "RESTRICT",
259};
260
261struct btf_kind_operations {
262 s32 (*check_meta)(struct btf_verifier_env *env,
263 const struct btf_type *t,
264 u32 meta_left);
eb3f595d
MKL		 265 int (*resolve)(struct btf_verifier_env *env,
266 const struct resolve_vertex *v);
179cde8c
MKL		 267 int (*check_member)(struct btf_verifier_env *env,
268 const struct btf_type *struct_type,
269 const struct btf_member *member,
270 const struct btf_type *member_type);
69b693f0
MKL		 271 void (*log_details)(struct btf_verifier_env *env,
272 const struct btf_type *t);
b00b8dae
MKL		 273 void (*seq_show)(const struct btf *btf, const struct btf_type *t,
274 u32 type_id, void *data, u8 bits_offsets,
275 struct seq_file *m);
69b693f0
MKL		 276};
277
278static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS];
279static struct btf_type btf_void;
280
eb3f595d
MKL		 281static bool btf_type_is_modifier(const struct btf_type *t)
282{
283 /* Some of them is not strictly a C modifier
284 * but they are grouped into the same bucket
285 * for BTF concern:
286 * A type (t) that refers to another
287 * type through t->type AND its size cannot
288 * be determined without following the t->type.
289 *
290 * ptr does not fall into this bucket
291 * because its size is always sizeof(void *).
292 */
293 switch (BTF_INFO_KIND(t->info)) {
294 case BTF_KIND_TYPEDEF:
295 case BTF_KIND_VOLATILE:
296 case BTF_KIND_CONST:
297 case BTF_KIND_RESTRICT:
298 return true;
299 }
300
301 return false;
302}
303
304static bool btf_type_is_void(const struct btf_type *t)
305{
306 /* void => no type and size info.
307 * Hence, FWD is also treated as void.
308 */
309 return t == &btf_void || BTF_INFO_KIND(t->info) == BTF_KIND_FWD;
310}
311
312static bool btf_type_is_void_or_null(const struct btf_type *t)
313{
314 return !t || btf_type_is_void(t);
315}
316
317/* union is only a special case of struct:
318 * all its offsetof(member) == 0
319 */
320static bool btf_type_is_struct(const struct btf_type *t)
321{
322 u8 kind = BTF_INFO_KIND(t->info);
323
324 return kind == BTF_KIND_STRUCT || kind == BTF_KIND_UNION;
325}
326
327static bool btf_type_is_array(const struct btf_type *t)
328{
329 return BTF_INFO_KIND(t->info) == BTF_KIND_ARRAY;
330}
331
332static bool btf_type_is_ptr(const struct btf_type *t)
333{
334 return BTF_INFO_KIND(t->info) == BTF_KIND_PTR;
335}
336
337static bool btf_type_is_int(const struct btf_type *t)
338{
339 return BTF_INFO_KIND(t->info) == BTF_KIND_INT;
340}
341
342/* What types need to be resolved?
343 *
344 * btf_type_is_modifier() is an obvious one.
345 *
346 * btf_type_is_struct() because its member refers to
347 * another type (through member->type).
348
349 * btf_type_is_array() because its element (array->type)
350 * refers to another type. Array can be thought of a
351 * special case of struct while array just has the same
352 * member-type repeated by array->nelems of times.
353 */
354static bool btf_type_needs_resolve(const struct btf_type *t)
355{
356 return btf_type_is_modifier(t) ||
357 btf_type_is_ptr(t) ||
358 btf_type_is_struct(t) ||
359 btf_type_is_array(t);
360}
361
362/* t->size can be used */
363static bool btf_type_has_size(const struct btf_type *t)
364{
365 switch (BTF_INFO_KIND(t->info)) {
366 case BTF_KIND_INT:
367 case BTF_KIND_STRUCT:
368 case BTF_KIND_UNION:
369 case BTF_KIND_ENUM:
370 return true;
371 }
372
373 return false;
374}
375
69b693f0
MKL		 376static const char *btf_int_encoding_str(u8 encoding)
377{
378 if (encoding == 0)
379 return "(none)";
380 else if (encoding == BTF_INT_SIGNED)
381 return "SIGNED";
382 else if (encoding == BTF_INT_CHAR)
383 return "CHAR";
384 else if (encoding == BTF_INT_BOOL)
385 return "BOOL";
386 else if (encoding == BTF_INT_VARARGS)
387 return "VARARGS";
388 else
389 return "UNKN";
390}
391
392static u16 btf_type_vlen(const struct btf_type *t)
393{
394 return BTF_INFO_VLEN(t->info);
395}
396
397static u32 btf_type_int(const struct btf_type *t)
398{
399 return *(u32 *)(t + 1);
400}
401
402static const struct btf_array *btf_type_array(const struct btf_type *t)
403{
404 return (const struct btf_array *)(t + 1);
405}
406
407static const struct btf_member *btf_type_member(const struct btf_type *t)
408{
409 return (const struct btf_member *)(t + 1);
410}
411
412static const struct btf_enum *btf_type_enum(const struct btf_type *t)
413{
414 return (const struct btf_enum *)(t + 1);
415}
416
417static const struct btf_kind_operations *btf_type_ops(const struct btf_type *t)
418{
419 return kind_ops[BTF_INFO_KIND(t->info)];
420}
421
422static bool btf_name_offset_valid(const struct btf *btf, u32 offset)
423{
424 return !BTF_STR_TBL_ELF_ID(offset) &&
f80442a4 425 BTF_STR_OFFSET(offset) < btf->hdr.str_len;
69b693f0
MKL		 426}
427
428static const char *btf_name_by_offset(const struct btf *btf, u32 offset)
429{
430 if (!BTF_STR_OFFSET(offset))
431 return "(anon)";
f80442a4 432 else if (BTF_STR_OFFSET(offset) < btf->hdr.str_len)
69b693f0
MKL		 433 return &btf->strings[BTF_STR_OFFSET(offset)];
434 else
435 return "(invalid-name-offset)";
436}
437
eb3f595d
MKL		 438static const struct btf_type *btf_type_by_id(const struct btf *btf, u32 type_id)
439{
440 if (type_id > btf->nr_types)
441 return NULL;
442
443 return btf->types[type_id];
444}
445
4ef5f574
MKL		 446/*
447 * Regular int is not a bit field and it must be either
448 * u8/u16/u32/u64.
449 */
450static bool btf_type_int_is_regular(const struct btf_type *t)
451{
452 u16 nr_bits, nr_bytes;
453 u32 int_data;
454
455 int_data = btf_type_int(t);
456 nr_bits = BTF_INT_BITS(int_data);
457 nr_bytes = BITS_ROUNDUP_BYTES(nr_bits);
458 if (BITS_PER_BYTE_MASKED(nr_bits) ||
459 BTF_INT_OFFSET(int_data) ||
460 (nr_bytes != sizeof(u8) && nr_bytes != sizeof(u16) &&
461 nr_bytes != sizeof(u32) && nr_bytes != sizeof(u64))) {
462 return false;
463 }
464
465 return true;
466}
467
69b693f0
MKL		 468__printf(2, 3) static void __btf_verifier_log(struct bpf_verifier_log *log,
469 const char *fmt, ...)
470{
471 va_list args;
472
473 va_start(args, fmt);
474 bpf_verifier_vlog(log, fmt, args);
475 va_end(args);
476}
477
478__printf(2, 3) static void btf_verifier_log(struct btf_verifier_env *env,
479 const char *fmt, ...)
480{
481 struct bpf_verifier_log *log = &env->log;
482 va_list args;
483
484 if (!bpf_verifier_log_needed(log))
485 return;
486
487 va_start(args, fmt);
488 bpf_verifier_vlog(log, fmt, args);
489 va_end(args);
490}
491
492__printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,
493 const struct btf_type *t,
494 bool log_details,
495 const char *fmt, ...)
496{
497 struct bpf_verifier_log *log = &env->log;
498 u8 kind = BTF_INFO_KIND(t->info);
499 struct btf *btf = env->btf;
500 va_list args;
501
502 if (!bpf_verifier_log_needed(log))
503 return;
504
505 __btf_verifier_log(log, "[%u] %s %s%s",
506 env->log_type_id,
507 btf_kind_str[kind],
fbcf93eb 508 btf_name_by_offset(btf, t->name_off),
69b693f0
MKL		 509 log_details ? " " : "");
510
511 if (log_details)
512 btf_type_ops(t)->log_details(env, t);
513
514 if (fmt && *fmt) {
515 __btf_verifier_log(log, " ");
516 va_start(args, fmt);
517 bpf_verifier_vlog(log, fmt, args);
518 va_end(args);
519 }
520
521 __btf_verifier_log(log, "\n");
522}
523
524#define btf_verifier_log_type(env, t, ...) \
525 __btf_verifier_log_type((env), (t), true, __VA_ARGS__)
526#define btf_verifier_log_basic(env, t, ...) \
527 __btf_verifier_log_type((env), (t), false, __VA_ARGS__)
528
529__printf(4, 5)
530static void btf_verifier_log_member(struct btf_verifier_env *env,
531 const struct btf_type *struct_type,
532 const struct btf_member *member,
533 const char *fmt, ...)
534{
535 struct bpf_verifier_log *log = &env->log;
536 struct btf *btf = env->btf;
537 va_list args;
538
539 if (!bpf_verifier_log_needed(log))
540 return;
541
eb3f595d
MKL		 542 /* The CHECK_META phase already did a btf dump.
543 *
544 * If member is logged again, it must hit an error in
545 * parsing this member. It is useful to print out which
546 * struct this member belongs to.
547 */
548 if (env->phase != CHECK_META)
549 btf_verifier_log_type(env, struct_type, NULL);
550
69b693f0 551 __btf_verifier_log(log, "\t%s type_id=%u bits_offset=%u",
fbcf93eb 552 btf_name_by_offset(btf, member->name_off),
69b693f0
MKL		 553 member->type, member->offset);
554
555 if (fmt && *fmt) {
556 __btf_verifier_log(log, " ");
557 va_start(args, fmt);
558 bpf_verifier_vlog(log, fmt, args);
559 va_end(args);
560 }
561
562 __btf_verifier_log(log, "\n");
563}
564
f80442a4
MKL		 565static void btf_verifier_log_hdr(struct btf_verifier_env *env,
566 u32 btf_data_size)
69b693f0
MKL		 567{
568 struct bpf_verifier_log *log = &env->log;
569 const struct btf *btf = env->btf;
570 const struct btf_header *hdr;
571
572 if (!bpf_verifier_log_needed(log))
573 return;
574
f80442a4 575 hdr = &btf->hdr;
69b693f0
MKL		 576 __btf_verifier_log(log, "magic: 0x%x\n", hdr->magic);
577 __btf_verifier_log(log, "version: %u\n", hdr->version);
578 __btf_verifier_log(log, "flags: 0x%x\n", hdr->flags);
f80442a4 579 __btf_verifier_log(log, "hdr_len: %u\n", hdr->hdr_len);
69b693f0 580 __btf_verifier_log(log, "type_off: %u\n", hdr->type_off);
f80442a4 581 __btf_verifier_log(log, "type_len: %u\n", hdr->type_len);
69b693f0
MKL		 582 __btf_verifier_log(log, "str_off: %u\n", hdr->str_off);
583 __btf_verifier_log(log, "str_len: %u\n", hdr->str_len);
f80442a4 584 __btf_verifier_log(log, "btf_total_size: %u\n", btf_data_size);
69b693f0
MKL		 585}
586
587static int btf_add_type(struct btf_verifier_env *env, struct btf_type *t)
588{
589 struct btf *btf = env->btf;
590
591 /* < 2 because +1 for btf_void which is always in btf->types[0].
592 * btf_void is not accounted in btf->nr_types because btf_void
593 * does not come from the BTF file.
594 */
595 if (btf->types_size - btf->nr_types < 2) {
596 /* Expand 'types' array */
597
598 struct btf_type **new_types;
599 u32 expand_by, new_size;
600
601 if (btf->types_size == BTF_MAX_NR_TYPES) {
602 btf_verifier_log(env, "Exceeded max num of types");
603 return -E2BIG;
604 }
605
606 expand_by = max_t(u32, btf->types_size >> 2, 16);
607 new_size = min_t(u32, BTF_MAX_NR_TYPES,
608 btf->types_size + expand_by);
609
610 new_types = kvzalloc(new_size * sizeof(*new_types),
611 GFP_KERNEL | __GFP_NOWARN);
612 if (!new_types)
613 return -ENOMEM;
614
615 if (btf->nr_types == 0)
616 new_types[0] = &btf_void;
617 else
618 memcpy(new_types, btf->types,
619 sizeof(*btf->types) * (btf->nr_types + 1));
620
621 kvfree(btf->types);
622 btf->types = new_types;
623 btf->types_size = new_size;
624 }
625
626 btf->types[++(btf->nr_types)] = t;
627
628 return 0;
629}
630
78958fca
MKL		 631static int btf_alloc_id(struct btf *btf)
632{
633 int id;
634
635 idr_preload(GFP_KERNEL);
636 spin_lock_bh(&btf_idr_lock);
637 id = idr_alloc_cyclic(&btf_idr, btf, 1, INT_MAX, GFP_ATOMIC);
638 if (id > 0)
639 btf->id = id;
640 spin_unlock_bh(&btf_idr_lock);
641 idr_preload_end();
642
643 if (WARN_ON_ONCE(!id))
644 return -ENOSPC;
645
646 return id > 0 ? 0 : id;
647}
648
649static void btf_free_id(struct btf *btf)
650{
651 unsigned long flags;
652
653 /*
654 * In map-in-map, calling map_delete_elem() on outer
655 * map will call bpf_map_put on the inner map.
656 * It will then eventually call btf_free_id()
657 * on the inner map. Some of the map_delete_elem()
658 * implementation may have irq disabled, so
659 * we need to use the _irqsave() version instead
660 * of the _bh() version.
661 */
662 spin_lock_irqsave(&btf_idr_lock, flags);
663 idr_remove(&btf_idr, btf->id);
664 spin_unlock_irqrestore(&btf_idr_lock, flags);
665}
666
69b693f0
MKL		 667static void btf_free(struct btf *btf)
668{
669 kvfree(btf->types);
eb3f595d
MKL		 670 kvfree(btf->resolved_sizes);
671 kvfree(btf->resolved_ids);
69b693f0
MKL		 672 kvfree(btf->data);
673 kfree(btf);
674}
675
78958fca 676static void btf_free_rcu(struct rcu_head *rcu)
f56a653c 677{
78958fca
MKL		 678 struct btf *btf = container_of(rcu, struct btf, rcu);
679
680 btf_free(btf);
f56a653c
MKL		 681}
682
683void btf_put(struct btf *btf)
684{
78958fca
MKL		 685 if (btf && refcount_dec_and_test(&btf->refcnt)) {
686 btf_free_id(btf);
687 call_rcu(&btf->rcu, btf_free_rcu);
688 }
f56a653c
MKL		 689}
690
eb3f595d
MKL		 691static int env_resolve_init(struct btf_verifier_env *env)
692{
693 struct btf *btf = env->btf;
694 u32 nr_types = btf->nr_types;
695 u32 *resolved_sizes = NULL;
696 u32 *resolved_ids = NULL;
697 u8 *visit_states = NULL;
698
699 /* +1 for btf_void */
700 resolved_sizes = kvzalloc((nr_types + 1) * sizeof(*resolved_sizes),
701 GFP_KERNEL | __GFP_NOWARN);
702 if (!resolved_sizes)
703 goto nomem;
704
705 resolved_ids = kvzalloc((nr_types + 1) * sizeof(*resolved_ids),
706 GFP_KERNEL | __GFP_NOWARN);
707 if (!resolved_ids)
708 goto nomem;
709
710 visit_states = kvzalloc((nr_types + 1) * sizeof(*visit_states),
711 GFP_KERNEL | __GFP_NOWARN);
712 if (!visit_states)
713 goto nomem;
714
715 btf->resolved_sizes = resolved_sizes;
716 btf->resolved_ids = resolved_ids;
717 env->visit_states = visit_states;
718
719 return 0;
720
721nomem:
722 kvfree(resolved_sizes);
723 kvfree(resolved_ids);
724 kvfree(visit_states);
725 return -ENOMEM;
726}
727
69b693f0
MKL		 728static void btf_verifier_env_free(struct btf_verifier_env *env)
729{
eb3f595d 730 kvfree(env->visit_states);
69b693f0
MKL		 731 kfree(env);
732}
733
eb3f595d
MKL		 734static bool env_type_is_resolve_sink(const struct btf_verifier_env *env,
735 const struct btf_type *next_type)
736{
737 switch (env->resolve_mode) {
738 case RESOLVE_TBD:
739 /* int, enum or void is a sink */
740 return !btf_type_needs_resolve(next_type);
741 case RESOLVE_PTR:
742 /* int, enum, void, struct or array is a sink for ptr */
743 return !btf_type_is_modifier(next_type) &&
744 !btf_type_is_ptr(next_type);
745 case RESOLVE_STRUCT_OR_ARRAY:
746 /* int, enum, void or ptr is a sink for struct and array */
747 return !btf_type_is_modifier(next_type) &&
748 !btf_type_is_array(next_type) &&
749 !btf_type_is_struct(next_type);
750 default:
751 BUG_ON(1);
752 }
753}
754
755static bool env_type_is_resolved(const struct btf_verifier_env *env,
756 u32 type_id)
757{
758 return env->visit_states[type_id] == RESOLVED;
759}
760
761static int env_stack_push(struct btf_verifier_env *env,
762 const struct btf_type *t, u32 type_id)
763{
764 struct resolve_vertex *v;
765
766 if (env->top_stack == MAX_RESOLVE_DEPTH)
767 return -E2BIG;
768
769 if (env->visit_states[type_id] != NOT_VISITED)
770 return -EEXIST;
771
772 env->visit_states[type_id] = VISITED;
773
774 v = &env->stack[env->top_stack++];
775 v->t = t;
776 v->type_id = type_id;
777 v->next_member = 0;
778
779 if (env->resolve_mode == RESOLVE_TBD) {
780 if (btf_type_is_ptr(t))
781 env->resolve_mode = RESOLVE_PTR;
782 else if (btf_type_is_struct(t) || btf_type_is_array(t))
783 env->resolve_mode = RESOLVE_STRUCT_OR_ARRAY;
784 }
785
786 return 0;
787}
788
789static void env_stack_set_next_member(struct btf_verifier_env *env,
790 u16 next_member)
791{
792 env->stack[env->top_stack - 1].next_member = next_member;
793}
794
795static void env_stack_pop_resolved(struct btf_verifier_env *env,
796 u32 resolved_type_id,
797 u32 resolved_size)
798{
799 u32 type_id = env->stack[--(env->top_stack)].type_id;
800 struct btf *btf = env->btf;
801
802 btf->resolved_sizes[type_id] = resolved_size;
803 btf->resolved_ids[type_id] = resolved_type_id;
804 env->visit_states[type_id] = RESOLVED;
805}
806
807static const struct resolve_vertex *env_stack_peak(struct btf_verifier_env *env)
808{
809 return env->top_stack ? &env->stack[env->top_stack - 1] : NULL;
810}
811
812/* The input param "type_id" must point to a needs_resolve type */
813static const struct btf_type *btf_type_id_resolve(const struct btf *btf,
814 u32 *type_id)
815{
816 *type_id = btf->resolved_ids[*type_id];
817 return btf_type_by_id(btf, *type_id);
818}
819
820const struct btf_type *btf_type_id_size(const struct btf *btf,
821 u32 *type_id, u32 *ret_size)
822{
823 const struct btf_type *size_type;
824 u32 size_type_id = *type_id;
825 u32 size = 0;
826
827 size_type = btf_type_by_id(btf, size_type_id);
828 if (btf_type_is_void_or_null(size_type))
829 return NULL;
830
831 if (btf_type_has_size(size_type)) {
832 size = size_type->size;
833 } else if (btf_type_is_array(size_type)) {
834 size = btf->resolved_sizes[size_type_id];
835 } else if (btf_type_is_ptr(size_type)) {
836 size = sizeof(void *);
837 } else {
838 if (WARN_ON_ONCE(!btf_type_is_modifier(size_type)))
839 return NULL;
840
841 size = btf->resolved_sizes[size_type_id];
842 size_type_id = btf->resolved_ids[size_type_id];
843 size_type = btf_type_by_id(btf, size_type_id);
844 if (btf_type_is_void(size_type))
845 return NULL;
846 }
847
848 *type_id = size_type_id;
849 if (ret_size)
850 *ret_size = size;
851
852 return size_type;
853}
854
179cde8c
MKL		 855static int btf_df_check_member(struct btf_verifier_env *env,
856 const struct btf_type *struct_type,
857 const struct btf_member *member,
858 const struct btf_type *member_type)
859{
860 btf_verifier_log_basic(env, struct_type,
861 "Unsupported check_member");
862 return -EINVAL;
863}
864
eb3f595d
MKL		 865static int btf_df_resolve(struct btf_verifier_env *env,
866 const struct resolve_vertex *v)
867{
868 btf_verifier_log_basic(env, v->t, "Unsupported resolve");
869 return -EINVAL;
870}
871
b00b8dae
MKL		 872static void btf_df_seq_show(const struct btf *btf, const struct btf_type *t,
873 u32 type_id, void *data, u8 bits_offsets,
874 struct seq_file *m)
875{
876 seq_printf(m, "<unsupported kind:%u>", BTF_INFO_KIND(t->info));
877}
878
179cde8c
MKL		 879static int btf_int_check_member(struct btf_verifier_env *env,
880 const struct btf_type *struct_type,
881 const struct btf_member *member,
882 const struct btf_type *member_type)
883{
884 u32 int_data = btf_type_int(member_type);
885 u32 struct_bits_off = member->offset;
886 u32 struct_size = struct_type->size;
887 u32 nr_copy_bits;
888 u32 bytes_offset;
889
890 if (U32_MAX - struct_bits_off < BTF_INT_OFFSET(int_data)) {
891 btf_verifier_log_member(env, struct_type, member,
892 "bits_offset exceeds U32_MAX");
893 return -EINVAL;
894 }
895
896 struct_bits_off += BTF_INT_OFFSET(int_data);
897 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
898 nr_copy_bits = BTF_INT_BITS(int_data) +
899 BITS_PER_BYTE_MASKED(struct_bits_off);
900
901 if (nr_copy_bits > BITS_PER_U64) {
902 btf_verifier_log_member(env, struct_type, member,
903 "nr_copy_bits exceeds 64");
904 return -EINVAL;
905 }
906
907 if (struct_size < bytes_offset ||
908 struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
909 btf_verifier_log_member(env, struct_type, member,
910 "Member exceeds struct_size");
911 return -EINVAL;
912 }
913
914 return 0;
915}
916
69b693f0
MKL		 917static s32 btf_int_check_meta(struct btf_verifier_env *env,
918 const struct btf_type *t,
919 u32 meta_left)
920{
921 u32 int_data, nr_bits, meta_needed = sizeof(int_data);
922 u16 encoding;
923
924 if (meta_left < meta_needed) {
925 btf_verifier_log_basic(env, t,
926 "meta_left:%u meta_needed:%u",
927 meta_left, meta_needed);
928 return -EINVAL;
929 }
930
931 if (btf_type_vlen(t)) {
932 btf_verifier_log_type(env, t, "vlen != 0");
933 return -EINVAL;
934 }
935
936 int_data = btf_type_int(t);
937 nr_bits = BTF_INT_BITS(int_data) + BTF_INT_OFFSET(int_data);
938
939 if (nr_bits > BITS_PER_U64) {
940 btf_verifier_log_type(env, t, "nr_bits exceeds %zu",
941 BITS_PER_U64);
942 return -EINVAL;
943 }
944
945 if (BITS_ROUNDUP_BYTES(nr_bits) > t->size) {
946 btf_verifier_log_type(env, t, "nr_bits exceeds type_size");
947 return -EINVAL;
948 }
949
950 encoding = BTF_INT_ENCODING(int_data);
951 if (encoding &&
952 encoding != BTF_INT_SIGNED &&
953 encoding != BTF_INT_CHAR &&
954 encoding != BTF_INT_BOOL &&
955 encoding != BTF_INT_VARARGS) {
956 btf_verifier_log_type(env, t, "Unsupported encoding");
957 return -ENOTSUPP;
958 }
959
960 btf_verifier_log_type(env, t, NULL);
961
962 return meta_needed;
963}
964
965static void btf_int_log(struct btf_verifier_env *env,
966 const struct btf_type *t)
967{
968 int int_data = btf_type_int(t);
969
970 btf_verifier_log(env,
971 "size=%u bits_offset=%u nr_bits=%u encoding=%s",
972 t->size, BTF_INT_OFFSET(int_data),
973 BTF_INT_BITS(int_data),
974 btf_int_encoding_str(BTF_INT_ENCODING(int_data)));
975}
976
b00b8dae
MKL		 977static void btf_int_bits_seq_show(const struct btf *btf,
978 const struct btf_type *t,
979 void *data, u8 bits_offset,
980 struct seq_file *m)
981{
982 u32 int_data = btf_type_int(t);
983 u16 nr_bits = BTF_INT_BITS(int_data);
984 u16 total_bits_offset;
985 u16 nr_copy_bytes;
986 u16 nr_copy_bits;
987 u8 nr_upper_bits;
988 union {
989 u64 u64_num;
990 u8 u8_nums[8];
991 } print_num;
992
993 total_bits_offset = bits_offset + BTF_INT_OFFSET(int_data);
994 data += BITS_ROUNDDOWN_BYTES(total_bits_offset);
995 bits_offset = BITS_PER_BYTE_MASKED(total_bits_offset);
996 nr_copy_bits = nr_bits + bits_offset;
997 nr_copy_bytes = BITS_ROUNDUP_BYTES(nr_copy_bits);
998
999 print_num.u64_num = 0;
1000 memcpy(&print_num.u64_num, data, nr_copy_bytes);
1001
1002 /* Ditch the higher order bits */
1003 nr_upper_bits = BITS_PER_BYTE_MASKED(nr_copy_bits);
1004 if (nr_upper_bits) {
1005 /* We need to mask out some bits of the upper byte. */
1006 u8 mask = (1 << nr_upper_bits) - 1;
1007
1008 print_num.u8_nums[nr_copy_bytes - 1] &= mask;
1009 }
1010
1011 print_num.u64_num >>= bits_offset;
1012
1013 seq_printf(m, "0x%llx", print_num.u64_num);
1014}
1015
1016static void btf_int_seq_show(const struct btf *btf, const struct btf_type *t,
1017 u32 type_id, void *data, u8 bits_offset,
1018 struct seq_file *m)
1019{
1020 u32 int_data = btf_type_int(t);
1021 u8 encoding = BTF_INT_ENCODING(int_data);
1022 bool sign = encoding & BTF_INT_SIGNED;
1023 u32 nr_bits = BTF_INT_BITS(int_data);
1024
1025 if (bits_offset || BTF_INT_OFFSET(int_data) ||
1026 BITS_PER_BYTE_MASKED(nr_bits)) {
1027 btf_int_bits_seq_show(btf, t, data, bits_offset, m);
1028 return;
1029 }
1030
1031 switch (nr_bits) {
1032 case 64:
1033 if (sign)
1034 seq_printf(m, "%lld", *(s64 *)data);
1035 else
1036 seq_printf(m, "%llu", *(u64 *)data);
1037 break;
1038 case 32:
1039 if (sign)
1040 seq_printf(m, "%d", *(s32 *)data);
1041 else
1042 seq_printf(m, "%u", *(u32 *)data);
1043 break;
1044 case 16:
1045 if (sign)
1046 seq_printf(m, "%d", *(s16 *)data);
1047 else
1048 seq_printf(m, "%u", *(u16 *)data);
1049 break;
1050 case 8:
1051 if (sign)
1052 seq_printf(m, "%d", *(s8 *)data);
1053 else
1054 seq_printf(m, "%u", *(u8 *)data);
1055 break;
1056 default:
1057 btf_int_bits_seq_show(btf, t, data, bits_offset, m);
1058 }
1059}
1060
69b693f0
MKL		 1061static const struct btf_kind_operations int_ops = {
1062 .check_meta = btf_int_check_meta,
eb3f595d 1063 .resolve = btf_df_resolve,
179cde8c 1064 .check_member = btf_int_check_member,
69b693f0 1065 .log_details = btf_int_log,
b00b8dae 1066 .seq_show = btf_int_seq_show,
69b693f0
MKL		 1067};
1068
179cde8c
MKL		 1069static int btf_modifier_check_member(struct btf_verifier_env *env,
1070 const struct btf_type *struct_type,
1071 const struct btf_member *member,
1072 const struct btf_type *member_type)
1073{
1074 const struct btf_type *resolved_type;
1075 u32 resolved_type_id = member->type;
1076 struct btf_member resolved_member;
1077 struct btf *btf = env->btf;
1078
1079 resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
1080 if (!resolved_type) {
1081 btf_verifier_log_member(env, struct_type, member,
1082 "Invalid member");
1083 return -EINVAL;
1084 }
1085
1086 resolved_member = *member;
1087 resolved_member.type = resolved_type_id;
1088
1089 return btf_type_ops(resolved_type)->check_member(env, struct_type,
1090 &resolved_member,
1091 resolved_type);
1092}
1093
1094static int btf_ptr_check_member(struct btf_verifier_env *env,
1095 const struct btf_type *struct_type,
1096 const struct btf_member *member,
1097 const struct btf_type *member_type)
1098{
1099 u32 struct_size, struct_bits_off, bytes_offset;
1100
1101 struct_size = struct_type->size;
1102 struct_bits_off = member->offset;
1103 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1104
1105 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
1106 btf_verifier_log_member(env, struct_type, member,
1107 "Member is not byte aligned");
1108 return -EINVAL;
1109 }
1110
1111 if (struct_size - bytes_offset < sizeof(void *)) {
1112 btf_verifier_log_member(env, struct_type, member,
1113 "Member exceeds struct_size");
1114 return -EINVAL;
1115 }
1116
1117 return 0;
1118}
1119
69b693f0
MKL		 1120static int btf_ref_type_check_meta(struct btf_verifier_env *env,
1121 const struct btf_type *t,
1122 u32 meta_left)
1123{
1124 if (btf_type_vlen(t)) {
1125 btf_verifier_log_type(env, t, "vlen != 0");
1126 return -EINVAL;
1127 }
1128
1129 if (BTF_TYPE_PARENT(t->type)) {
1130 btf_verifier_log_type(env, t, "Invalid type_id");
1131 return -EINVAL;
1132 }
1133
1134 btf_verifier_log_type(env, t, NULL);
1135
1136 return 0;
1137}
1138
eb3f595d
MKL		 1139static int btf_modifier_resolve(struct btf_verifier_env *env,
1140 const struct resolve_vertex *v)
1141{
1142 const struct btf_type *t = v->t;
1143 const struct btf_type *next_type;
1144 u32 next_type_id = t->type;
1145 struct btf *btf = env->btf;
1146 u32 next_type_size = 0;
1147
1148 next_type = btf_type_by_id(btf, next_type_id);
1149 if (!next_type) {
1150 btf_verifier_log_type(env, v->t, "Invalid type_id");
1151 return -EINVAL;
1152 }
1153
1154 /* "typedef void new_void", "const void"...etc */
1155 if (btf_type_is_void(next_type))
1156 goto resolved;
1157
1158 if (!env_type_is_resolve_sink(env, next_type) &&
1159 !env_type_is_resolved(env, next_type_id))
1160 return env_stack_push(env, next_type, next_type_id);
1161
1162 /* Figure out the resolved next_type_id with size.
1163 * They will be stored in the current modifier's
1164 * resolved_ids and resolved_sizes such that it can
1165 * save us a few type-following when we use it later (e.g. in
1166 * pretty print).
1167 */
1168 if (!btf_type_id_size(btf, &next_type_id, &next_type_size) &&
1169 !btf_type_is_void(btf_type_id_resolve(btf, &next_type_id))) {
1170 btf_verifier_log_type(env, v->t, "Invalid type_id");
1171 return -EINVAL;
1172 }
1173
1174resolved:
1175 env_stack_pop_resolved(env, next_type_id, next_type_size);
1176
1177 return 0;
1178}
1179
1180static int btf_ptr_resolve(struct btf_verifier_env *env,
1181 const struct resolve_vertex *v)
1182{
1183 const struct btf_type *next_type;
1184 const struct btf_type *t = v->t;
1185 u32 next_type_id = t->type;
1186 struct btf *btf = env->btf;
1187 u32 next_type_size = 0;
1188
1189 next_type = btf_type_by_id(btf, next_type_id);
1190 if (!next_type) {
1191 btf_verifier_log_type(env, v->t, "Invalid type_id");
1192 return -EINVAL;
1193 }
1194
1195 /* "void *" */
1196 if (btf_type_is_void(next_type))
1197 goto resolved;
1198
1199 if (!env_type_is_resolve_sink(env, next_type) &&
1200 !env_type_is_resolved(env, next_type_id))
1201 return env_stack_push(env, next_type, next_type_id);
1202
1203 /* If the modifier was RESOLVED during RESOLVE_STRUCT_OR_ARRAY,
1204 * the modifier may have stopped resolving when it was resolved
1205 * to a ptr (last-resolved-ptr).
1206 *
1207 * We now need to continue from the last-resolved-ptr to
1208 * ensure the last-resolved-ptr will not referring back to
1209 * the currenct ptr (t).
1210 */
1211 if (btf_type_is_modifier(next_type)) {
1212 const struct btf_type *resolved_type;
1213 u32 resolved_type_id;
1214
1215 resolved_type_id = next_type_id;
1216 resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
1217
1218 if (btf_type_is_ptr(resolved_type) &&
1219 !env_type_is_resolve_sink(env, resolved_type) &&
1220 !env_type_is_resolved(env, resolved_type_id))
1221 return env_stack_push(env, resolved_type,
1222 resolved_type_id);
1223 }
1224
1225 if (!btf_type_id_size(btf, &next_type_id, &next_type_size) &&
1226 !btf_type_is_void(btf_type_id_resolve(btf, &next_type_id))) {
1227 btf_verifier_log_type(env, v->t, "Invalid type_id");
1228 return -EINVAL;
1229 }
1230
1231resolved:
1232 env_stack_pop_resolved(env, next_type_id, 0);
1233
1234 return 0;
1235}
1236
b00b8dae
MKL		 1237static void btf_modifier_seq_show(const struct btf *btf,
1238 const struct btf_type *t,
1239 u32 type_id, void *data,
1240 u8 bits_offset, struct seq_file *m)
1241{
1242 t = btf_type_id_resolve(btf, &type_id);
1243
1244 btf_type_ops(t)->seq_show(btf, t, type_id, data, bits_offset, m);
1245}
1246
1247static void btf_ptr_seq_show(const struct btf *btf, const struct btf_type *t,
1248 u32 type_id, void *data, u8 bits_offset,
1249 struct seq_file *m)
1250{
1251 /* It is a hashed value */
1252 seq_printf(m, "%p", *(void **)data);
1253}
1254
69b693f0
MKL		 1255static void btf_ref_type_log(struct btf_verifier_env *env,
1256 const struct btf_type *t)
1257{
1258 btf_verifier_log(env, "type_id=%u", t->type);
1259}
1260
1261static struct btf_kind_operations modifier_ops = {
1262 .check_meta = btf_ref_type_check_meta,
eb3f595d 1263 .resolve = btf_modifier_resolve,
179cde8c 1264 .check_member = btf_modifier_check_member,
69b693f0 1265 .log_details = btf_ref_type_log,
b00b8dae 1266 .seq_show = btf_modifier_seq_show,
69b693f0
MKL		 1267};
1268
1269static struct btf_kind_operations ptr_ops = {
1270 .check_meta = btf_ref_type_check_meta,
eb3f595d 1271 .resolve = btf_ptr_resolve,
179cde8c 1272 .check_member = btf_ptr_check_member,
69b693f0 1273 .log_details = btf_ref_type_log,
b00b8dae 1274 .seq_show = btf_ptr_seq_show,
69b693f0
MKL		 1275};
1276
1277static struct btf_kind_operations fwd_ops = {
1278 .check_meta = btf_ref_type_check_meta,
eb3f595d 1279 .resolve = btf_df_resolve,
179cde8c 1280 .check_member = btf_df_check_member,
69b693f0 1281 .log_details = btf_ref_type_log,
b00b8dae 1282 .seq_show = btf_df_seq_show,
69b693f0
MKL		 1283};
1284
179cde8c
MKL		 1285static int btf_array_check_member(struct btf_verifier_env *env,
1286 const struct btf_type *struct_type,
1287 const struct btf_member *member,
1288 const struct btf_type *member_type)
1289{
1290 u32 struct_bits_off = member->offset;
1291 u32 struct_size, bytes_offset;
1292 u32 array_type_id, array_size;
1293 struct btf *btf = env->btf;
1294
1295 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
1296 btf_verifier_log_member(env, struct_type, member,
1297 "Member is not byte aligned");
1298 return -EINVAL;
1299 }
1300
1301 array_type_id = member->type;
1302 btf_type_id_size(btf, &array_type_id, &array_size);
1303 struct_size = struct_type->size;
1304 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1305 if (struct_size - bytes_offset < array_size) {
1306 btf_verifier_log_member(env, struct_type, member,
1307 "Member exceeds struct_size");
1308 return -EINVAL;
1309 }
1310
1311 return 0;
1312}
1313
69b693f0
MKL		 1314static s32 btf_array_check_meta(struct btf_verifier_env *env,
1315 const struct btf_type *t,
1316 u32 meta_left)
1317{
1318 const struct btf_array *array = btf_type_array(t);
1319 u32 meta_needed = sizeof(*array);
1320
1321 if (meta_left < meta_needed) {
1322 btf_verifier_log_basic(env, t,
1323 "meta_left:%u meta_needed:%u",
1324 meta_left, meta_needed);
1325 return -EINVAL;
1326 }
1327
1328 if (btf_type_vlen(t)) {
1329 btf_verifier_log_type(env, t, "vlen != 0");
1330 return -EINVAL;
1331 }
1332
4ef5f574
MKL		 1333 /* Array elem type and index type cannot be in type void,
1334 * so !array->type and !array->index_type are not allowed.
69b693f0
MKL		 1335 */
1336 if (!array->type || BTF_TYPE_PARENT(array->type)) {
4ef5f574
MKL		 1337 btf_verifier_log_type(env, t, "Invalid elem");
1338 return -EINVAL;
1339 }
1340
1341 if (!array->index_type || BTF_TYPE_PARENT(array->index_type)) {
1342 btf_verifier_log_type(env, t, "Invalid index");
69b693f0
MKL		 1343 return -EINVAL;
1344 }
1345
1346 btf_verifier_log_type(env, t, NULL);
1347
1348 return meta_needed;
1349}
1350
eb3f595d
MKL		 1351static int btf_array_resolve(struct btf_verifier_env *env,
1352 const struct resolve_vertex *v)
1353{
1354 const struct btf_array *array = btf_type_array(v->t);
4ef5f574
MKL		 1355 const struct btf_type *elem_type, *index_type;
1356 u32 elem_type_id, index_type_id;
eb3f595d
MKL		 1357 struct btf *btf = env->btf;
1358 u32 elem_size;
1359
4ef5f574
MKL		 1360 /* Check array->index_type */
1361 index_type_id = array->index_type;
1362 index_type = btf_type_by_id(btf, index_type_id);
1363 if (btf_type_is_void_or_null(index_type)) {
1364 btf_verifier_log_type(env, v->t, "Invalid index");
1365 return -EINVAL;
1366 }
1367
1368 if (!env_type_is_resolve_sink(env, index_type) &&
1369 !env_type_is_resolved(env, index_type_id))
1370 return env_stack_push(env, index_type, index_type_id);
1371
1372 index_type = btf_type_id_size(btf, &index_type_id, NULL);
1373 if (!index_type || !btf_type_is_int(index_type) ||
1374 !btf_type_int_is_regular(index_type)) {
1375 btf_verifier_log_type(env, v->t, "Invalid index");
1376 return -EINVAL;
1377 }
1378
1379 /* Check array->type */
1380 elem_type_id = array->type;
eb3f595d
MKL		 1381 elem_type = btf_type_by_id(btf, elem_type_id);
1382 if (btf_type_is_void_or_null(elem_type)) {
1383 btf_verifier_log_type(env, v->t,
1384 "Invalid elem");
1385 return -EINVAL;
1386 }
1387
1388 if (!env_type_is_resolve_sink(env, elem_type) &&
1389 !env_type_is_resolved(env, elem_type_id))
1390 return env_stack_push(env, elem_type, elem_type_id);
1391
1392 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
1393 if (!elem_type) {
1394 btf_verifier_log_type(env, v->t, "Invalid elem");
1395 return -EINVAL;
1396 }
1397
4ef5f574
MKL		 1398 if (btf_type_is_int(elem_type) && !btf_type_int_is_regular(elem_type)) {
1399 btf_verifier_log_type(env, v->t, "Invalid array of int");
1400 return -EINVAL;
eb3f595d
MKL		 1401 }
1402
1403 if (array->nelems && elem_size > U32_MAX / array->nelems) {
1404 btf_verifier_log_type(env, v->t,
1405 "Array size overflows U32_MAX");
1406 return -EINVAL;
1407 }
1408
1409 env_stack_pop_resolved(env, elem_type_id, elem_size * array->nelems);
1410
1411 return 0;
1412}
1413
69b693f0
MKL		 1414static void btf_array_log(struct btf_verifier_env *env,
1415 const struct btf_type *t)
1416{
1417 const struct btf_array *array = btf_type_array(t);
1418
1419 btf_verifier_log(env, "type_id=%u index_type_id=%u nr_elems=%u",
1420 array->type, array->index_type, array->nelems);
1421}
1422
b00b8dae
MKL		 1423static void btf_array_seq_show(const struct btf *btf, const struct btf_type *t,
1424 u32 type_id, void *data, u8 bits_offset,
1425 struct seq_file *m)
1426{
1427 const struct btf_array *array = btf_type_array(t);
1428 const struct btf_kind_operations *elem_ops;
1429 const struct btf_type *elem_type;
1430 u32 i, elem_size, elem_type_id;
1431
1432 elem_type_id = array->type;
1433 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
1434 elem_ops = btf_type_ops(elem_type);
1435 seq_puts(m, "[");
1436 for (i = 0; i < array->nelems; i++) {
1437 if (i)
1438 seq_puts(m, ",");
1439
1440 elem_ops->seq_show(btf, elem_type, elem_type_id, data,
1441 bits_offset, m);
1442 data += elem_size;
1443 }
1444 seq_puts(m, "]");
1445}
1446
69b693f0
MKL		 1447static struct btf_kind_operations array_ops = {
1448 .check_meta = btf_array_check_meta,
eb3f595d 1449 .resolve = btf_array_resolve,
179cde8c 1450 .check_member = btf_array_check_member,
69b693f0 1451 .log_details = btf_array_log,
b00b8dae 1452 .seq_show = btf_array_seq_show,
69b693f0
MKL		 1453};
1454
179cde8c
MKL		 1455static int btf_struct_check_member(struct btf_verifier_env *env,
1456 const struct btf_type *struct_type,
1457 const struct btf_member *member,
1458 const struct btf_type *member_type)
1459{
1460 u32 struct_bits_off = member->offset;
1461 u32 struct_size, bytes_offset;
1462
1463 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
1464 btf_verifier_log_member(env, struct_type, member,
1465 "Member is not byte aligned");
1466 return -EINVAL;
1467 }
1468
1469 struct_size = struct_type->size;
1470 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1471 if (struct_size - bytes_offset < member_type->size) {
1472 btf_verifier_log_member(env, struct_type, member,
1473 "Member exceeds struct_size");
1474 return -EINVAL;
1475 }
1476
1477 return 0;
1478}
1479
69b693f0
MKL		 1480static s32 btf_struct_check_meta(struct btf_verifier_env *env,
1481 const struct btf_type *t,
1482 u32 meta_left)
1483{
1484 bool is_union = BTF_INFO_KIND(t->info) == BTF_KIND_UNION;
1485 const struct btf_member *member;
1486 struct btf *btf = env->btf;
1487 u32 struct_size = t->size;
1488 u32 meta_needed;
1489 u16 i;
1490
1491 meta_needed = btf_type_vlen(t) * sizeof(*member);
1492 if (meta_left < meta_needed) {
1493 btf_verifier_log_basic(env, t,
1494 "meta_left:%u meta_needed:%u",
1495 meta_left, meta_needed);
1496 return -EINVAL;
1497 }
1498
1499 btf_verifier_log_type(env, t, NULL);
1500
1501 for_each_member(i, t, member) {
fbcf93eb 1502 if (!btf_name_offset_valid(btf, member->name_off)) {
69b693f0
MKL		 1503 btf_verifier_log_member(env, t, member,
1504 "Invalid member name_offset:%u",
fbcf93eb 1505 member->name_off);
69b693f0
MKL		 1506 return -EINVAL;
1507 }
1508
1509 /* A member cannot be in type void */
1510 if (!member->type || BTF_TYPE_PARENT(member->type)) {
1511 btf_verifier_log_member(env, t, member,
1512 "Invalid type_id");
1513 return -EINVAL;
1514 }
1515
1516 if (is_union && member->offset) {
1517 btf_verifier_log_member(env, t, member,
1518 "Invalid member bits_offset");
1519 return -EINVAL;
1520 }
1521
1522 if (BITS_ROUNDUP_BYTES(member->offset) > struct_size) {
1523 btf_verifier_log_member(env, t, member,
1524 "Memmber bits_offset exceeds its struct size");
1525 return -EINVAL;
1526 }
1527
1528 btf_verifier_log_member(env, t, member, NULL);
1529 }
1530
1531 return meta_needed;
1532}
1533
eb3f595d
MKL		 1534static int btf_struct_resolve(struct btf_verifier_env *env,
1535 const struct resolve_vertex *v)
1536{
1537 const struct btf_member *member;
179cde8c 1538 int err;
eb3f595d
MKL		 1539 u16 i;
1540
1541 /* Before continue resolving the next_member,
1542 * ensure the last member is indeed resolved to a
1543 * type with size info.
1544 */
1545 if (v->next_member) {
179cde8c 1546 const struct btf_type *last_member_type;
eb3f595d
MKL		 1547 const struct btf_member *last_member;
1548 u16 last_member_type_id;
1549
1550 last_member = btf_type_member(v->t) + v->next_member - 1;
1551 last_member_type_id = last_member->type;
1552 if (WARN_ON_ONCE(!env_type_is_resolved(env,
1553 last_member_type_id)))
1554 return -EINVAL;
179cde8c
MKL		 1555
1556 last_member_type = btf_type_by_id(env->btf,
1557 last_member_type_id);
1558 err = btf_type_ops(last_member_type)->check_member(env, v->t,
1559 last_member,
1560 last_member_type);
1561 if (err)
1562 return err;
eb3f595d
MKL		 1563 }
1564
1565 for_each_member_from(i, v->next_member, v->t, member) {
1566 u32 member_type_id = member->type;
1567 const struct btf_type *member_type = btf_type_by_id(env->btf,
1568 member_type_id);
1569
1570 if (btf_type_is_void_or_null(member_type)) {
1571 btf_verifier_log_member(env, v->t, member,
1572 "Invalid member");
1573 return -EINVAL;
1574 }
1575
1576 if (!env_type_is_resolve_sink(env, member_type) &&
1577 !env_type_is_resolved(env, member_type_id)) {
1578 env_stack_set_next_member(env, i + 1);
1579 return env_stack_push(env, member_type, member_type_id);
1580 }
179cde8c
MKL		 1581
1582 err = btf_type_ops(member_type)->check_member(env, v->t,
1583 member,
1584 member_type);
1585 if (err)
1586 return err;
eb3f595d
MKL		 1587 }
1588
1589 env_stack_pop_resolved(env, 0, 0);
1590
1591 return 0;
1592}
1593
69b693f0
MKL		 1594static void btf_struct_log(struct btf_verifier_env *env,
1595 const struct btf_type *t)
1596{
1597 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
1598}
1599
b00b8dae
MKL		 1600static void btf_struct_seq_show(const struct btf *btf, const struct btf_type *t,
1601 u32 type_id, void *data, u8 bits_offset,
1602 struct seq_file *m)
1603{
1604 const char *seq = BTF_INFO_KIND(t->info) == BTF_KIND_UNION ? "|" : ",";
1605 const struct btf_member *member;
1606 u32 i;
1607
1608 seq_puts(m, "{");
1609 for_each_member(i, t, member) {
1610 const struct btf_type *member_type = btf_type_by_id(btf,
1611 member->type);
1612 u32 member_offset = member->offset;
1613 u32 bytes_offset = BITS_ROUNDDOWN_BYTES(member_offset);
1614 u8 bits8_offset = BITS_PER_BYTE_MASKED(member_offset);
1615 const struct btf_kind_operations *ops;
1616
1617 if (i)
1618 seq_puts(m, seq);
1619
1620 ops = btf_type_ops(member_type);
1621 ops->seq_show(btf, member_type, member->type,
1622 data + bytes_offset, bits8_offset, m);
1623 }
1624 seq_puts(m, "}");
1625}
1626
69b693f0
MKL		 1627static struct btf_kind_operations struct_ops = {
1628 .check_meta = btf_struct_check_meta,
eb3f595d 1629 .resolve = btf_struct_resolve,
179cde8c 1630 .check_member = btf_struct_check_member,
69b693f0 1631 .log_details = btf_struct_log,
b00b8dae 1632 .seq_show = btf_struct_seq_show,
69b693f0
MKL		 1633};
1634
179cde8c
MKL		 1635static int btf_enum_check_member(struct btf_verifier_env *env,
1636 const struct btf_type *struct_type,
1637 const struct btf_member *member,
1638 const struct btf_type *member_type)
1639{
1640 u32 struct_bits_off = member->offset;
1641 u32 struct_size, bytes_offset;
1642
1643 if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
1644 btf_verifier_log_member(env, struct_type, member,
1645 "Member is not byte aligned");
1646 return -EINVAL;
1647 }
1648
1649 struct_size = struct_type->size;
1650 bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
1651 if (struct_size - bytes_offset < sizeof(int)) {
1652 btf_verifier_log_member(env, struct_type, member,
1653 "Member exceeds struct_size");
1654 return -EINVAL;
1655 }
1656
1657 return 0;
1658}
1659
69b693f0
MKL		 1660static s32 btf_enum_check_meta(struct btf_verifier_env *env,
1661 const struct btf_type *t,
1662 u32 meta_left)
1663{
1664 const struct btf_enum *enums = btf_type_enum(t);
1665 struct btf *btf = env->btf;
1666 u16 i, nr_enums;
1667 u32 meta_needed;
1668
1669 nr_enums = btf_type_vlen(t);
1670 meta_needed = nr_enums * sizeof(*enums);
1671
1672 if (meta_left < meta_needed) {
1673 btf_verifier_log_basic(env, t,
1674 "meta_left:%u meta_needed:%u",
1675 meta_left, meta_needed);
1676 return -EINVAL;
1677 }
1678
1679 if (t->size != sizeof(int)) {
1680 btf_verifier_log_type(env, t, "Expected size:%zu",
1681 sizeof(int));
1682 return -EINVAL;
1683 }
1684
1685 btf_verifier_log_type(env, t, NULL);
1686
1687 for (i = 0; i < nr_enums; i++) {
fbcf93eb 1688 if (!btf_name_offset_valid(btf, enums[i].name_off)) {
69b693f0 1689 btf_verifier_log(env, "\tInvalid name_offset:%u",
fbcf93eb 1690 enums[i].name_off);
69b693f0
MKL		 1691 return -EINVAL;
1692 }
1693
1694 btf_verifier_log(env, "\t%s val=%d\n",
fbcf93eb 1695 btf_name_by_offset(btf, enums[i].name_off),
69b693f0
MKL		 1696 enums[i].val);
1697 }
1698
1699 return meta_needed;
1700}
1701
1702static void btf_enum_log(struct btf_verifier_env *env,
1703 const struct btf_type *t)
1704{
1705 btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
1706}
1707
b00b8dae
MKL		 1708static void btf_enum_seq_show(const struct btf *btf, const struct btf_type *t,
1709 u32 type_id, void *data, u8 bits_offset,
1710 struct seq_file *m)
1711{
1712 const struct btf_enum *enums = btf_type_enum(t);
1713 u32 i, nr_enums = btf_type_vlen(t);
1714 int v = *(int *)data;
1715
1716 for (i = 0; i < nr_enums; i++) {
1717 if (v == enums[i].val) {
1718 seq_printf(m, "%s",
fbcf93eb 1719 btf_name_by_offset(btf, enums[i].name_off));
b00b8dae
MKL		 1720 return;
1721 }
1722 }
1723
1724 seq_printf(m, "%d", v);
1725}
1726
69b693f0
MKL		 1727static struct btf_kind_operations enum_ops = {
1728 .check_meta = btf_enum_check_meta,
eb3f595d 1729 .resolve = btf_df_resolve,
179cde8c 1730 .check_member = btf_enum_check_member,
69b693f0 1731 .log_details = btf_enum_log,
b00b8dae 1732 .seq_show = btf_enum_seq_show,
69b693f0
MKL		 1733};
1734
1735static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS] = {
1736 [BTF_KIND_INT] = &int_ops,
1737 [BTF_KIND_PTR] = &ptr_ops,
1738 [BTF_KIND_ARRAY] = &array_ops,
1739 [BTF_KIND_STRUCT] = &struct_ops,
1740 [BTF_KIND_UNION] = &struct_ops,
1741 [BTF_KIND_ENUM] = &enum_ops,
1742 [BTF_KIND_FWD] = &fwd_ops,
1743 [BTF_KIND_TYPEDEF] = &modifier_ops,
1744 [BTF_KIND_VOLATILE] = &modifier_ops,
1745 [BTF_KIND_CONST] = &modifier_ops,
1746 [BTF_KIND_RESTRICT] = &modifier_ops,
1747};
1748
1749static s32 btf_check_meta(struct btf_verifier_env *env,
1750 const struct btf_type *t,
1751 u32 meta_left)
1752{
1753 u32 saved_meta_left = meta_left;
1754 s32 var_meta_size;
1755
1756 if (meta_left < sizeof(*t)) {
1757 btf_verifier_log(env, "[%u] meta_left:%u meta_needed:%zu",
1758 env->log_type_id, meta_left, sizeof(*t));
1759 return -EINVAL;
1760 }
1761 meta_left -= sizeof(*t);
1762
1763 if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX ||
1764 BTF_INFO_KIND(t->info) == BTF_KIND_UNKN) {
1765 btf_verifier_log(env, "[%u] Invalid kind:%u",
1766 env->log_type_id, BTF_INFO_KIND(t->info));
1767 return -EINVAL;
1768 }
1769
fbcf93eb 1770 if (!btf_name_offset_valid(env->btf, t->name_off)) {
69b693f0 1771 btf_verifier_log(env, "[%u] Invalid name_offset:%u",
fbcf93eb 1772 env->log_type_id, t->name_off);
69b693f0
MKL		 1773 return -EINVAL;
1774 }
1775
1776 var_meta_size = btf_type_ops(t)->check_meta(env, t, meta_left);
1777 if (var_meta_size < 0)
1778 return var_meta_size;
1779
1780 meta_left -= var_meta_size;
1781
1782 return saved_meta_left - meta_left;
1783}
1784
1785static int btf_check_all_metas(struct btf_verifier_env *env)
1786{
1787 struct btf *btf = env->btf;
1788 struct btf_header *hdr;
1789 void *cur, *end;
1790
f80442a4 1791 hdr = &btf->hdr;
69b693f0 1792 cur = btf->nohdr_data + hdr->type_off;
f80442a4 1793 end = btf->nohdr_data + hdr->type_len;
69b693f0
MKL		 1794
1795 env->log_type_id = 1;
1796 while (cur < end) {
1797 struct btf_type *t = cur;
1798 s32 meta_size;
1799
1800 meta_size = btf_check_meta(env, t, end - cur);
1801 if (meta_size < 0)
1802 return meta_size;
1803
1804 btf_add_type(env, t);
1805 cur += meta_size;
1806 env->log_type_id++;
1807 }
1808
1809 return 0;
1810}
1811
eb3f595d
MKL		 1812static int btf_resolve(struct btf_verifier_env *env,
1813 const struct btf_type *t, u32 type_id)
1814{
1815 const struct resolve_vertex *v;
1816 int err = 0;
1817
1818 env->resolve_mode = RESOLVE_TBD;
1819 env_stack_push(env, t, type_id);
1820 while (!err && (v = env_stack_peak(env))) {
1821 env->log_type_id = v->type_id;
1822 err = btf_type_ops(v->t)->resolve(env, v);
1823 }
1824
1825 env->log_type_id = type_id;
1826 if (err == -E2BIG)
1827 btf_verifier_log_type(env, t,
1828 "Exceeded max resolving depth:%u",
1829 MAX_RESOLVE_DEPTH);
1830 else if (err == -EEXIST)
1831 btf_verifier_log_type(env, t, "Loop detected");
1832
1833 return err;
1834}
1835
1836static bool btf_resolve_valid(struct btf_verifier_env *env,
1837 const struct btf_type *t,
1838 u32 type_id)
1839{
1840 struct btf *btf = env->btf;
1841
1842 if (!env_type_is_resolved(env, type_id))
1843 return false;
1844
1845 if (btf_type_is_struct(t))
1846 return !btf->resolved_ids[type_id] &&
1847 !btf->resolved_sizes[type_id];
1848
1849 if (btf_type_is_modifier(t) || btf_type_is_ptr(t)) {
1850 t = btf_type_id_resolve(btf, &type_id);
1851 return t && !btf_type_is_modifier(t);
1852 }
1853
1854 if (btf_type_is_array(t)) {
1855 const struct btf_array *array = btf_type_array(t);
1856 const struct btf_type *elem_type;
1857 u32 elem_type_id = array->type;
1858 u32 elem_size;
1859
1860 elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
1861 return elem_type && !btf_type_is_modifier(elem_type) &&
1862 (array->nelems * elem_size ==
1863 btf->resolved_sizes[type_id]);
1864 }
1865
1866 return false;
1867}
1868
1869static int btf_check_all_types(struct btf_verifier_env *env)
1870{
1871 struct btf *btf = env->btf;
1872 u32 type_id;
1873 int err;
1874
1875 err = env_resolve_init(env);
1876 if (err)
1877 return err;
1878
1879 env->phase++;
1880 for (type_id = 1; type_id <= btf->nr_types; type_id++) {
1881 const struct btf_type *t = btf_type_by_id(btf, type_id);
1882
1883 env->log_type_id = type_id;
1884 if (btf_type_needs_resolve(t) &&
1885 !env_type_is_resolved(env, type_id)) {
1886 err = btf_resolve(env, t, type_id);
1887 if (err)
1888 return err;
1889 }
1890
1891 if (btf_type_needs_resolve(t) &&
1892 !btf_resolve_valid(env, t, type_id)) {
1893 btf_verifier_log_type(env, t, "Invalid resolve state");
1894 return -EINVAL;
1895 }
1896 }
1897
1898 return 0;
1899}
1900
69b693f0
MKL		 1901static int btf_parse_type_sec(struct btf_verifier_env *env)
1902{
f80442a4 1903 const struct btf_header *hdr = &env->btf->hdr;
eb3f595d
MKL		 1904 int err;
1905
f80442a4
MKL		 1906 /* Type section must align to 4 bytes */
1907 if (hdr->type_off & (sizeof(u32) - 1)) {
1908 btf_verifier_log(env, "Unaligned type_off");
1909 return -EINVAL;
1910 }
1911
1912 if (!hdr->type_len) {
1913 btf_verifier_log(env, "No type found");
1914 return -EINVAL;
1915 }
1916
eb3f595d
MKL		 1917 err = btf_check_all_metas(env);
1918 if (err)
1919 return err;
1920
1921 return btf_check_all_types(env);
69b693f0
MKL		 1922}
1923
1924static int btf_parse_str_sec(struct btf_verifier_env *env)
1925{
1926 const struct btf_header *hdr;
1927 struct btf *btf = env->btf;
1928 const char *start, *end;
1929
f80442a4 1930 hdr = &btf->hdr;
69b693f0
MKL		 1931 start = btf->nohdr_data + hdr->str_off;
1932 end = start + hdr->str_len;
1933
f80442a4
MKL		 1934 if (end != btf->data + btf->data_size) {
1935 btf_verifier_log(env, "String section is not at the end");
1936 return -EINVAL;
1937 }
1938
69b693f0
MKL		 1939 if (!hdr->str_len || hdr->str_len - 1 > BTF_MAX_NAME_OFFSET ||
1940 start[0] || end[-1]) {
1941 btf_verifier_log(env, "Invalid string section");
1942 return -EINVAL;
1943 }
1944
1945 btf->strings = start;
1946
1947 return 0;
1948}
1949
f80442a4
MKL		 1950static const size_t btf_sec_info_offset[] = {
1951 offsetof(struct btf_header, type_off),
1952 offsetof(struct btf_header, str_off),
1953};
1954
1955static int btf_sec_info_cmp(const void *a, const void *b)
69b693f0 1956{
f80442a4
MKL		 1957 const struct btf_sec_info *x = a;
1958 const struct btf_sec_info *y = b;
1959
1960 return (int)(x->off - y->off) ? : (int)(x->len - y->len);
1961}
1962
1963static int btf_check_sec_info(struct btf_verifier_env *env,
1964 u32 btf_data_size)
1965{
1966 const unsigned int nr_secs = ARRAY_SIZE(btf_sec_info_offset);
1967 struct btf_sec_info secs[nr_secs];
1968 u32 total, expected_total, i;
69b693f0 1969 const struct btf_header *hdr;
f80442a4
MKL		 1970 const struct btf *btf;
1971
1972 btf = env->btf;
1973 hdr = &btf->hdr;
1974
1975 /* Populate the secs from hdr */
1976 for (i = 0; i < nr_secs; i++)
1977 secs[i] = *(struct btf_sec_info *)((void *)hdr +
1978 btf_sec_info_offset[i]);
1979
1980 sort(secs, nr_secs, sizeof(struct btf_sec_info),
1981 btf_sec_info_cmp, NULL);
1982
1983 /* Check for gaps and overlap among sections */
1984 total = 0;
1985 expected_total = btf_data_size - hdr->hdr_len;
1986 for (i = 0; i < nr_secs; i++) {
1987 if (expected_total < secs[i].off) {
1988 btf_verifier_log(env, "Invalid section offset");
1989 return -EINVAL;
1990 }
1991 if (total < secs[i].off) {
1992 /* gap */
1993 btf_verifier_log(env, "Unsupported section found");
1994 return -EINVAL;
1995 }
1996 if (total > secs[i].off) {
1997 btf_verifier_log(env, "Section overlap found");
1998 return -EINVAL;
1999 }
2000 if (expected_total - total < secs[i].len) {
2001 btf_verifier_log(env,
2002 "Total section length too long");
2003 return -EINVAL;
2004 }
2005 total += secs[i].len;
2006 }
2007
2008 /* There is data other than hdr and known sections */
2009 if (expected_total != total) {
2010 btf_verifier_log(env, "Unsupported section found");
2011 return -EINVAL;
2012 }
2013
2014 return 0;
2015}
2016
2017static int btf_parse_hdr(struct btf_verifier_env *env, void __user *btf_data,
2018 u32 btf_data_size)
2019{
2020 const struct btf_header *hdr;
2021 u32 hdr_len, hdr_copy;
2022 /*
2023 * Minimal part of the "struct btf_header" that
2024 * contains the hdr_len.
2025 */
2026 struct btf_min_header {
2027 u16 magic;
2028 u8 version;
2029 u8 flags;
2030 u32 hdr_len;
2031 } __user *min_hdr;
2032 struct btf *btf;
2033 int err;
69b693f0 2034
f80442a4
MKL		 2035 btf = env->btf;
2036 min_hdr = btf_data;
2037
2038 if (btf_data_size < sizeof(*min_hdr)) {
2039 btf_verifier_log(env, "hdr_len not found");
2040 return -EINVAL;
2041 }
2042
2043 if (get_user(hdr_len, &min_hdr->hdr_len))
2044 return -EFAULT;
2045
2046 if (btf_data_size < hdr_len) {
69b693f0
MKL		 2047 btf_verifier_log(env, "btf_header not found");
2048 return -EINVAL;
2049 }
2050
f80442a4
MKL		 2051 err = bpf_check_uarg_tail_zero(btf_data, sizeof(btf->hdr), hdr_len);
2052 if (err) {
2053 if (err == -E2BIG)
2054 btf_verifier_log(env, "Unsupported btf_header");
2055 return err;
2056 }
2057
2058 hdr_copy = min_t(u32, hdr_len, sizeof(btf->hdr));
2059 if (copy_from_user(&btf->hdr, btf_data, hdr_copy))
2060 return -EFAULT;
2061
2062 hdr = &btf->hdr;
2063
2064 btf_verifier_log_hdr(env, btf_data_size);
69b693f0 2065
69b693f0
MKL		 2066 if (hdr->magic != BTF_MAGIC) {
2067 btf_verifier_log(env, "Invalid magic");
2068 return -EINVAL;
2069 }
2070
2071 if (hdr->version != BTF_VERSION) {
2072 btf_verifier_log(env, "Unsupported version");
2073 return -ENOTSUPP;
2074 }
2075
2076 if (hdr->flags) {
2077 btf_verifier_log(env, "Unsupported flags");
2078 return -ENOTSUPP;
2079 }
2080
f80442a4 2081 if (btf_data_size == hdr->hdr_len) {
69b693f0
MKL		 2082 btf_verifier_log(env, "No data");
2083 return -EINVAL;
2084 }
2085
f80442a4
MKL		 2086 err = btf_check_sec_info(env, btf_data_size);
2087 if (err)
2088 return err;
69b693f0
MKL		 2089
2090 return 0;
2091}
2092
2093static struct btf *btf_parse(void __user *btf_data, u32 btf_data_size,
2094 u32 log_level, char __user *log_ubuf, u32 log_size)
2095{
2096 struct btf_verifier_env *env = NULL;
2097 struct bpf_verifier_log *log;
2098 struct btf *btf = NULL;
2099 u8 *data;
2100 int err;
2101
2102 if (btf_data_size > BTF_MAX_SIZE)
2103 return ERR_PTR(-E2BIG);
2104
2105 env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN);
2106 if (!env)
2107 return ERR_PTR(-ENOMEM);
2108
2109 log = &env->log;
2110 if (log_level || log_ubuf || log_size) {
2111 /* user requested verbose verifier output
2112 * and supplied buffer to store the verification trace
2113 */
2114 log->level = log_level;
2115 log->ubuf = log_ubuf;
2116 log->len_total = log_size;
2117
2118 /* log attributes have to be sane */
2119 if (log->len_total < 128 || log->len_total > UINT_MAX >> 8 ||
2120 !log->level || !log->ubuf) {
2121 err = -EINVAL;
2122 goto errout;
2123 }
2124 }
2125
2126 btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN);
2127 if (!btf) {
2128 err = -ENOMEM;
2129 goto errout;
2130 }
f80442a4
MKL		 2131 env->btf = btf;
2132
2133 err = btf_parse_hdr(env, btf_data, btf_data_size);
2134 if (err)
2135 goto errout;
69b693f0
MKL		 2136
2137 data = kvmalloc(btf_data_size, GFP_KERNEL | __GFP_NOWARN);
2138 if (!data) {
2139 err = -ENOMEM;
2140 goto errout;
2141 }
2142
2143 btf->data = data;
2144 btf->data_size = btf_data_size;
f80442a4 2145 btf->nohdr_data = btf->data + btf->hdr.hdr_len;
69b693f0
MKL		 2146
2147 if (copy_from_user(data, btf_data, btf_data_size)) {
2148 err = -EFAULT;
2149 goto errout;
2150 }
2151
69b693f0
MKL		 2152 err = btf_parse_str_sec(env);
2153 if (err)
2154 goto errout;
2155
2156 err = btf_parse_type_sec(env);
2157 if (err)
2158 goto errout;
2159
f80442a4 2160 if (log->level && bpf_verifier_log_full(log)) {
69b693f0
MKL		 2161 err = -ENOSPC;
2162 goto errout;
2163 }
2164
f80442a4
MKL		 2165 btf_verifier_env_free(env);
2166 refcount_set(&btf->refcnt, 1);
2167 return btf;
69b693f0
MKL		 2168
2169errout:
2170 btf_verifier_env_free(env);
2171 if (btf)
2172 btf_free(btf);
2173 return ERR_PTR(err);
2174}
b00b8dae
MKL		 2175
2176void btf_type_seq_show(const struct btf *btf, u32 type_id, void *obj,
2177 struct seq_file *m)
2178{
2179 const struct btf_type *t = btf_type_by_id(btf, type_id);
2180
2181 btf_type_ops(t)->seq_show(btf, t, type_id, obj, 0, m);
2182}
f56a653c
MKL		 2183
2184static int btf_release(struct inode *inode, struct file *filp)
2185{
2186 btf_put(filp->private_data);
2187 return 0;
2188}
2189
60197cfb 2190const struct file_operations btf_fops = {
f56a653c
MKL		 2191 .release = btf_release,
2192};
2193
78958fca
MKL		 2194static int __btf_new_fd(struct btf *btf)
2195{
2196 return anon_inode_getfd("btf", &btf_fops, btf, O_RDONLY | O_CLOEXEC);
2197}
2198
f56a653c
MKL		 2199int btf_new_fd(const union bpf_attr *attr)
2200{
2201 struct btf *btf;
78958fca 2202 int ret;
f56a653c
MKL		 2203
2204 btf = btf_parse(u64_to_user_ptr(attr->btf),
2205 attr->btf_size, attr->btf_log_level,
2206 u64_to_user_ptr(attr->btf_log_buf),
2207 attr->btf_log_size);
2208 if (IS_ERR(btf))
2209 return PTR_ERR(btf);
2210
78958fca
MKL		 2211 ret = btf_alloc_id(btf);
2212 if (ret) {
2213 btf_free(btf);
2214 return ret;
2215 }
2216
2217 /*
2218 * The BTF ID is published to the userspace.
2219 * All BTF free must go through call_rcu() from
2220 * now on (i.e. free by calling btf_put()).
2221 */
2222
2223 ret = __btf_new_fd(btf);
2224 if (ret < 0)
f56a653c
MKL		 2225 btf_put(btf);
2226
78958fca 2227 return ret;
f56a653c
MKL		 2228}
2229
2230struct btf *btf_get_by_fd(int fd)
2231{
2232 struct btf *btf;
2233 struct fd f;
2234
2235 f = fdget(fd);
2236
2237 if (!f.file)
2238 return ERR_PTR(-EBADF);
2239
2240 if (f.file->f_op != &btf_fops) {
2241 fdput(f);
2242 return ERR_PTR(-EINVAL);
2243 }
2244
2245 btf = f.file->private_data;
78958fca 2246 refcount_inc(&btf->refcnt);
f56a653c
MKL		 2247 fdput(f);
2248
2249 return btf;
2250}
60197cfb
MKL		 2251
2252int btf_get_info_by_fd(const struct btf *btf,
2253 const union bpf_attr *attr,
2254 union bpf_attr __user *uattr)
2255{
62dab84c
MKL		 2256 struct bpf_btf_info __user *uinfo;
2257 struct bpf_btf_info info = {};
2258 u32 info_copy, btf_copy;
2259 void __user *ubtf;
2260 u32 uinfo_len;
60197cfb 2261
62dab84c
MKL		 2262 uinfo = u64_to_user_ptr(attr->info.info);
2263 uinfo_len = attr->info.info_len;
2264
2265 info_copy = min_t(u32, uinfo_len, sizeof(info));
2266 if (copy_from_user(&info, uinfo, info_copy))
2267 return -EFAULT;
2268
2269 info.id = btf->id;
2270 ubtf = u64_to_user_ptr(info.btf);
2271 btf_copy = min_t(u32, btf->data_size, info.btf_size);
2272 if (copy_to_user(ubtf, btf->data, btf_copy))
2273 return -EFAULT;
2274 info.btf_size = btf->data_size;
2275
2276 if (copy_to_user(uinfo, &info, info_copy) ||
2277 put_user(info_copy, &uattr->info.info_len))
60197cfb
MKL		 2278 return -EFAULT;
2279
2280 return 0;
2281}
78958fca
MKL		 2282
2283int btf_get_fd_by_id(u32 id)
2284{
2285 struct btf *btf;
2286 int fd;
2287
2288 rcu_read_lock();
2289 btf = idr_find(&btf_idr, id);
2290 if (!btf || !refcount_inc_not_zero(&btf->refcnt))
2291 btf = ERR_PTR(-ENOENT);
2292 rcu_read_unlock();
2293
2294 if (IS_ERR(btf))
2295 return PTR_ERR(btf);
2296
2297 fd = __btf_new_fd(btf);
2298 if (fd < 0)
2299 btf_put(btf);
2300
2301 return fd;
2302}
2303
2304u32 btf_id(const struct btf *btf)
2305{
2306 return btf->id;
2307}
Linux 6.x block layer and io_uring tree(s)