kernel/bpf/verifier.c:9383:12: warning: stack frame size (2224) exceeds limit (2048) in function 'do_check'

From: kernel test robot
Date: Mon Aug 30 2021 - 00:29:26 EST


tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 7d2a07b769330c34b4deabeed939325c77a7ec2f
commit: 198688edbf77c6fc0e65f5d062f810d83d090166 MIPS: Fix inline asm input/output type mismatch in checksum.h used with Clang
date: 7 months ago
config: mips-randconfig-r026-20210829 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 510e106fa8635e7f9c51c896180b971de6309b2f)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=198688edbf77c6fc0e65f5d062f810d83d090166
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 198688edbf77c6fc0e65f5d062f810d83d090166
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

All warnings (new ones prefixed by >>):

>> kernel/bpf/verifier.c:9383:12: warning: stack frame size (2224) exceeds limit (2048) in function 'do_check' [-Wframe-larger-than]
static int do_check(struct bpf_verifier_env *env)
^
1 warning generated.
--
kernel/sched/core.c:2828:6: warning: no previous prototype for function 'sched_set_stop_task'
void sched_set_stop_task(int cpu, struct task_struct
^
kernel/sched/core.c:2828:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void sched_set_stop_task(int cpu, struct task_struct
^
static
kernel/sched/core.c:4238:13: warning: variable 'rq' set but not used
struct rq
^
kernel/sched/core.c:5176:35: warning: no previous prototype for function 'schedule_user'
asmlinkage __visible void __sched schedule_user(void)
^
kernel/sched/core.c:5176:22: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage __visible void __sched schedule_user(void)
^
static
kernel/sched/core.c:1788:20: warning: unused function 'rq_has_pinned_tasks'
static inline bool rq_has_pinned_tasks(struct rq
^
>> kernel/sched/core.c:7355:20: warning: unused function 'balance_hotplug_wait'
static inline void balance_hotplug_wait(void)
^
fatal error: error in backend: Nested variants found in inline asm string: ' .set push
.set noat
.set push
.set arch=r4000
.if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/cmpxchg.h", .line = 171, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
1: lld $0, $2 # __cmpxchg_asm
bne $0, ${3:z}, 2f
.set pop
move $$1, ${4:z}
.set arch=r4000
scd $$1, $1
beqz $$1, 1b
.set pop
2: .if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/cmpxchg.h", .line = 171, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
'
clang-14: error: clang frontend command failed with exit code 70 (use -v to see invocation)
clang version 14.0.0 (git://gitmirror/llvm_project 510e106fa8635e7f9c51c896180b971de6309b2f)
Target: mips64-unknown-linux
Thread model: posix
InstalledDir: /opt/cross/clang-510e106fa8/bin
clang-14: note: diagnostic msg:
Makefile arch block drivers fs include kernel mm net nr_bisected scripts source usr
--
>> kernel/sched/topology.c:157:20: warning: unused function 'sched_debug'
static inline bool sched_debug(void)
^
fatal error: error in backend: Nested variants found in inline asm string: ' .set push
.set mips64r2
.if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/bitops.h", .line = 133, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
1: lld $0, $1
and $0, $2
scd $0, $1
beqz $0, 1b
.set pop
'
clang-14: error: clang frontend command failed with exit code 70 (use -v to see invocation)
clang version 14.0.0 (git://gitmirror/llvm_project 510e106fa8635e7f9c51c896180b971de6309b2f)
Target: mips64-unknown-linux
Thread model: posix
InstalledDir: /opt/cross/clang-510e106fa8/bin
clang-14: note: diagnostic msg:
Makefile arch block drivers fs include kernel mm net nr_bisected scripts source usr
--
>> drivers/infiniband/sw/siw/siw_qp_tx.c:1012:5: warning: stack frame size (2768) exceeds limit (2048) in function 'siw_qp_sq_process'
int siw_qp_sq_process(struct siw_qp
^
fatal error: error in backend: Nested variants found in inline asm string: ' .set push
.set mips64r2
.if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/atomic.h", .line = 154, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
1: ll $1, $2 # atomic_fetch_sub
subu $0, $1, $3
sc $0, $2
beqz $0, 1b
.set pop
move $0, $1
'
clang-14: error: clang frontend command failed with exit code 70 (use -v to see invocation)
clang version 14.0.0 (git://gitmirror/llvm_project 510e106fa8635e7f9c51c896180b971de6309b2f)
Target: mips64-unknown-linux
Thread model: posix
InstalledDir: /opt/cross/clang-510e106fa8/bin
clang-14: note: diagnostic msg:
Makefile arch block drivers fs include kernel mm net nr_bisected scripts source usr
--
>> net/ipv4/netfilter/ipt_CLUSTERIP.c:83:1: warning: unused function 'clusterip_config_get'
clusterip_config_get(struct clusterip_config
^
fatal error: error in backend: Nested variants found in inline asm string: ' .set push
.set mips64r2
.if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/atomic.h", .line = 154, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
1: ll $1, $2 # atomic_fetch_sub
subu $0, $1, $3
sc $0, $2
beqz $0, 1b
.set pop
move $0, $1
'
clang-14: error: clang frontend command failed with exit code 70 (use -v to see invocation)
clang version 14.0.0 (git://gitmirror/llvm_project 510e106fa8635e7f9c51c896180b971de6309b2f)
Target: mips64-unknown-linux
Thread model: posix
InstalledDir: /opt/cross/clang-510e106fa8/bin
clang-14: note: diagnostic msg:
Makefile arch block drivers fs include kernel mm net nr_bisected scripts source usr
--
>> drivers/nvme/target/tcp.c:1201:13: warning: stack frame size (2336) exceeds limit (2048) in function 'nvmet_tcp_io_work'
static void nvmet_tcp_io_work(struct work_struct
^
fatal error: error in backend: Nested variants found in inline asm string: ' .set push
.set noat
.set push
.set arch=r4000
.if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/cmpxchg.h", .line = 86, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
1: lld $0, $2 # __xchg_asm
.set pop
move $$1, ${3:z}
.set arch=r4000
scd $$1, $1
beqz $$1, 1b
.set pop
'
clang-14: error: clang frontend command failed with exit code 70 (use -v to see invocation)
clang version 14.0.0 (git://gitmirror/llvm_project 510e106fa8635e7f9c51c896180b971de6309b2f)
Target: mips64-unknown-linux
Thread model: posix
InstalledDir: /opt/cross/clang-510e106fa8/bin
clang-14: note: diagnostic msg:
Makefile arch block drivers fs include kernel mm net nr_bisected scripts source usr
--
>> net/openvswitch/actions.c:1234:12: warning: stack frame size (2304) exceeds limit (2048) in function 'do_execute_actions'
static int do_execute_actions(struct datapath struct sk_buff
^
fatal error: error in backend: Nested variants found in inline asm string: ' .set push
.set noat
.set push
.set arch=r4000
.if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/cmpxchg.h", .line = 163, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
1: ll $0, $2 # __cmpxchg_asm
bne $0, ${3:z}, 2f
.set pop
move $$1, ${4:z}
.set arch=r4000
sc $$1, $1
beqz $$1, 1b
.set pop
2: .if ( 0x00 ) != -1)) 0x00 ) != -1)) : ($( static struct ftrace_branch_data __attribute__((__aligned__(4))) __attribute__((__section__("_ftrace_branch"))) __if_trace = $( .func = __func__, .file = "arch/mips/include/asm/cmpxchg.h", .line = 163, $); 0x00 ) != -1)) : $))) ) && ( 0 ); .set push; .set mips64r2; .rept 1; sync 0x00; .endr; .set pop; .else; ; .endif
'
clang-14: error: clang frontend command failed with exit code 70 (use -v to see invocation)
clang version 14.0.0 (git://gitmirror/llvm_project 510e106fa8635e7f9c51c896180b971de6309b2f)
Target: mips64-unknown-linux
Thread model: posix
InstalledDir: /opt/cross/clang-510e106fa8/bin
clang-14: note: diagnostic msg:
Makefile arch block drivers fs include kernel mm net nr_bisected scripts source usr


vim +/do_check +9383 kernel/bpf/verifier.c

c64b7983288e63 Joe Stringer 2018-10-02 9382
58e2af8b3a6b58 Jakub Kicinski 2016-09-21 @9383 static int do_check(struct bpf_verifier_env *env)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9384 {
6f8a57ccf85117 Andrii Nakryiko 2020-04-23 9385 bool pop_log = !(env->log.level & BPF_LOG_LEVEL2);
51c39bb1d5d105 Alexei Starovoitov 2020-01-09 9386 struct bpf_verifier_state *state = env->cur_state;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9387 struct bpf_insn *insns = env->prog->insnsi;
638f5b90d46016 Alexei Starovoitov 2017-10-31 9388 struct bpf_reg_state *regs;
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9389 int insn_cnt = env->prog->len;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9390 bool do_print_state = false;
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 9391 int prev_insn_idx = -1;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9392
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9393 for (;;) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9394 struct bpf_insn *insn;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9395 u8 class;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9396 int err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9397
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 9398 env->prev_insn_idx = prev_insn_idx;
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9399 if (env->insn_idx >= insn_cnt) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9400 verbose(env, "invalid insn idx %d insn_cnt %d\n",
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9401 env->insn_idx, insn_cnt);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9402 return -EFAULT;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9403 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9404
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9405 insn = &insns[env->insn_idx];
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9406 class = BPF_CLASS(insn->code);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9407
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9408 if (++env->insn_processed > BPF_COMPLEXITY_LIMIT_INSNS) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9409 verbose(env,
61bd5218eef349 Jakub Kicinski 2017-10-09 9410 "BPF program is too large. Processed %d insn\n",
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9411 env->insn_processed);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9412 return -E2BIG;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9413 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9414
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9415 err = is_state_visited(env, env->insn_idx);
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9416 if (err < 0)
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9417 return err;
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9418 if (err == 1) {
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9419 /* found equivalent state, can prune the search */
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9420 if (env->log.level & BPF_LOG_LEVEL) {
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9421 if (do_print_state)
979d63d50c0c0f Daniel Borkmann 2019-01-03 9422 verbose(env, "\nfrom %d to %d%s: safe\n",
979d63d50c0c0f Daniel Borkmann 2019-01-03 9423 env->prev_insn_idx, env->insn_idx,
979d63d50c0c0f Daniel Borkmann 2019-01-03 9424 env->cur_state->speculative ?
979d63d50c0c0f Daniel Borkmann 2019-01-03 9425 " (speculative execution)" : "");
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9426 else
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9427 verbose(env, "%d: safe\n", env->insn_idx);
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9428 }
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9429 goto process_bpf_exit;
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9430 }
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9431
c3494801cd1785 Alexei Starovoitov 2018-12-03 9432 if (signal_pending(current))
c3494801cd1785 Alexei Starovoitov 2018-12-03 9433 return -EAGAIN;
c3494801cd1785 Alexei Starovoitov 2018-12-03 9434
3c2ce60bdd3d57 Daniel Borkmann 2017-05-18 9435 if (need_resched())
3c2ce60bdd3d57 Daniel Borkmann 2017-05-18 9436 cond_resched();
3c2ce60bdd3d57 Daniel Borkmann 2017-05-18 9437
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9438 if (env->log.level & BPF_LOG_LEVEL2 ||
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9439 (env->log.level & BPF_LOG_LEVEL && do_print_state)) {
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9440 if (env->log.level & BPF_LOG_LEVEL2)
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9441 verbose(env, "%d:", env->insn_idx);
c5fc9692d101d1 David S. Miller 2017-05-10 9442 else
979d63d50c0c0f Daniel Borkmann 2019-01-03 9443 verbose(env, "\nfrom %d to %d%s:",
979d63d50c0c0f Daniel Borkmann 2019-01-03 9444 env->prev_insn_idx, env->insn_idx,
979d63d50c0c0f Daniel Borkmann 2019-01-03 9445 env->cur_state->speculative ?
979d63d50c0c0f Daniel Borkmann 2019-01-03 9446 " (speculative execution)" : "");
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9447 print_verifier_state(env, state->frame[state->curframe]);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9448 do_print_state = false;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9449 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9450
06ee7115b0d174 Alexei Starovoitov 2019-04-01 9451 if (env->log.level & BPF_LOG_LEVEL) {
7105e828c087de Daniel Borkmann 2017-12-20 9452 const struct bpf_insn_cbs cbs = {
7105e828c087de Daniel Borkmann 2017-12-20 9453 .cb_print = verbose,
abe0884011f1a5 Jiri Olsa 2018-03-23 9454 .private_data = env,
7105e828c087de Daniel Borkmann 2017-12-20 9455 };
7105e828c087de Daniel Borkmann 2017-12-20 9456
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9457 verbose_linfo(env, env->insn_idx, "; ");
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9458 verbose(env, "%d: ", env->insn_idx);
abe0884011f1a5 Jiri Olsa 2018-03-23 9459 print_bpf_insn(&cbs, insn, env->allow_ptr_leaks);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9460 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9461
cae1927c0b4a93 Jakub Kicinski 2017-12-27 9462 if (bpf_prog_is_dev_bound(env->prog->aux)) {
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9463 err = bpf_prog_offload_verify_insn(env, env->insn_idx,
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9464 env->prev_insn_idx);
13a27dfc669724 Jakub Kicinski 2016-09-21 9465 if (err)
13a27dfc669724 Jakub Kicinski 2016-09-21 9466 return err;
cae1927c0b4a93 Jakub Kicinski 2017-12-27 9467 }
13a27dfc669724 Jakub Kicinski 2016-09-21 9468
638f5b90d46016 Alexei Starovoitov 2017-10-31 9469 regs = cur_regs(env);
51c39bb1d5d105 Alexei Starovoitov 2020-01-09 9470 env->insn_aux_data[env->insn_idx].seen = env->pass_cnt;
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 9471 prev_insn_idx = env->insn_idx;
fd978bf7fd3125 Joe Stringer 2018-10-02 9472
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9473 if (class == BPF_ALU || class == BPF_ALU64) {
1be7f75d1668d6 Alexei Starovoitov 2015-10-07 9474 err = check_alu_op(env, insn);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9475 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9476 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9477
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9478 } else if (class == BPF_LDX) {
3df126f35f88dc Jakub Kicinski 2016-09-21 9479 enum bpf_reg_type *prev_src_type, src_reg_type;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9480
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9481 /* check for reserved fields is already done */
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9482
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9483 /* check src operand */
dc503a8ad98474 Edward Cree 2017-08-15 9484 err = check_reg_arg(env, insn->src_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9485 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9486 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9487
dc503a8ad98474 Edward Cree 2017-08-15 9488 err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9489 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9490 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9491
725f9dcd58dedf Alexei Starovoitov 2015-04-15 9492 src_reg_type = regs[insn->src_reg].type;
725f9dcd58dedf Alexei Starovoitov 2015-04-15 9493
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9494 /* check that memory (src_reg + off) is readable,
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9495 * the state of dst_reg will be updated by this func
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9496 */
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9497 err = check_mem_access(env, env->insn_idx, insn->src_reg,
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9498 insn->off, BPF_SIZE(insn->code),
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9499 BPF_READ, insn->dst_reg, false);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9500 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9501 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9502
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9503 prev_src_type = &env->insn_aux_data[env->insn_idx].ptr_type;
3df126f35f88dc Jakub Kicinski 2016-09-21 9504
3df126f35f88dc Jakub Kicinski 2016-09-21 9505 if (*prev_src_type == NOT_INIT) {
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9506 /* saw a valid insn
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9507 * dst_reg = *(u32 *)(src_reg + off)
3df126f35f88dc Jakub Kicinski 2016-09-21 9508 * save type to validate intersecting paths
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9509 */
3df126f35f88dc Jakub Kicinski 2016-09-21 9510 *prev_src_type = src_reg_type;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9511
c64b7983288e63 Joe Stringer 2018-10-02 9512 } else if (reg_type_mismatch(src_reg_type, *prev_src_type)) {
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9513 /* ABuser program is trying to use the same insn
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9514 * dst_reg = *(u32*) (src_reg + off)
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9515 * with different pointer types:
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9516 * src_reg == ctx in one branch and
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9517 * src_reg == stack|map in some other branch.
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9518 * Reject it.
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9519 */
61bd5218eef349 Jakub Kicinski 2017-10-09 9520 verbose(env, "same insn cannot be used with different pointers\n");
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9521 return -EINVAL;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9522 }
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9523
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9524 } else if (class == BPF_STX) {
3df126f35f88dc Jakub Kicinski 2016-09-21 9525 enum bpf_reg_type *prev_dst_type, dst_reg_type;
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9526
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9527 if (BPF_MODE(insn->code) == BPF_XADD) {
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9528 err = check_xadd(env, env->insn_idx, insn);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9529 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9530 return err;
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9531 env->insn_idx++;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9532 continue;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9533 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9534
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9535 /* check src1 operand */
dc503a8ad98474 Edward Cree 2017-08-15 9536 err = check_reg_arg(env, insn->src_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9537 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9538 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9539 /* check src2 operand */
dc503a8ad98474 Edward Cree 2017-08-15 9540 err = check_reg_arg(env, insn->dst_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9541 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9542 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9543
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9544 dst_reg_type = regs[insn->dst_reg].type;
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9545
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9546 /* check that memory (dst_reg + off) is writeable */
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9547 err = check_mem_access(env, env->insn_idx, insn->dst_reg,
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9548 insn->off, BPF_SIZE(insn->code),
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9549 BPF_WRITE, insn->src_reg, false);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9550 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9551 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9552
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9553 prev_dst_type = &env->insn_aux_data[env->insn_idx].ptr_type;
3df126f35f88dc Jakub Kicinski 2016-09-21 9554
3df126f35f88dc Jakub Kicinski 2016-09-21 9555 if (*prev_dst_type == NOT_INIT) {
3df126f35f88dc Jakub Kicinski 2016-09-21 9556 *prev_dst_type = dst_reg_type;
c64b7983288e63 Joe Stringer 2018-10-02 9557 } else if (reg_type_mismatch(dst_reg_type, *prev_dst_type)) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9558 verbose(env, "same insn cannot be used with different pointers\n");
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9559 return -EINVAL;
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9560 }
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9561
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9562 } else if (class == BPF_ST) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9563 if (BPF_MODE(insn->code) != BPF_MEM ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9564 insn->src_reg != BPF_REG_0) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9565 verbose(env, "BPF_ST uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9566 return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9567 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9568 /* check src operand */
dc503a8ad98474 Edward Cree 2017-08-15 9569 err = check_reg_arg(env, insn->dst_reg, SRC_OP);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9570 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9571 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9572
f37a8cb84cce18 Daniel Borkmann 2018-01-16 9573 if (is_ctx_reg(env, insn->dst_reg)) {
9d2be44a7f33d5 Joe Stringer 2018-10-02 9574 verbose(env, "BPF_ST stores into R%d %s is not allowed\n",
2a159c6f82381a Daniel Borkmann 2018-10-21 9575 insn->dst_reg,
2a159c6f82381a Daniel Borkmann 2018-10-21 9576 reg_type_str[reg_state(env, insn->dst_reg)->type]);
f37a8cb84cce18 Daniel Borkmann 2018-01-16 9577 return -EACCES;
f37a8cb84cce18 Daniel Borkmann 2018-01-16 9578 }
f37a8cb84cce18 Daniel Borkmann 2018-01-16 9579
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9580 /* check that memory (dst_reg + off) is writeable */
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9581 err = check_mem_access(env, env->insn_idx, insn->dst_reg,
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9582 insn->off, BPF_SIZE(insn->code),
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9583 BPF_WRITE, -1, false);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9584 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9585 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9586
092ed0968bb648 Jiong Wang 2019-01-26 9587 } else if (class == BPF_JMP || class == BPF_JMP32) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9588 u8 opcode = BPF_OP(insn->code);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9589
2589726d12a1b1 Alexei Starovoitov 2019-06-15 9590 env->jmps_processed++;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9591 if (opcode == BPF_CALL) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9592 if (BPF_SRC(insn->code) != BPF_K ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9593 insn->off != 0 ||
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9594 (insn->src_reg != BPF_REG_0 &&
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9595 insn->src_reg != BPF_PSEUDO_CALL) ||
092ed0968bb648 Jiong Wang 2019-01-26 9596 insn->dst_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang 2019-01-26 9597 class == BPF_JMP32) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9598 verbose(env, "BPF_CALL uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9599 return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9600 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9601
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9602 if (env->cur_state->active_spin_lock &&
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9603 (insn->src_reg == BPF_PSEUDO_CALL ||
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9604 insn->imm != BPF_FUNC_spin_unlock)) {
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9605 verbose(env, "function calls are not allowed while holding a lock\n");
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9606 return -EINVAL;
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9607 }
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9608 if (insn->src_reg == BPF_PSEUDO_CALL)
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9609 err = check_func_call(env, insn, &env->insn_idx);
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9610 else
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9611 err = check_helper_call(env, insn->imm, env->insn_idx);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9612 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9613 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9614
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9615 } else if (opcode == BPF_JA) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9616 if (BPF_SRC(insn->code) != BPF_K ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9617 insn->imm != 0 ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9618 insn->src_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang 2019-01-26 9619 insn->dst_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang 2019-01-26 9620 class == BPF_JMP32) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9621 verbose(env, "BPF_JA uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9622 return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9623 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9624
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9625 env->insn_idx += insn->off + 1;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9626 continue;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9627
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9628 } else if (opcode == BPF_EXIT) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9629 if (BPF_SRC(insn->code) != BPF_K ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9630 insn->imm != 0 ||
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9631 insn->src_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang 2019-01-26 9632 insn->dst_reg != BPF_REG_0 ||
092ed0968bb648 Jiong Wang 2019-01-26 9633 class == BPF_JMP32) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9634 verbose(env, "BPF_EXIT uses reserved fields\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9635 return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9636 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9637
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9638 if (env->cur_state->active_spin_lock) {
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9639 verbose(env, "bpf_spin_unlock is missing\n");
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9640 return -EINVAL;
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9641 }
d83525ca62cf8e Alexei Starovoitov 2019-01-31 9642
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9643 if (state->curframe) {
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9644 /* exit from nested function */
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9645 err = prepare_func_exit(env, &env->insn_idx);
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9646 if (err)
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9647 return err;
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9648 do_print_state = true;
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9649 continue;
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9650 }
f4d7e40a5b7157 Alexei Starovoitov 2017-12-14 9651
fd978bf7fd3125 Joe Stringer 2018-10-02 9652 err = check_reference_leak(env);
fd978bf7fd3125 Joe Stringer 2018-10-02 9653 if (err)
fd978bf7fd3125 Joe Stringer 2018-10-02 9654 return err;
fd978bf7fd3125 Joe Stringer 2018-10-02 9655
390ee7e29fc8e6 Alexei Starovoitov 2017-10-02 9656 err = check_return_code(env);
390ee7e29fc8e6 Alexei Starovoitov 2017-10-02 9657 if (err)
390ee7e29fc8e6 Alexei Starovoitov 2017-10-02 9658 return err;
f1bca824dabba4 Alexei Starovoitov 2014-09-29 9659 process_bpf_exit:
2589726d12a1b1 Alexei Starovoitov 2019-06-15 9660 update_branch_counts(env, env->cur_state);
b5dc0163d8fd78 Alexei Starovoitov 2019-06-15 9661 err = pop_stack(env, &prev_insn_idx,
6f8a57ccf85117 Andrii Nakryiko 2020-04-23 9662 &env->insn_idx, pop_log);
638f5b90d46016 Alexei Starovoitov 2017-10-31 9663 if (err < 0) {
638f5b90d46016 Alexei Starovoitov 2017-10-31 9664 if (err != -ENOENT)
638f5b90d46016 Alexei Starovoitov 2017-10-31 9665 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9666 break;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9667 } else {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9668 do_print_state = true;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9669 continue;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9670 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9671 } else {
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9672 err = check_cond_jmp_op(env, insn, &env->insn_idx);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9673 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9674 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9675 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9676 } else if (class == BPF_LD) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9677 u8 mode = BPF_MODE(insn->code);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9678
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9679 if (mode == BPF_ABS || mode == BPF_IND) {
ddd872bc3098f9 Alexei Starovoitov 2014-12-01 9680 err = check_ld_abs(env, insn);
ddd872bc3098f9 Alexei Starovoitov 2014-12-01 9681 if (err)
ddd872bc3098f9 Alexei Starovoitov 2014-12-01 9682 return err;
ddd872bc3098f9 Alexei Starovoitov 2014-12-01 9683
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9684 } else if (mode == BPF_IMM) {
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9685 err = check_ld_imm(env, insn);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9686 if (err)
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9687 return err;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9688
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9689 env->insn_idx++;
51c39bb1d5d105 Alexei Starovoitov 2020-01-09 9690 env->insn_aux_data[env->insn_idx].seen = env->pass_cnt;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9691 } else {
61bd5218eef349 Jakub Kicinski 2017-10-09 9692 verbose(env, "invalid BPF_LD mode\n");
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9693 return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9694 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9695 } else {
61bd5218eef349 Jakub Kicinski 2017-10-09 9696 verbose(env, "unknown insn class %d\n", class);
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9697 return -EINVAL;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9698 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9699
c08435ec7f2bc8 Daniel Borkmann 2019-01-03 9700 env->insn_idx++;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9701 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9702
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9703 return 0;
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9704 }
17a5267067f3c3 Alexei Starovoitov 2014-09-26 9705

:::::: The code at line 9383 was first introduced by commit
:::::: 58e2af8b3a6b587e4ac8414343581da4349d3c0f bpf: expose internal verfier structures

:::::: TO: Jakub Kicinski <jakub.kicinski@xxxxxxxxxxxxx>
:::::: CC: David S. Miller <davem@xxxxxxxxxxxxx>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip