Documentation
¶
Index ¶
- Constants
- type BackTrackInstruction
- type BackTrackingHeader
- type BackTrackingTrailer
- type BranchEvaluation
- type Comment
- type Error
- type FunctionCall
- type Instruction
- type InstructionState
- type Liveness
- type PropagatePrecision
- type RecapState
- type RegType
- type RegisterState
- type RegisterValue
- type ReturnFunctionCall
- type StackSlot
- type StackState
- type StatePruned
- type SubProgLocation
- type TNum
- type Unknown
- type VerifierDone
- type VerifierState
- type VerifierStatement
Constants ¶
const ( LivenessNone Liveness = 0 LivenessRead = 1 << (iota - 1) LivenessWritten LivenessDone )
const ( StackSlotInvalid = '?' StackSlotSpill = 'r' StackSlotMisc = 'm' StackSlotZero = '0' )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BackTrackInstruction ¶
type BackTrackInstruction struct {
Regs []byte
Stack int64
Instruction *Instruction
}
BackTrackInstruction indicates the verifier has back tracked an instruction. Example: "regs=4 stack=0 before 25: (bf) r1 = r0"
func (*BackTrackInstruction) String ¶
func (bt *BackTrackInstruction) String() string
type BackTrackingHeader ¶
BackTrackingHeader indicates that the verifier is back tracking, and is followed by BackTrackInstruction and BackTrackingTrailer statements. Example: "last_idx 26 first_idx 20"
func (*BackTrackingHeader) String ¶
func (bt *BackTrackingHeader) String() string
type BackTrackingTrailer ¶
type BackTrackingTrailer struct {
ParentMatch bool
Regs []byte
Stack int64
VerifierState *VerifierState
}
BackTrackingTrailer indicates the verifier is done backtracking. Example: `parent didn't have regs=4 stack=0 marks` or `parent already had regs=2a stack=0 marks`
func (*BackTrackingTrailer) String ¶
func (bt *BackTrackingTrailer) String() string
type BranchEvaluation ¶
type BranchEvaluation struct {
From int
To int
State *VerifierState
}
BranchEvaluation means that the verifier switch state and is now evaluating another permutation. Example: "from 84 to 40: frame1: R0=invP(id=0) R6=pkt(id=0,off=38,r=38,imm=0) R7=pkt(id=0,off=0,r=38,imm=0) R8=invP18 R9=invP(id=2,umax_value=255,var_off=(0x0; 0xff)) R10=fp0 fp-8=pkt_end fp-16=mmmmmmmm"
func (*BranchEvaluation) String ¶
func (be *BranchEvaluation) String() string
type Comment ¶
type Comment struct {
Comment string
}
A comment, usually contains the original line of the source code Example: "; if (data + nh_off > data_end)"
type FunctionCall ¶
type FunctionCall struct {
CallerState *VerifierState
CalleeState *VerifierState
}
FunctionCall indicates the verifier is following a bpf-to-bpf function call. For example: caller:
frame1: R6=pkt(id=0,off=54,r=74,imm=0) R7=pkt(id=0,off=0,r=74,imm=0) R8_w=pkt(id=0,off=74,r=74,imm=0) R9=invP6 R10=fp0 fp-8=pkt_end fp-16=mmmmmmmm callee: frame2: R1_w=pkt(id=0,off=54,r=74,imm=0) R2_w=invP(id=0) R10=fp0
func (*FunctionCall) String ¶
func (fc *FunctionCall) String() string
type Instruction ¶
Instruction describes an instruction, is used by multiple statements. Example: "22: (85) call pc+4"
func (*Instruction) String ¶
func (is *Instruction) String() string
type InstructionState ¶
type InstructionState struct {
Instruction
State VerifierState
}
Instruction and verifier state. Logged when the verifier evaluates an instruction. The state is the state after the instruction was evaluated. Example: "0: (b7) r6 = 1; R6_w=invP1"
func (*InstructionState) String ¶
func (is *InstructionState) String() string
type PropagatePrecision ¶
PropagatePrecision indicates that the verifier is propagating the precision of a register or stack slot to another state. Example: "propagating r6"
func (*PropagatePrecision) String ¶
func (pp *PropagatePrecision) String() string
type RecapState ¶
type RecapState struct {
InstructionNumber int
State VerifierState
}
A recap of the current state of the verifier and its location, without indicating it evaluated an expression. This happens when the verifier switches state to evaluate another permutation. Example: "0: R1=ctx(id=0,off=0,imm=0) R10=fp0"
func (*RecapState) String ¶
func (is *RecapState) String() string
type RegType ¶
type RegType int
RegType indicates the data type contained in a register
const ( RegTypeNotInit RegType = iota RegTypeScalarValue RegTypePtrToCtx RegTypeConstPtrToMap RegTypeMapValue RegTypePtrToStack RegTypePtrToPacket RegTypePtrToPacketMeta RegTypePtrToPacketEnd RegTypePtrToFlowKeys RegTypePtrToSock RegTypePtrToSockCommon RegTypePtrToTCPSock RegTypePtrToTPBuf RegTypePtrToXDPSock RegTypePtrToBTFID RegTypePtrToMem RegTypePtrToBuf RegTypePtrToFunc RegTypePtrToMapKey )
type RegisterState ¶
type RegisterState struct {
Register asm.Register
Liveness Liveness
Value RegisterValue
}
RegisterState describes a single register and its state. Example: "R1_w=invP(id=2,umax_value=255,var_off=(0x0; 0xff))"
func (RegisterState) String ¶
func (r RegisterState) String() string
type RegisterValue ¶
type RegisterValue struct {
Type RegType
Off int32
ID int
RefObjID int
Range int
KeySize int
ValueSize int
// if (!precise && SCALAR_VALUE) min/max/tnum don't affect safety
Precise bool
/* For scalar types (SCALAR_VALUE), this represents our knowledge of
* the actual value.
* For pointer types, this represents the variable part of the offset
* from the pointed-to object, and is shared with all bpf_reg_states
* with the same id as us.
*/
VarOff TNum
/* Used to determine if any memory access using this register will
* result in a bad access.
* These refer to the same value as var_off, not necessarily the actual
* contents of the register.
*/
SMinValue int64 /* minimum possible (s64)value */
SMaxValue int64 /* maximum possible (s64)value */
UMinValue uint64 /* minimum possible (u64)value */
UMaxValue uint64 /* maximum possible (u64)value */
S32MinValue int32 /* minimum possible (s32)value */
S32MaxValue int32 /* maximum possible (s32)value */
U32MinValue uint32 /* minimum possible (u32)value */
U32MaxValue uint32 /* maximum possible (u32)value */
BTFName string
}
RegisterValue is the value part of the register state, the part after the = Example: "invP(id=2,umax_value=255,var_off=(0x0; 0xff))"
func (RegisterValue) String ¶
func (rv RegisterValue) String() string
type ReturnFunctionCall ¶
type ReturnFunctionCall struct {
CallerState *VerifierState
CallSite int
CalleeState *VerifierState
}
ReturnFunctionCall indicates the verifier is evaluating returning from a function call. Example: returning from callee:
frame2: R0=map_value(id=0,off=0,ks=1,vs=16,imm=0) R1_w=invP(id=0) R6=invP(id=31) R10=fp0 fp-8=m???????
to caller at 156:
frame1: R0=map_value(id=0,off=0,ks=1,vs=16,imm=0) R6=pkt(id=0,off=54,r=54,imm=0) R7=pkt(id=0,off=0,r=54,imm=0) R8=invP14 R9=invP(id=30,umax_value=255,var_off=(0x0; 0xff)) R10=fp0 fp-8=pkt_end fp-16=mmmmmmmm
func (*ReturnFunctionCall) String ¶
func (rfc *ReturnFunctionCall) String() string
type StackSlot ¶
type StackSlot byte
StackSlot describes the contents of a single byte within a stack slot
type StackState ¶
type StackState struct {
Offset int
Liveness Liveness
SpilledRegister RegisterValue
Slots [8]StackSlot
AcquiredRefs []string
InCallbackFn bool
InAsyncCallbackFn bool
}
StackState describes the state of a single stack slot. Example: `fp-8=m???????`
func (*StackState) String ¶
func (ss *StackState) String() string
type StatePruned ¶
StatePruned means that the verifier considers a specific permutation to be safe and will prune the state from memory. Example: "25: safe" or "from 42 to 57: safe"
func (*StatePruned) String ¶
func (sp *StatePruned) String() string
type SubProgLocation ¶
SubProgLocation states the location of a sub program. Example: "func#3 @85"
func (*SubProgLocation) String ¶
func (spl *SubProgLocation) String() string
type TNum ¶
TNum is a tracked (or tristate) number. Relevant parts ported from linux kernel. https://elixir.bootlin.com/linux/v5.18.3/source/include/linux/tnum.h https://elixir.bootlin.com/linux/v5.18.3/source/kernel/bpf/tnum.c
type VerifierDone ¶
type VerifierDone struct {
InstructionsProcessed int
InstructionLimit int
MaxStatesPerInst int
TotalStates int
PeakStates int
MarkRead int
}
VerifierDone indicates the verifier is done and has failed or succeeded. Example: "processed 520 insns (limit 1000000) max_states_per_insn 1 total_states 46 peak_states 46 mark_read 7"
func (*VerifierDone) String ¶
func (ls *VerifierDone) String() string
type VerifierState ¶
type VerifierState struct {
FrameNumber int
Registers []RegisterState
Stack []StackState
// If true, the struct was initialized as filler, but no actual state info is known
Unknown bool
}
VerifierState contains a description of the state of the verifier at a certain point. Used by a number of statements. Example: "frame1: R2_w=invP(id=0) R10=fp0 fp-16_w=mmmmmmmm"
func MergedPerInstruction ¶
func MergedPerInstruction(log string) []VerifierState
MergedPerInstruction takes and parses the verifier log. It then merges the observed register and stack states seen for each permutation the verifier considers. The resulting state isn't useful for its values, just to see which registers are never used and which stack slots/offsets are never used.
func (*VerifierState) String ¶
func (is *VerifierState) String() string
type VerifierStatement ¶
VerifierStatement is often a single line of the log.
func ParseVerifierLog ¶
func ParseVerifierLog(log string) []VerifierStatement
ParseVerifierLog parses the verbose output of the kernel eBPF verifier. It simply returns all statements in the order they appeared in the verifier output.
Source Files