1 /* SPDX-License-Identifier: MIT
3 * lttng-filter-validator.c
5 * LTTng modules filter bytecode validator.
7 * Copyright (C) 2010-2016 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
10 #include <linux/types.h>
11 #include <linux/jhash.h>
12 #include <linux/slab.h>
14 #include <wrapper/list.h>
15 #include <lttng/filter.h>
17 #define MERGE_POINT_TABLE_BITS 7
18 #define MERGE_POINT_TABLE_SIZE (1U << MERGE_POINT_TABLE_BITS)
20 /* merge point table node */
22 struct hlist_node node
;
24 /* Context at merge point */
26 unsigned long target_pc
;
30 struct hlist_head mp_head
[MERGE_POINT_TABLE_SIZE
];
34 int lttng_hash_match(struct mp_node
*mp_node
, unsigned long key_pc
)
36 if (mp_node
->target_pc
== key_pc
)
43 int merge_points_compare(const struct vstack
*stacka
,
44 const struct vstack
*stackb
)
48 if (stacka
->top
!= stackb
->top
)
50 len
= stacka
->top
+ 1;
51 WARN_ON_ONCE(len
< 0);
52 for (i
= 0; i
< len
; i
++) {
53 if (stacka
->e
[i
].type
!= stackb
->e
[i
].type
)
60 int merge_point_add_check(struct mp_table
*mp_table
, unsigned long target_pc
,
61 const struct vstack
*stack
)
63 struct mp_node
*mp_node
;
64 unsigned long hash
= jhash_1word(target_pc
, 0);
65 struct hlist_head
*head
;
66 struct mp_node
*lookup_node
;
69 dbg_printk("Filter: adding merge point at offset %lu, hash %lu\n",
71 mp_node
= kzalloc(sizeof(struct mp_node
), GFP_KERNEL
);
74 mp_node
->target_pc
= target_pc
;
75 memcpy(&mp_node
->stack
, stack
, sizeof(mp_node
->stack
));
77 head
= &mp_table
->mp_head
[hash
& (MERGE_POINT_TABLE_SIZE
- 1)];
78 lttng_hlist_for_each_entry(lookup_node
, head
, node
) {
79 if (lttng_hash_match(lookup_node
, target_pc
)) {
85 /* Key already present */
86 dbg_printk("Filter: compare merge points for offset %lu, hash %lu\n",
89 if (merge_points_compare(stack
, &lookup_node
->stack
)) {
90 printk(KERN_WARNING
"Merge points differ for offset %lu\n",
95 hlist_add_head(&mp_node
->node
, head
);
101 * Binary comparators use top of stack and top of stack -1.
104 int bin_op_compare_check(struct vstack
*stack
, const filter_opcode_t opcode
,
107 if (unlikely(!vstack_ax(stack
) || !vstack_bx(stack
)))
110 switch (vstack_ax(stack
)->type
) {
116 switch (vstack_bx(stack
)->type
) {
120 case REG_TYPE_UNKNOWN
:
124 case REG_STAR_GLOB_STRING
:
125 if (opcode
!= FILTER_OP_EQ
&& opcode
!= FILTER_OP_NE
) {
133 case REG_STAR_GLOB_STRING
:
134 switch (vstack_bx(stack
)->type
) {
138 case REG_TYPE_UNKNOWN
:
141 if (opcode
!= FILTER_OP_EQ
&& opcode
!= FILTER_OP_NE
) {
145 case REG_STAR_GLOB_STRING
:
151 switch (vstack_bx(stack
)->type
) {
155 case REG_TYPE_UNKNOWN
:
158 case REG_STAR_GLOB_STRING
:
164 case REG_TYPE_UNKNOWN
:
165 switch (vstack_bx(stack
)->type
) {
169 case REG_TYPE_UNKNOWN
:
171 case REG_STAR_GLOB_STRING
:
183 printk(KERN_WARNING
"empty stack for '%s' binary operator\n", str
);
187 printk(KERN_WARNING
"type mismatch for '%s' binary operator\n", str
);
191 printk(KERN_WARNING
"unknown type for '%s' binary operator\n", str
);
196 * Binary bitwise operators use top of stack and top of stack -1.
197 * Return 0 if typing is known to match, 1 if typing is dynamic
198 * (unknown), negative error value on error.
201 int bin_op_bitwise_check(struct vstack
*stack
, filter_opcode_t opcode
,
204 if (unlikely(!vstack_ax(stack
) || !vstack_bx(stack
)))
207 switch (vstack_ax(stack
)->type
) {
212 case REG_TYPE_UNKNOWN
:
213 switch (vstack_bx(stack
)->type
) {
217 case REG_TYPE_UNKNOWN
:
219 case REG_STAR_GLOB_STRING
:
225 switch (vstack_bx(stack
)->type
) {
229 case REG_TYPE_UNKNOWN
:
242 printk(KERN_WARNING
"empty stack for '%s' binary operator\n", str
);
246 printk(KERN_WARNING
"unknown type for '%s' binary operator\n", str
);
251 int validate_get_symbol(struct bytecode_runtime
*bytecode
,
252 const struct get_symbol
*sym
)
254 const char *str
, *str_limit
;
257 if (sym
->offset
>= bytecode
->p
.bc
->bc
.len
- bytecode
->p
.bc
->bc
.reloc_offset
)
260 str
= bytecode
->p
.bc
->bc
.data
+ bytecode
->p
.bc
->bc
.reloc_offset
+ sym
->offset
;
261 str_limit
= bytecode
->p
.bc
->bc
.data
+ bytecode
->p
.bc
->bc
.len
;
262 len_limit
= str_limit
- str
;
263 if (strnlen(str
, len_limit
) == len_limit
)
269 * Validate bytecode range overflow within the validation pass.
270 * Called for each instruction encountered.
273 int bytecode_validate_overflow(struct bytecode_runtime
*bytecode
,
274 char *start_pc
, char *pc
)
278 switch (*(filter_opcode_t
*) pc
) {
279 case FILTER_OP_UNKNOWN
:
282 printk(KERN_WARNING
"unknown bytecode op %u\n",
283 (unsigned int) *(filter_opcode_t
*) pc
);
288 case FILTER_OP_RETURN
:
289 case FILTER_OP_RETURN_S64
:
291 if (unlikely(pc
+ sizeof(struct return_op
)
292 > start_pc
+ bytecode
->len
)) {
303 case FILTER_OP_MINUS
:
304 case FILTER_OP_EQ_DOUBLE
:
305 case FILTER_OP_NE_DOUBLE
:
306 case FILTER_OP_GT_DOUBLE
:
307 case FILTER_OP_LT_DOUBLE
:
308 case FILTER_OP_GE_DOUBLE
:
309 case FILTER_OP_LE_DOUBLE
:
311 case FILTER_OP_EQ_DOUBLE_S64
:
312 case FILTER_OP_NE_DOUBLE_S64
:
313 case FILTER_OP_GT_DOUBLE_S64
:
314 case FILTER_OP_LT_DOUBLE_S64
:
315 case FILTER_OP_GE_DOUBLE_S64
:
316 case FILTER_OP_LE_DOUBLE_S64
:
317 case FILTER_OP_EQ_S64_DOUBLE
:
318 case FILTER_OP_NE_S64_DOUBLE
:
319 case FILTER_OP_GT_S64_DOUBLE
:
320 case FILTER_OP_LT_S64_DOUBLE
:
321 case FILTER_OP_GE_S64_DOUBLE
:
322 case FILTER_OP_LE_S64_DOUBLE
:
323 case FILTER_OP_LOAD_FIELD_REF_DOUBLE
:
324 case FILTER_OP_GET_CONTEXT_REF_DOUBLE
:
325 case FILTER_OP_LOAD_DOUBLE
:
326 case FILTER_OP_CAST_DOUBLE_TO_S64
:
327 case FILTER_OP_UNARY_PLUS_DOUBLE
:
328 case FILTER_OP_UNARY_MINUS_DOUBLE
:
329 case FILTER_OP_UNARY_NOT_DOUBLE
:
331 printk(KERN_WARNING
"unsupported bytecode op %u\n",
332 (unsigned int) *(filter_opcode_t
*) pc
);
343 case FILTER_OP_EQ_STRING
:
344 case FILTER_OP_NE_STRING
:
345 case FILTER_OP_GT_STRING
:
346 case FILTER_OP_LT_STRING
:
347 case FILTER_OP_GE_STRING
:
348 case FILTER_OP_LE_STRING
:
349 case FILTER_OP_EQ_STAR_GLOB_STRING
:
350 case FILTER_OP_NE_STAR_GLOB_STRING
:
351 case FILTER_OP_EQ_S64
:
352 case FILTER_OP_NE_S64
:
353 case FILTER_OP_GT_S64
:
354 case FILTER_OP_LT_S64
:
355 case FILTER_OP_GE_S64
:
356 case FILTER_OP_LE_S64
:
357 case FILTER_OP_BIT_RSHIFT
:
358 case FILTER_OP_BIT_LSHIFT
:
359 case FILTER_OP_BIT_AND
:
360 case FILTER_OP_BIT_OR
:
361 case FILTER_OP_BIT_XOR
:
363 if (unlikely(pc
+ sizeof(struct binary_op
)
364 > start_pc
+ bytecode
->len
)) {
371 case FILTER_OP_UNARY_PLUS
:
372 case FILTER_OP_UNARY_MINUS
:
373 case FILTER_OP_UNARY_NOT
:
374 case FILTER_OP_UNARY_PLUS_S64
:
375 case FILTER_OP_UNARY_MINUS_S64
:
376 case FILTER_OP_UNARY_NOT_S64
:
377 case FILTER_OP_UNARY_BIT_NOT
:
379 if (unlikely(pc
+ sizeof(struct unary_op
)
380 > start_pc
+ bytecode
->len
)) {
390 if (unlikely(pc
+ sizeof(struct logical_op
)
391 > start_pc
+ bytecode
->len
)) {
398 case FILTER_OP_LOAD_FIELD_REF
:
400 printk(KERN_WARNING
"Unknown field ref type\n");
405 /* get context ref */
406 case FILTER_OP_GET_CONTEXT_REF
:
408 printk(KERN_WARNING
"Unknown field ref type\n");
412 case FILTER_OP_LOAD_FIELD_REF_STRING
:
413 case FILTER_OP_LOAD_FIELD_REF_SEQUENCE
:
414 case FILTER_OP_LOAD_FIELD_REF_USER_STRING
:
415 case FILTER_OP_LOAD_FIELD_REF_USER_SEQUENCE
:
416 case FILTER_OP_LOAD_FIELD_REF_S64
:
417 case FILTER_OP_GET_CONTEXT_REF_STRING
:
418 case FILTER_OP_GET_CONTEXT_REF_S64
:
420 if (unlikely(pc
+ sizeof(struct load_op
) + sizeof(struct field_ref
)
421 > start_pc
+ bytecode
->len
)) {
427 /* load from immediate operand */
428 case FILTER_OP_LOAD_STRING
:
429 case FILTER_OP_LOAD_STAR_GLOB_STRING
:
431 struct load_op
*insn
= (struct load_op
*) pc
;
432 uint32_t str_len
, maxlen
;
434 if (unlikely(pc
+ sizeof(struct load_op
)
435 > start_pc
+ bytecode
->len
)) {
440 maxlen
= start_pc
+ bytecode
->len
- pc
- sizeof(struct load_op
);
441 str_len
= strnlen(insn
->data
, maxlen
);
442 if (unlikely(str_len
>= maxlen
)) {
443 /* Final '\0' not found within range */
449 case FILTER_OP_LOAD_S64
:
451 if (unlikely(pc
+ sizeof(struct load_op
) + sizeof(struct literal_numeric
)
452 > start_pc
+ bytecode
->len
)) {
458 case FILTER_OP_CAST_TO_S64
:
459 case FILTER_OP_CAST_NOP
:
461 if (unlikely(pc
+ sizeof(struct cast_op
)
462 > start_pc
+ bytecode
->len
)) {
469 * Instructions for recursive traversal through composed types.
471 case FILTER_OP_GET_CONTEXT_ROOT
:
472 case FILTER_OP_GET_APP_CONTEXT_ROOT
:
473 case FILTER_OP_GET_PAYLOAD_ROOT
:
474 case FILTER_OP_LOAD_FIELD
:
475 case FILTER_OP_LOAD_FIELD_S8
:
476 case FILTER_OP_LOAD_FIELD_S16
:
477 case FILTER_OP_LOAD_FIELD_S32
:
478 case FILTER_OP_LOAD_FIELD_S64
:
479 case FILTER_OP_LOAD_FIELD_U8
:
480 case FILTER_OP_LOAD_FIELD_U16
:
481 case FILTER_OP_LOAD_FIELD_U32
:
482 case FILTER_OP_LOAD_FIELD_U64
:
483 case FILTER_OP_LOAD_FIELD_STRING
:
484 case FILTER_OP_LOAD_FIELD_SEQUENCE
:
485 case FILTER_OP_LOAD_FIELD_DOUBLE
:
486 if (unlikely(pc
+ sizeof(struct load_op
)
487 > start_pc
+ bytecode
->len
)) {
492 case FILTER_OP_GET_SYMBOL
:
494 struct load_op
*insn
= (struct load_op
*) pc
;
495 struct get_symbol
*sym
= (struct get_symbol
*) insn
->data
;
497 if (unlikely(pc
+ sizeof(struct load_op
) + sizeof(struct get_symbol
)
498 > start_pc
+ bytecode
->len
)) {
502 ret
= validate_get_symbol(bytecode
, sym
);
506 case FILTER_OP_GET_SYMBOL_FIELD
:
507 printk(KERN_WARNING
"Unexpected get symbol field\n");
511 case FILTER_OP_GET_INDEX_U16
:
512 if (unlikely(pc
+ sizeof(struct load_op
) + sizeof(struct get_index_u16
)
513 > start_pc
+ bytecode
->len
)) {
518 case FILTER_OP_GET_INDEX_U64
:
519 if (unlikely(pc
+ sizeof(struct load_op
) + sizeof(struct get_index_u64
)
520 > start_pc
+ bytecode
->len
)) {
530 unsigned long delete_all_nodes(struct mp_table
*mp_table
)
532 struct mp_node
*mp_node
;
533 struct hlist_node
*tmp
;
534 unsigned long nr_nodes
= 0;
537 for (i
= 0; i
< MERGE_POINT_TABLE_SIZE
; i
++) {
538 struct hlist_head
*head
;
540 head
= &mp_table
->mp_head
[i
];
541 lttng_hlist_for_each_entry_safe(mp_node
, tmp
, head
, node
) {
555 int validate_instruction_context(struct bytecode_runtime
*bytecode
,
556 struct vstack
*stack
,
561 const filter_opcode_t opcode
= *(filter_opcode_t
*) pc
;
564 case FILTER_OP_UNKNOWN
:
567 printk(KERN_WARNING
"unknown bytecode op %u\n",
568 (unsigned int) *(filter_opcode_t
*) pc
);
573 case FILTER_OP_RETURN
:
574 case FILTER_OP_RETURN_S64
:
584 case FILTER_OP_MINUS
:
586 case FILTER_OP_EQ_DOUBLE
:
587 case FILTER_OP_NE_DOUBLE
:
588 case FILTER_OP_GT_DOUBLE
:
589 case FILTER_OP_LT_DOUBLE
:
590 case FILTER_OP_GE_DOUBLE
:
591 case FILTER_OP_LE_DOUBLE
:
592 case FILTER_OP_EQ_DOUBLE_S64
:
593 case FILTER_OP_NE_DOUBLE_S64
:
594 case FILTER_OP_GT_DOUBLE_S64
:
595 case FILTER_OP_LT_DOUBLE_S64
:
596 case FILTER_OP_GE_DOUBLE_S64
:
597 case FILTER_OP_LE_DOUBLE_S64
:
598 case FILTER_OP_EQ_S64_DOUBLE
:
599 case FILTER_OP_NE_S64_DOUBLE
:
600 case FILTER_OP_GT_S64_DOUBLE
:
601 case FILTER_OP_LT_S64_DOUBLE
:
602 case FILTER_OP_GE_S64_DOUBLE
:
603 case FILTER_OP_LE_S64_DOUBLE
:
604 case FILTER_OP_UNARY_PLUS_DOUBLE
:
605 case FILTER_OP_UNARY_MINUS_DOUBLE
:
606 case FILTER_OP_UNARY_NOT_DOUBLE
:
607 case FILTER_OP_LOAD_FIELD_REF_DOUBLE
:
608 case FILTER_OP_LOAD_DOUBLE
:
609 case FILTER_OP_CAST_DOUBLE_TO_S64
:
610 case FILTER_OP_GET_CONTEXT_REF_DOUBLE
:
612 printk(KERN_WARNING
"unsupported bytecode op %u\n",
613 (unsigned int) *(filter_opcode_t
*) pc
);
620 ret
= bin_op_compare_check(stack
, opcode
, "==");
627 ret
= bin_op_compare_check(stack
, opcode
, "!=");
634 ret
= bin_op_compare_check(stack
, opcode
, ">");
641 ret
= bin_op_compare_check(stack
, opcode
, "<");
648 ret
= bin_op_compare_check(stack
, opcode
, ">=");
655 ret
= bin_op_compare_check(stack
, opcode
, "<=");
661 case FILTER_OP_EQ_STRING
:
662 case FILTER_OP_NE_STRING
:
663 case FILTER_OP_GT_STRING
:
664 case FILTER_OP_LT_STRING
:
665 case FILTER_OP_GE_STRING
:
666 case FILTER_OP_LE_STRING
:
668 if (!vstack_ax(stack
) || !vstack_bx(stack
)) {
669 printk(KERN_WARNING
"Empty stack\n");
673 if (vstack_ax(stack
)->type
!= REG_STRING
674 || vstack_bx(stack
)->type
!= REG_STRING
) {
675 printk(KERN_WARNING
"Unexpected register type for string comparator\n");
683 case FILTER_OP_EQ_STAR_GLOB_STRING
:
684 case FILTER_OP_NE_STAR_GLOB_STRING
:
686 if (!vstack_ax(stack
) || !vstack_bx(stack
)) {
687 printk(KERN_WARNING
"Empty stack\n");
691 if (vstack_ax(stack
)->type
!= REG_STAR_GLOB_STRING
692 && vstack_bx(stack
)->type
!= REG_STAR_GLOB_STRING
) {
693 printk(KERN_WARNING
"Unexpected register type for globbing pattern comparator\n");
700 case FILTER_OP_EQ_S64
:
701 case FILTER_OP_NE_S64
:
702 case FILTER_OP_GT_S64
:
703 case FILTER_OP_LT_S64
:
704 case FILTER_OP_GE_S64
:
705 case FILTER_OP_LE_S64
:
707 if (!vstack_ax(stack
) || !vstack_bx(stack
)) {
708 printk(KERN_WARNING
"Empty stack\n");
712 if (vstack_ax(stack
)->type
!= REG_S64
713 || vstack_bx(stack
)->type
!= REG_S64
) {
714 printk(KERN_WARNING
"Unexpected register type for s64 comparator\n");
721 case FILTER_OP_BIT_RSHIFT
:
722 ret
= bin_op_bitwise_check(stack
, opcode
, ">>");
726 case FILTER_OP_BIT_LSHIFT
:
727 ret
= bin_op_bitwise_check(stack
, opcode
, "<<");
731 case FILTER_OP_BIT_AND
:
732 ret
= bin_op_bitwise_check(stack
, opcode
, "&");
736 case FILTER_OP_BIT_OR
:
737 ret
= bin_op_bitwise_check(stack
, opcode
, "|");
741 case FILTER_OP_BIT_XOR
:
742 ret
= bin_op_bitwise_check(stack
, opcode
, "^");
748 case FILTER_OP_UNARY_PLUS
:
749 case FILTER_OP_UNARY_MINUS
:
750 case FILTER_OP_UNARY_NOT
:
752 if (!vstack_ax(stack
)) {
753 printk(KERN_WARNING
"Empty stack\n");
757 switch (vstack_ax(stack
)->type
) {
760 printk(KERN_WARNING
"unknown register type\n");
765 case REG_STAR_GLOB_STRING
:
766 printk(KERN_WARNING
"Unary op can only be applied to numeric or floating point registers\n");
770 case REG_TYPE_UNKNOWN
:
775 case FILTER_OP_UNARY_BIT_NOT
:
777 if (!vstack_ax(stack
)) {
778 printk(KERN_WARNING
"Empty stack\n");
782 switch (vstack_ax(stack
)->type
) {
784 printk(KERN_WARNING
"unknown register type\n");
789 case REG_STAR_GLOB_STRING
:
791 printk(KERN_WARNING
"Unary bitwise op can only be applied to numeric registers\n");
796 case REG_TYPE_UNKNOWN
:
802 case FILTER_OP_UNARY_PLUS_S64
:
803 case FILTER_OP_UNARY_MINUS_S64
:
804 case FILTER_OP_UNARY_NOT_S64
:
806 if (!vstack_ax(stack
)) {
807 printk(KERN_WARNING
"Empty stack\n");
811 if (vstack_ax(stack
)->type
!= REG_S64
) {
812 printk(KERN_WARNING
"Invalid register type\n");
823 struct logical_op
*insn
= (struct logical_op
*) pc
;
825 if (!vstack_ax(stack
)) {
826 printk(KERN_WARNING
"Empty stack\n");
830 if (vstack_ax(stack
)->type
!= REG_S64
) {
831 printk(KERN_WARNING
"Logical comparator expects S64 register\n");
836 dbg_printk("Validate jumping to bytecode offset %u\n",
837 (unsigned int) insn
->skip_offset
);
838 if (unlikely(start_pc
+ insn
->skip_offset
<= pc
)) {
839 printk(KERN_WARNING
"Loops are not allowed in bytecode\n");
847 case FILTER_OP_LOAD_FIELD_REF
:
849 printk(KERN_WARNING
"Unknown field ref type\n");
853 case FILTER_OP_LOAD_FIELD_REF_STRING
:
854 case FILTER_OP_LOAD_FIELD_REF_SEQUENCE
:
855 case FILTER_OP_LOAD_FIELD_REF_USER_STRING
:
856 case FILTER_OP_LOAD_FIELD_REF_USER_SEQUENCE
:
858 struct load_op
*insn
= (struct load_op
*) pc
;
859 struct field_ref
*ref
= (struct field_ref
*) insn
->data
;
861 dbg_printk("Validate load field ref offset %u type string\n",
865 case FILTER_OP_LOAD_FIELD_REF_S64
:
867 struct load_op
*insn
= (struct load_op
*) pc
;
868 struct field_ref
*ref
= (struct field_ref
*) insn
->data
;
870 dbg_printk("Validate load field ref offset %u type s64\n",
875 /* load from immediate operand */
876 case FILTER_OP_LOAD_STRING
:
877 case FILTER_OP_LOAD_STAR_GLOB_STRING
:
882 case FILTER_OP_LOAD_S64
:
887 case FILTER_OP_CAST_TO_S64
:
889 struct cast_op
*insn
= (struct cast_op
*) pc
;
891 if (!vstack_ax(stack
)) {
892 printk(KERN_WARNING
"Empty stack\n");
896 switch (vstack_ax(stack
)->type
) {
899 printk(KERN_WARNING
"unknown register type\n");
904 case REG_STAR_GLOB_STRING
:
905 printk(KERN_WARNING
"Cast op can only be applied to numeric or floating point registers\n");
911 if (insn
->op
== FILTER_OP_CAST_DOUBLE_TO_S64
) {
912 if (vstack_ax(stack
)->type
!= REG_DOUBLE
) {
913 printk(KERN_WARNING
"Cast expects double\n");
920 case FILTER_OP_CAST_NOP
:
925 /* get context ref */
926 case FILTER_OP_GET_CONTEXT_REF
:
928 printk(KERN_WARNING
"Unknown get context ref type\n");
932 case FILTER_OP_GET_CONTEXT_REF_STRING
:
934 struct load_op
*insn
= (struct load_op
*) pc
;
935 struct field_ref
*ref
= (struct field_ref
*) insn
->data
;
937 dbg_printk("Validate get context ref offset %u type string\n",
941 case FILTER_OP_GET_CONTEXT_REF_S64
:
943 struct load_op
*insn
= (struct load_op
*) pc
;
944 struct field_ref
*ref
= (struct field_ref
*) insn
->data
;
946 dbg_printk("Validate get context ref offset %u type s64\n",
952 * Instructions for recursive traversal through composed types.
954 case FILTER_OP_GET_CONTEXT_ROOT
:
956 dbg_printk("Validate get context root\n");
959 case FILTER_OP_GET_APP_CONTEXT_ROOT
:
961 dbg_printk("Validate get app context root\n");
964 case FILTER_OP_GET_PAYLOAD_ROOT
:
966 dbg_printk("Validate get payload root\n");
969 case FILTER_OP_LOAD_FIELD
:
972 * We tolerate that field type is unknown at validation,
973 * because we are performing the load specialization in
974 * a phase after validation.
976 dbg_printk("Validate load field\n");
979 case FILTER_OP_LOAD_FIELD_S8
:
981 dbg_printk("Validate load field s8\n");
984 case FILTER_OP_LOAD_FIELD_S16
:
986 dbg_printk("Validate load field s16\n");
989 case FILTER_OP_LOAD_FIELD_S32
:
991 dbg_printk("Validate load field s32\n");
994 case FILTER_OP_LOAD_FIELD_S64
:
996 dbg_printk("Validate load field s64\n");
999 case FILTER_OP_LOAD_FIELD_U8
:
1001 dbg_printk("Validate load field u8\n");
1004 case FILTER_OP_LOAD_FIELD_U16
:
1006 dbg_printk("Validate load field u16\n");
1009 case FILTER_OP_LOAD_FIELD_U32
:
1011 dbg_printk("Validate load field u32\n");
1014 case FILTER_OP_LOAD_FIELD_U64
:
1016 dbg_printk("Validate load field u64\n");
1019 case FILTER_OP_LOAD_FIELD_STRING
:
1021 dbg_printk("Validate load field string\n");
1024 case FILTER_OP_LOAD_FIELD_SEQUENCE
:
1026 dbg_printk("Validate load field sequence\n");
1029 case FILTER_OP_LOAD_FIELD_DOUBLE
:
1031 dbg_printk("Validate load field double\n");
1035 case FILTER_OP_GET_SYMBOL
:
1037 struct load_op
*insn
= (struct load_op
*) pc
;
1038 struct get_symbol
*sym
= (struct get_symbol
*) insn
->data
;
1040 dbg_printk("Validate get symbol offset %u\n", sym
->offset
);
1044 case FILTER_OP_GET_SYMBOL_FIELD
:
1046 struct load_op
*insn
= (struct load_op
*) pc
;
1047 struct get_symbol
*sym
= (struct get_symbol
*) insn
->data
;
1049 dbg_printk("Validate get symbol field offset %u\n", sym
->offset
);
1053 case FILTER_OP_GET_INDEX_U16
:
1055 struct load_op
*insn
= (struct load_op
*) pc
;
1056 struct get_index_u16
*get_index
= (struct get_index_u16
*) insn
->data
;
1058 dbg_printk("Validate get index u16 index %u\n", get_index
->index
);
1062 case FILTER_OP_GET_INDEX_U64
:
1064 struct load_op
*insn
= (struct load_op
*) pc
;
1065 struct get_index_u64
*get_index
= (struct get_index_u64
*) insn
->data
;
1067 dbg_printk("Validate get index u64 index %llu\n",
1068 (unsigned long long) get_index
->index
);
1082 int validate_instruction_all_contexts(struct bytecode_runtime
*bytecode
,
1083 struct mp_table
*mp_table
,
1084 struct vstack
*stack
,
1089 unsigned long target_pc
= pc
- start_pc
;
1091 struct hlist_head
*head
;
1092 struct mp_node
*mp_node
;
1094 /* Validate the context resulting from the previous instruction */
1095 ret
= validate_instruction_context(bytecode
, stack
, start_pc
, pc
);
1099 /* Validate merge points */
1100 hash
= jhash_1word(target_pc
, 0);
1101 head
= &mp_table
->mp_head
[hash
& (MERGE_POINT_TABLE_SIZE
- 1)];
1102 lttng_hlist_for_each_entry(mp_node
, head
, node
) {
1103 if (lttng_hash_match(mp_node
, target_pc
)) {
1109 dbg_printk("Filter: validate merge point at offset %lu\n",
1111 if (merge_points_compare(stack
, &mp_node
->stack
)) {
1112 printk(KERN_WARNING
"Merge points differ for offset %lu\n",
1116 /* Once validated, we can remove the merge point */
1117 dbg_printk("Filter: remove merge point at offset %lu\n",
1119 hlist_del(&mp_node
->node
);
1126 * >0: going to next insn.
1127 * 0: success, stop iteration.
1131 int exec_insn(struct bytecode_runtime
*bytecode
,
1132 struct mp_table
*mp_table
,
1133 struct vstack
*stack
,
1138 char *next_pc
= *_next_pc
;
1140 switch (*(filter_opcode_t
*) pc
) {
1141 case FILTER_OP_UNKNOWN
:
1144 printk(KERN_WARNING
"unknown bytecode op %u\n",
1145 (unsigned int) *(filter_opcode_t
*) pc
);
1150 case FILTER_OP_RETURN
:
1152 if (!vstack_ax(stack
)) {
1153 printk(KERN_WARNING
"Empty stack\n");
1157 switch (vstack_ax(stack
)->type
) {
1159 case REG_TYPE_UNKNOWN
:
1162 printk(KERN_WARNING
"Unexpected register type %d at end of bytecode\n",
1163 (int) vstack_ax(stack
)->type
);
1172 case FILTER_OP_RETURN_S64
:
1174 if (!vstack_ax(stack
)) {
1175 printk(KERN_WARNING
"Empty stack\n");
1179 switch (vstack_ax(stack
)->type
) {
1183 case REG_TYPE_UNKNOWN
:
1184 printk(KERN_WARNING
"Unexpected register type %d at end of bytecode\n",
1185 (int) vstack_ax(stack
)->type
);
1198 case FILTER_OP_PLUS
:
1199 case FILTER_OP_MINUS
:
1200 /* Floating point */
1201 case FILTER_OP_EQ_DOUBLE
:
1202 case FILTER_OP_NE_DOUBLE
:
1203 case FILTER_OP_GT_DOUBLE
:
1204 case FILTER_OP_LT_DOUBLE
:
1205 case FILTER_OP_GE_DOUBLE
:
1206 case FILTER_OP_LE_DOUBLE
:
1207 case FILTER_OP_EQ_DOUBLE_S64
:
1208 case FILTER_OP_NE_DOUBLE_S64
:
1209 case FILTER_OP_GT_DOUBLE_S64
:
1210 case FILTER_OP_LT_DOUBLE_S64
:
1211 case FILTER_OP_GE_DOUBLE_S64
:
1212 case FILTER_OP_LE_DOUBLE_S64
:
1213 case FILTER_OP_EQ_S64_DOUBLE
:
1214 case FILTER_OP_NE_S64_DOUBLE
:
1215 case FILTER_OP_GT_S64_DOUBLE
:
1216 case FILTER_OP_LT_S64_DOUBLE
:
1217 case FILTER_OP_GE_S64_DOUBLE
:
1218 case FILTER_OP_LE_S64_DOUBLE
:
1219 case FILTER_OP_UNARY_PLUS_DOUBLE
:
1220 case FILTER_OP_UNARY_MINUS_DOUBLE
:
1221 case FILTER_OP_UNARY_NOT_DOUBLE
:
1222 case FILTER_OP_LOAD_FIELD_REF_DOUBLE
:
1223 case FILTER_OP_GET_CONTEXT_REF_DOUBLE
:
1224 case FILTER_OP_LOAD_DOUBLE
:
1225 case FILTER_OP_CAST_DOUBLE_TO_S64
:
1227 printk(KERN_WARNING
"unsupported bytecode op %u\n",
1228 (unsigned int) *(filter_opcode_t
*) pc
);
1239 case FILTER_OP_EQ_STRING
:
1240 case FILTER_OP_NE_STRING
:
1241 case FILTER_OP_GT_STRING
:
1242 case FILTER_OP_LT_STRING
:
1243 case FILTER_OP_GE_STRING
:
1244 case FILTER_OP_LE_STRING
:
1245 case FILTER_OP_EQ_STAR_GLOB_STRING
:
1246 case FILTER_OP_NE_STAR_GLOB_STRING
:
1247 case FILTER_OP_EQ_S64
:
1248 case FILTER_OP_NE_S64
:
1249 case FILTER_OP_GT_S64
:
1250 case FILTER_OP_LT_S64
:
1251 case FILTER_OP_GE_S64
:
1252 case FILTER_OP_LE_S64
:
1253 case FILTER_OP_BIT_RSHIFT
:
1254 case FILTER_OP_BIT_LSHIFT
:
1255 case FILTER_OP_BIT_AND
:
1256 case FILTER_OP_BIT_OR
:
1257 case FILTER_OP_BIT_XOR
:
1260 if (vstack_pop(stack
)) {
1264 if (!vstack_ax(stack
)) {
1265 printk(KERN_WARNING
"Empty stack\n");
1269 switch (vstack_ax(stack
)->type
) {
1273 case REG_STAR_GLOB_STRING
:
1274 case REG_TYPE_UNKNOWN
:
1277 printk(KERN_WARNING
"Unexpected register type %d for operation\n",
1278 (int) vstack_ax(stack
)->type
);
1283 vstack_ax(stack
)->type
= REG_S64
;
1284 next_pc
+= sizeof(struct binary_op
);
1289 case FILTER_OP_UNARY_PLUS
:
1290 case FILTER_OP_UNARY_MINUS
:
1293 if (!vstack_ax(stack
)) {
1294 printk(KERN_WARNING
"Empty stack\n\n");
1298 switch (vstack_ax(stack
)->type
) {
1300 case REG_TYPE_UNKNOWN
:
1303 printk(KERN_WARNING
"Unexpected register type %d for operation\n",
1304 (int) vstack_ax(stack
)->type
);
1309 vstack_ax(stack
)->type
= REG_TYPE_UNKNOWN
;
1310 next_pc
+= sizeof(struct unary_op
);
1314 case FILTER_OP_UNARY_PLUS_S64
:
1315 case FILTER_OP_UNARY_MINUS_S64
:
1316 case FILTER_OP_UNARY_NOT_S64
:
1319 if (!vstack_ax(stack
)) {
1320 printk(KERN_WARNING
"Empty stack\n\n");
1324 switch (vstack_ax(stack
)->type
) {
1328 printk(KERN_WARNING
"Unexpected register type %d for operation\n",
1329 (int) vstack_ax(stack
)->type
);
1334 vstack_ax(stack
)->type
= REG_S64
;
1335 next_pc
+= sizeof(struct unary_op
);
1339 case FILTER_OP_UNARY_NOT
:
1342 if (!vstack_ax(stack
)) {
1343 printk(KERN_WARNING
"Empty stack\n\n");
1347 switch (vstack_ax(stack
)->type
) {
1349 case REG_TYPE_UNKNOWN
:
1352 printk(KERN_WARNING
"Unexpected register type %d for operation\n",
1353 (int) vstack_ax(stack
)->type
);
1358 vstack_ax(stack
)->type
= REG_S64
;
1359 next_pc
+= sizeof(struct unary_op
);
1363 case FILTER_OP_UNARY_BIT_NOT
:
1366 if (!vstack_ax(stack
)) {
1367 printk(KERN_WARNING
"Empty stack\n");
1371 switch (vstack_ax(stack
)->type
) {
1373 case REG_TYPE_UNKNOWN
:
1377 printk(KERN_WARNING
"Unexpected register type %d for operation\n",
1378 (int) vstack_ax(stack
)->type
);
1383 vstack_ax(stack
)->type
= REG_S64
;
1384 next_pc
+= sizeof(struct unary_op
);
1392 struct logical_op
*insn
= (struct logical_op
*) pc
;
1395 /* Add merge point to table */
1396 merge_ret
= merge_point_add_check(mp_table
,
1397 insn
->skip_offset
, stack
);
1403 if (!vstack_ax(stack
)) {
1404 printk(KERN_WARNING
"Empty stack\n\n");
1408 /* There is always a cast-to-s64 operation before a or/and op. */
1409 switch (vstack_ax(stack
)->type
) {
1413 printk(KERN_WARNING
"Incorrect register type %d for operation\n",
1414 (int) vstack_ax(stack
)->type
);
1419 /* Continue to next instruction */
1420 /* Pop 1 when jump not taken */
1421 if (vstack_pop(stack
)) {
1425 next_pc
+= sizeof(struct logical_op
);
1429 /* load field ref */
1430 case FILTER_OP_LOAD_FIELD_REF
:
1432 printk(KERN_WARNING
"Unknown field ref type\n");
1436 /* get context ref */
1437 case FILTER_OP_GET_CONTEXT_REF
:
1439 printk(KERN_WARNING
"Unknown get context ref type\n");
1443 case FILTER_OP_LOAD_FIELD_REF_STRING
:
1444 case FILTER_OP_LOAD_FIELD_REF_SEQUENCE
:
1445 case FILTER_OP_GET_CONTEXT_REF_STRING
:
1446 case FILTER_OP_LOAD_FIELD_REF_USER_STRING
:
1447 case FILTER_OP_LOAD_FIELD_REF_USER_SEQUENCE
:
1449 if (vstack_push(stack
)) {
1453 vstack_ax(stack
)->type
= REG_STRING
;
1454 next_pc
+= sizeof(struct load_op
) + sizeof(struct field_ref
);
1457 case FILTER_OP_LOAD_FIELD_REF_S64
:
1458 case FILTER_OP_GET_CONTEXT_REF_S64
:
1460 if (vstack_push(stack
)) {
1464 vstack_ax(stack
)->type
= REG_S64
;
1465 next_pc
+= sizeof(struct load_op
) + sizeof(struct field_ref
);
1469 /* load from immediate operand */
1470 case FILTER_OP_LOAD_STRING
:
1472 struct load_op
*insn
= (struct load_op
*) pc
;
1474 if (vstack_push(stack
)) {
1478 vstack_ax(stack
)->type
= REG_STRING
;
1479 next_pc
+= sizeof(struct load_op
) + strlen(insn
->data
) + 1;
1483 case FILTER_OP_LOAD_STAR_GLOB_STRING
:
1485 struct load_op
*insn
= (struct load_op
*) pc
;
1487 if (vstack_push(stack
)) {
1491 vstack_ax(stack
)->type
= REG_STAR_GLOB_STRING
;
1492 next_pc
+= sizeof(struct load_op
) + strlen(insn
->data
) + 1;
1496 case FILTER_OP_LOAD_S64
:
1498 if (vstack_push(stack
)) {
1502 vstack_ax(stack
)->type
= REG_S64
;
1503 next_pc
+= sizeof(struct load_op
)
1504 + sizeof(struct literal_numeric
);
1508 case FILTER_OP_CAST_TO_S64
:
1511 if (!vstack_ax(stack
)) {
1512 printk(KERN_WARNING
"Empty stack\n");
1516 switch (vstack_ax(stack
)->type
) {
1519 case REG_TYPE_UNKNOWN
:
1522 printk(KERN_WARNING
"Incorrect register type %d for cast\n",
1523 (int) vstack_ax(stack
)->type
);
1527 vstack_ax(stack
)->type
= REG_S64
;
1528 next_pc
+= sizeof(struct cast_op
);
1531 case FILTER_OP_CAST_NOP
:
1533 next_pc
+= sizeof(struct cast_op
);
1538 * Instructions for recursive traversal through composed types.
1540 case FILTER_OP_GET_CONTEXT_ROOT
:
1541 case FILTER_OP_GET_APP_CONTEXT_ROOT
:
1542 case FILTER_OP_GET_PAYLOAD_ROOT
:
1544 if (vstack_push(stack
)) {
1548 vstack_ax(stack
)->type
= REG_PTR
;
1549 next_pc
+= sizeof(struct load_op
);
1553 case FILTER_OP_LOAD_FIELD
:
1556 if (!vstack_ax(stack
)) {
1557 printk(KERN_WARNING
"Empty stack\n\n");
1561 if (vstack_ax(stack
)->type
!= REG_PTR
) {
1562 printk(KERN_WARNING
"Expecting pointer on top of stack\n\n");
1566 vstack_ax(stack
)->type
= REG_TYPE_UNKNOWN
;
1567 next_pc
+= sizeof(struct load_op
);
1571 case FILTER_OP_LOAD_FIELD_S8
:
1572 case FILTER_OP_LOAD_FIELD_S16
:
1573 case FILTER_OP_LOAD_FIELD_S32
:
1574 case FILTER_OP_LOAD_FIELD_S64
:
1575 case FILTER_OP_LOAD_FIELD_U8
:
1576 case FILTER_OP_LOAD_FIELD_U16
:
1577 case FILTER_OP_LOAD_FIELD_U32
:
1578 case FILTER_OP_LOAD_FIELD_U64
:
1581 if (!vstack_ax(stack
)) {
1582 printk(KERN_WARNING
"Empty stack\n\n");
1586 if (vstack_ax(stack
)->type
!= REG_PTR
) {
1587 printk(KERN_WARNING
"Expecting pointer on top of stack\n\n");
1591 vstack_ax(stack
)->type
= REG_S64
;
1592 next_pc
+= sizeof(struct load_op
);
1596 case FILTER_OP_LOAD_FIELD_STRING
:
1597 case FILTER_OP_LOAD_FIELD_SEQUENCE
:
1600 if (!vstack_ax(stack
)) {
1601 printk(KERN_WARNING
"Empty stack\n\n");
1605 if (vstack_ax(stack
)->type
!= REG_PTR
) {
1606 printk(KERN_WARNING
"Expecting pointer on top of stack\n\n");
1610 vstack_ax(stack
)->type
= REG_STRING
;
1611 next_pc
+= sizeof(struct load_op
);
1615 case FILTER_OP_LOAD_FIELD_DOUBLE
:
1618 if (!vstack_ax(stack
)) {
1619 printk(KERN_WARNING
"Empty stack\n\n");
1623 if (vstack_ax(stack
)->type
!= REG_PTR
) {
1624 printk(KERN_WARNING
"Expecting pointer on top of stack\n\n");
1628 vstack_ax(stack
)->type
= REG_DOUBLE
;
1629 next_pc
+= sizeof(struct load_op
);
1633 case FILTER_OP_GET_SYMBOL
:
1634 case FILTER_OP_GET_SYMBOL_FIELD
:
1637 if (!vstack_ax(stack
)) {
1638 printk(KERN_WARNING
"Empty stack\n\n");
1642 if (vstack_ax(stack
)->type
!= REG_PTR
) {
1643 printk(KERN_WARNING
"Expecting pointer on top of stack\n\n");
1647 next_pc
+= sizeof(struct load_op
) + sizeof(struct get_symbol
);
1651 case FILTER_OP_GET_INDEX_U16
:
1654 if (!vstack_ax(stack
)) {
1655 printk(KERN_WARNING
"Empty stack\n\n");
1659 if (vstack_ax(stack
)->type
!= REG_PTR
) {
1660 printk(KERN_WARNING
"Expecting pointer on top of stack\n\n");
1664 next_pc
+= sizeof(struct load_op
) + sizeof(struct get_index_u16
);
1668 case FILTER_OP_GET_INDEX_U64
:
1671 if (!vstack_ax(stack
)) {
1672 printk(KERN_WARNING
"Empty stack\n\n");
1676 if (vstack_ax(stack
)->type
!= REG_PTR
) {
1677 printk(KERN_WARNING
"Expecting pointer on top of stack\n\n");
1681 next_pc
+= sizeof(struct load_op
) + sizeof(struct get_index_u64
);
1687 *_next_pc
= next_pc
;
1692 * Never called concurrently (hash seed is shared).
1694 int lttng_filter_validate_bytecode(struct bytecode_runtime
*bytecode
)
1696 struct mp_table
*mp_table
;
1697 char *pc
, *next_pc
, *start_pc
;
1699 struct vstack stack
;
1701 vstack_init(&stack
);
1703 mp_table
= kzalloc(sizeof(*mp_table
), GFP_KERNEL
);
1705 printk(KERN_WARNING
"Error allocating hash table for bytecode validation\n");
1708 start_pc
= &bytecode
->code
[0];
1709 for (pc
= next_pc
= start_pc
; pc
- start_pc
< bytecode
->len
;
1711 ret
= bytecode_validate_overflow(bytecode
, start_pc
, pc
);
1714 printk(KERN_WARNING
"filter bytecode overflow\n");
1717 dbg_printk("Validating op %s (%u)\n",
1718 lttng_filter_print_op((unsigned int) *(filter_opcode_t
*) pc
),
1719 (unsigned int) *(filter_opcode_t
*) pc
);
1722 * For each instruction, validate the current context
1723 * (traversal of entire execution flow), and validate
1724 * all merge points targeting this instruction.
1726 ret
= validate_instruction_all_contexts(bytecode
, mp_table
,
1727 &stack
, start_pc
, pc
);
1730 ret
= exec_insn(bytecode
, mp_table
, &stack
, &next_pc
, pc
);
1735 if (delete_all_nodes(mp_table
)) {
1737 printk(KERN_WARNING
"Unexpected merge points\n");