projects / lttng-modules.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix: bytecode validator: reject specialized load instructions
[lttng-modules.git] / src / lttng-bytecode-validator.c
1 /* SPDX-License-Identifier: MIT
2 *
3 * lttng-bytecode-validator.c
4 *
5 * LTTng modules bytecode bytecode validator.
6 *
7 * Copyright (C) 2010-2016 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
8 */
9
10 #include <linux/types.h>
11 #include <linux/jhash.h>
12 #include <linux/slab.h>
13
14 #include <wrapper/list.h>
15 #include <lttng/lttng-bytecode.h>
16
17 #define MERGE_POINT_TABLE_BITS 7
18 #define MERGE_POINT_TABLE_SIZE (1U << MERGE_POINT_TABLE_BITS)
19
20 /* merge point table node */
21 struct mp_node {
22 struct hlist_node node;
23
24 /* Context at merge point */
25 struct vstack stack;
26 unsigned long target_pc;
27 };
28
29 struct mp_table {
30 struct hlist_head mp_head[MERGE_POINT_TABLE_SIZE];
31 };
32
33 static
34 int lttng_hash_match(struct mp_node *mp_node, unsigned long key_pc)
35 {
36 if (mp_node->target_pc == key_pc)
37 return 1;
38 else
39 return 0;
40 }
41
42 static
43 int merge_points_compare(const struct vstack *stacka,
44 const struct vstack *stackb)
45 {
46 int i, len;
47
48 if (stacka->top != stackb->top)
49 return 1;
50 len = stacka->top + 1;
51 WARN_ON_ONCE(len < 0);
52 for (i = 0; i < len; i++) {
53 if (stacka->e[i].type != stackb->e[i].type)
54 return 1;
55 }
56 return 0;
57 }
58
59 static
60 int merge_point_add_check(struct mp_table *mp_table, unsigned long target_pc,
61 const struct vstack *stack)
62 {
63 struct mp_node *mp_node;
64 unsigned long hash = jhash_1word(target_pc, 0);
65 struct hlist_head *head;
66 struct mp_node *lookup_node;
67 int found = 0;
68
69 dbg_printk("Bytecode: adding merge point at offset %lu, hash %lu\n",
70 target_pc, hash);
71 mp_node = kzalloc(sizeof(struct mp_node), GFP_KERNEL);
72 if (!mp_node)
73 return -ENOMEM;
74 mp_node->target_pc = target_pc;
75 memcpy(&mp_node->stack, stack, sizeof(mp_node->stack));
76
77 head = &mp_table->mp_head[hash & (MERGE_POINT_TABLE_SIZE - 1)];
78 lttng_hlist_for_each_entry(lookup_node, head, node) {
79 if (lttng_hash_match(lookup_node, target_pc)) {
80 found = 1;
81 break;
82 }
83 }
84 if (found) {
85 /* Key already present */
86 dbg_printk("Bytecode: compare merge points for offset %lu, hash %lu\n",
87 target_pc, hash);
88 kfree(mp_node);
89 if (merge_points_compare(stack, &lookup_node->stack)) {
90 printk(KERN_WARNING "LTTng: bytecode: Merge points differ for offset %lu\n",
91 target_pc);
92 return -EINVAL;
93 }
94 } else {
95 hlist_add_head(&mp_node->node, head);
96 }
97 return 0;
98 }
99
100 /*
101 * Binary comparators use top of stack and top of stack -1.
102 */
103 static
104 int bin_op_compare_check(struct vstack *stack, const bytecode_opcode_t opcode,
105 const char *str)
106 {
107 if (unlikely(!vstack_ax(stack) || !vstack_bx(stack)))
108 goto error_empty;
109
110 switch (vstack_ax(stack)->type) {
111 default:
112 case REG_DOUBLE:
113 goto error_type;
114
115 case REG_STRING:
116 switch (vstack_bx(stack)->type) {
117 default:
118 case REG_DOUBLE:
119 goto error_type;
120 case REG_TYPE_UNKNOWN:
121 goto unknown;
122 case REG_STRING:
123 break;
124 case REG_STAR_GLOB_STRING:
125 if (opcode != BYTECODE_OP_EQ && opcode != BYTECODE_OP_NE) {
126 goto error_mismatch;
127 }
128 break;
129 case REG_S64:
130 case REG_U64:
131 goto error_mismatch;
132 }
133 break;
134 case REG_STAR_GLOB_STRING:
135 switch (vstack_bx(stack)->type) {
136 default:
137 case REG_DOUBLE:
138 goto error_type;
139 case REG_TYPE_UNKNOWN:
140 goto unknown;
141 case REG_STRING:
142 if (opcode != BYTECODE_OP_EQ && opcode != BYTECODE_OP_NE) {
143 goto error_mismatch;
144 }
145 break;
146 case REG_STAR_GLOB_STRING:
147 case REG_S64:
148 case REG_U64:
149 goto error_mismatch;
150 }
151 break;
152 case REG_S64:
153 case REG_U64:
154 switch (vstack_bx(stack)->type) {
155 default:
156 case REG_DOUBLE:
157 goto error_type;
158 case REG_TYPE_UNKNOWN:
159 goto unknown;
160 case REG_STRING:
161 case REG_STAR_GLOB_STRING:
162 goto error_mismatch;
163 case REG_S64:
164 case REG_U64:
165 break;
166 }
167 break;
168 case REG_TYPE_UNKNOWN:
169 switch (vstack_bx(stack)->type) {
170 default:
171 case REG_DOUBLE:
172 goto error_type;
173 case REG_TYPE_UNKNOWN:
174 case REG_STRING:
175 case REG_STAR_GLOB_STRING:
176 case REG_S64:
177 case REG_U64:
178 goto unknown;
179 }
180 break;
181 }
182 return 0;
183
184 unknown:
185 return 1;
186
187 error_empty:
188 printk(KERN_WARNING "LTTng: bytecode: empty stack for '%s' binary operator\n", str);
189 return -EINVAL;
190
191 error_mismatch:
192 printk(KERN_WARNING "LTTng: bytecode: type mismatch for '%s' binary operator\n", str);
193 return -EINVAL;
194
195 error_type:
196 printk(KERN_WARNING "LTTng: bytecode: unknown type for '%s' binary operator\n", str);
197 return -EINVAL;
198 }
199
200 /*
201 * Binary bitwise operators use top of stack and top of stack -1.
202 * Return 0 if typing is known to match, 1 if typing is dynamic
203 * (unknown), negative error value on error.
204 */
205 static
206 int bin_op_bitwise_check(struct vstack *stack, bytecode_opcode_t opcode,
207 const char *str)
208 {
209 if (unlikely(!vstack_ax(stack) || !vstack_bx(stack)))
210 goto error_empty;
211
212 switch (vstack_ax(stack)->type) {
213 default:
214 case REG_DOUBLE:
215 goto error_type;
216
217 case REG_TYPE_UNKNOWN:
218 switch (vstack_bx(stack)->type) {
219 default:
220 case REG_DOUBLE:
221 goto error_type;
222 case REG_TYPE_UNKNOWN:
223 case REG_S64:
224 case REG_U64:
225 goto unknown;
226 }
227 break;
228 case REG_S64:
229 case REG_U64:
230 switch (vstack_bx(stack)->type) {
231 default:
232 case REG_DOUBLE:
233 goto error_type;
234 case REG_TYPE_UNKNOWN:
235 goto unknown;
236 case REG_S64:
237 case REG_U64:
238 break;
239 }
240 break;
241 }
242 return 0;
243
244 unknown:
245 return 1;
246
247 error_empty:
248 printk(KERN_WARNING "LTTng: bytecode: empty stack for '%s' binary operator\n", str);
249 return -EINVAL;
250
251 error_type:
252 printk(KERN_WARNING "LTTng: bytecode: unknown type for '%s' binary operator\n", str);
253 return -EINVAL;
254 }
255
256 static
257 int validate_get_symbol(struct bytecode_runtime *bytecode,
258 const struct get_symbol *sym)
259 {
260 const char *str, *str_limit;
261 size_t len_limit;
262
263 if (sym->offset >= bytecode->p.bc->bc.len - bytecode->p.bc->bc.reloc_offset)
264 return -EINVAL;
265
266 str = bytecode->p.bc->bc.data + bytecode->p.bc->bc.reloc_offset + sym->offset;
267 str_limit = bytecode->p.bc->bc.data + bytecode->p.bc->bc.len;
268 len_limit = str_limit - str;
269 if (strnlen(str, len_limit) == len_limit)
270 return -EINVAL;
271 return 0;
272 }
273
274 /*
275 * Validate bytecode range overflow within the validation pass.
276 * Called for each instruction encountered.
277 */
278 static
279 int bytecode_validate_overflow(struct bytecode_runtime *bytecode,
280 char *start_pc, char *pc)
281 {
282 int ret = 0;
283
284 switch (*(bytecode_opcode_t *) pc) {
285 case BYTECODE_OP_UNKNOWN:
286 default:
287 {
288 printk(KERN_WARNING "LTTng: bytecode: unknown bytecode op %u\n",
289 (unsigned int) *(bytecode_opcode_t *) pc);
290 ret = -EINVAL;
291 break;
292 }
293
294 case BYTECODE_OP_RETURN:
295 case BYTECODE_OP_RETURN_S64:
296 {
297 if (unlikely(pc + sizeof(struct return_op)
298 > start_pc + bytecode->len)) {
299 ret = -ERANGE;
300 }
301 break;
302 }
303
304 /* binary */
305 case BYTECODE_OP_MUL:
306 case BYTECODE_OP_DIV:
307 case BYTECODE_OP_MOD:
308 case BYTECODE_OP_PLUS:
309 case BYTECODE_OP_MINUS:
310 case BYTECODE_OP_EQ_DOUBLE:
311 case BYTECODE_OP_NE_DOUBLE:
312 case BYTECODE_OP_GT_DOUBLE:
313 case BYTECODE_OP_LT_DOUBLE:
314 case BYTECODE_OP_GE_DOUBLE:
315 case BYTECODE_OP_LE_DOUBLE:
316 /* Floating point */
317 case BYTECODE_OP_EQ_DOUBLE_S64:
318 case BYTECODE_OP_NE_DOUBLE_S64:
319 case BYTECODE_OP_GT_DOUBLE_S64:
320 case BYTECODE_OP_LT_DOUBLE_S64:
321 case BYTECODE_OP_GE_DOUBLE_S64:
322 case BYTECODE_OP_LE_DOUBLE_S64:
323 case BYTECODE_OP_EQ_S64_DOUBLE:
324 case BYTECODE_OP_NE_S64_DOUBLE:
325 case BYTECODE_OP_GT_S64_DOUBLE:
326 case BYTECODE_OP_LT_S64_DOUBLE:
327 case BYTECODE_OP_GE_S64_DOUBLE:
328 case BYTECODE_OP_LE_S64_DOUBLE:
329 case BYTECODE_OP_LOAD_FIELD_REF_DOUBLE:
330 case BYTECODE_OP_GET_CONTEXT_REF_DOUBLE:
331 case BYTECODE_OP_LOAD_DOUBLE:
332 case BYTECODE_OP_CAST_DOUBLE_TO_S64:
333 case BYTECODE_OP_UNARY_PLUS_DOUBLE:
334 case BYTECODE_OP_UNARY_MINUS_DOUBLE:
335 case BYTECODE_OP_UNARY_NOT_DOUBLE:
336 {
337 printk(KERN_WARNING "LTTng: bytecode: unsupported bytecode op %u\n",
338 (unsigned int) *(bytecode_opcode_t *) pc);
339 ret = -EINVAL;
340 break;
341 }
342
343 case BYTECODE_OP_EQ:
344 case BYTECODE_OP_NE:
345 case BYTECODE_OP_GT:
346 case BYTECODE_OP_LT:
347 case BYTECODE_OP_GE:
348 case BYTECODE_OP_LE:
349 case BYTECODE_OP_EQ_STRING:
350 case BYTECODE_OP_NE_STRING:
351 case BYTECODE_OP_GT_STRING:
352 case BYTECODE_OP_LT_STRING:
353 case BYTECODE_OP_GE_STRING:
354 case BYTECODE_OP_LE_STRING:
355 case BYTECODE_OP_EQ_STAR_GLOB_STRING:
356 case BYTECODE_OP_NE_STAR_GLOB_STRING:
357 case BYTECODE_OP_EQ_S64:
358 case BYTECODE_OP_NE_S64:
359 case BYTECODE_OP_GT_S64:
360 case BYTECODE_OP_LT_S64:
361 case BYTECODE_OP_GE_S64:
362 case BYTECODE_OP_LE_S64:
363 case BYTECODE_OP_BIT_RSHIFT:
364 case BYTECODE_OP_BIT_LSHIFT:
365 case BYTECODE_OP_BIT_AND:
366 case BYTECODE_OP_BIT_OR:
367 case BYTECODE_OP_BIT_XOR:
368 {
369 if (unlikely(pc + sizeof(struct binary_op)
370 > start_pc + bytecode->len)) {
371 ret = -ERANGE;
372 }
373 break;
374 }
375
376 /* unary */
377 case BYTECODE_OP_UNARY_PLUS:
378 case BYTECODE_OP_UNARY_MINUS:
379 case BYTECODE_OP_UNARY_NOT:
380 case BYTECODE_OP_UNARY_PLUS_S64:
381 case BYTECODE_OP_UNARY_MINUS_S64:
382 case BYTECODE_OP_UNARY_NOT_S64:
383 case BYTECODE_OP_UNARY_BIT_NOT:
384 {
385 if (unlikely(pc + sizeof(struct unary_op)
386 > start_pc + bytecode->len)) {
387 ret = -ERANGE;
388 }
389 break;
390 }
391
392 /* logical */
393 case BYTECODE_OP_AND:
394 case BYTECODE_OP_OR:
395 {
396 if (unlikely(pc + sizeof(struct logical_op)
397 > start_pc + bytecode->len)) {
398 ret = -ERANGE;
399 }
400 break;
401 }
402
403 /* load field ref */
404 case BYTECODE_OP_LOAD_FIELD_REF:
405 {
406 printk(KERN_WARNING "LTTng: bytecode: Unknown field ref type\n");
407 ret = -EINVAL;
408 break;
409 }
410
411 /* get context ref */
412 case BYTECODE_OP_GET_CONTEXT_REF:
413 {
414 printk(KERN_WARNING "LTTng: bytecode: Unknown field ref type\n");
415 ret = -EINVAL;
416 break;
417 }
418 case BYTECODE_OP_LOAD_FIELD_REF_STRING:
419 case BYTECODE_OP_LOAD_FIELD_REF_SEQUENCE:
420 case BYTECODE_OP_LOAD_FIELD_REF_USER_STRING:
421 case BYTECODE_OP_LOAD_FIELD_REF_USER_SEQUENCE:
422 case BYTECODE_OP_LOAD_FIELD_REF_S64:
423 case BYTECODE_OP_GET_CONTEXT_REF_STRING:
424 case BYTECODE_OP_GET_CONTEXT_REF_S64:
425 {
426 if (unlikely(pc + sizeof(struct load_op) + sizeof(struct field_ref)
427 > start_pc + bytecode->len)) {
428 ret = -ERANGE;
429 }
430 break;
431 }
432
433 /* load from immediate operand */
434 case BYTECODE_OP_LOAD_STRING:
435 case BYTECODE_OP_LOAD_STAR_GLOB_STRING:
436 {
437 struct load_op *insn = (struct load_op *) pc;
438 uint32_t str_len, maxlen;
439
440 if (unlikely(pc + sizeof(struct load_op)
441 > start_pc + bytecode->len)) {
442 ret = -ERANGE;
443 break;
444 }
445
446 maxlen = start_pc + bytecode->len - pc - sizeof(struct load_op);
447 str_len = strnlen(insn->data, maxlen);
448 if (unlikely(str_len >= maxlen)) {
449 /* Final '\0' not found within range */
450 ret = -ERANGE;
451 }
452 break;
453 }
454
455 case BYTECODE_OP_LOAD_S64:
456 {
457 if (unlikely(pc + sizeof(struct load_op) + sizeof(struct literal_numeric)
458 > start_pc + bytecode->len)) {
459 ret = -ERANGE;
460 }
461 break;
462 }
463
464 case BYTECODE_OP_CAST_TO_S64:
465 case BYTECODE_OP_CAST_NOP:
466 {
467 if (unlikely(pc + sizeof(struct cast_op)
468 > start_pc + bytecode->len)) {
469 ret = -ERANGE;
470 }
471 break;
472 }
473
474 /*
475 * Instructions for recursive traversal through composed types.
476 */
477 case BYTECODE_OP_GET_CONTEXT_ROOT:
478 case BYTECODE_OP_GET_APP_CONTEXT_ROOT:
479 case BYTECODE_OP_GET_PAYLOAD_ROOT:
480 case BYTECODE_OP_LOAD_FIELD:
481 case BYTECODE_OP_LOAD_FIELD_S8:
482 case BYTECODE_OP_LOAD_FIELD_S16:
483 case BYTECODE_OP_LOAD_FIELD_S32:
484 case BYTECODE_OP_LOAD_FIELD_S64:
485 case BYTECODE_OP_LOAD_FIELD_U8:
486 case BYTECODE_OP_LOAD_FIELD_U16:
487 case BYTECODE_OP_LOAD_FIELD_U32:
488 case BYTECODE_OP_LOAD_FIELD_U64:
489 case BYTECODE_OP_LOAD_FIELD_STRING:
490 case BYTECODE_OP_LOAD_FIELD_SEQUENCE:
491 case BYTECODE_OP_LOAD_FIELD_DOUBLE:
492 if (unlikely(pc + sizeof(struct load_op)
493 > start_pc + bytecode->len)) {
494 ret = -ERANGE;
495 }
496 break;
497
498 case BYTECODE_OP_GET_SYMBOL:
499 {
500 struct load_op *insn = (struct load_op *) pc;
501 struct get_symbol *sym = (struct get_symbol *) insn->data;
502
503 if (unlikely(pc + sizeof(struct load_op) + sizeof(struct get_symbol)
504 > start_pc + bytecode->len)) {
505 ret = -ERANGE;
506 break;
507 }
508 ret = validate_get_symbol(bytecode, sym);
509 break;
510 }
511
512 case BYTECODE_OP_GET_SYMBOL_FIELD:
513 printk(KERN_WARNING "LTTng: bytecode: Unexpected get symbol field\n");
514 ret = -EINVAL;
515 break;
516
517 case BYTECODE_OP_GET_INDEX_U16:
518 if (unlikely(pc + sizeof(struct load_op) + sizeof(struct get_index_u16)
519 > start_pc + bytecode->len)) {
520 ret = -ERANGE;
521 }
522 break;
523
524 case BYTECODE_OP_GET_INDEX_U64:
525 if (unlikely(pc + sizeof(struct load_op) + sizeof(struct get_index_u64)
526 > start_pc + bytecode->len)) {
527 ret = -ERANGE;
528 }
529 break;
530 }
531
532 return ret;
533 }
534
535 static
536 unsigned long delete_all_nodes(struct mp_table *mp_table)
537 {
538 struct mp_node *mp_node;
539 struct hlist_node *tmp;
540 unsigned long nr_nodes = 0;
541 int i;
542
543 for (i = 0; i < MERGE_POINT_TABLE_SIZE; i++) {
544 struct hlist_head *head;
545
546 head = &mp_table->mp_head[i];
547 lttng_hlist_for_each_entry_safe(mp_node, tmp, head, node) {
548 kfree(mp_node);
549 nr_nodes++;
550 }
551 }
552 return nr_nodes;
553 }
554
555 /*
556 * Return value:
557 * >=0: success
558 * <0: error
559 */
560 static
561 int validate_instruction_context(struct bytecode_runtime *bytecode,
562 struct vstack *stack,
563 char *start_pc,
564 char *pc)
565 {
566 int ret = 0;
567 const bytecode_opcode_t opcode = *(bytecode_opcode_t *) pc;
568
569 switch (opcode) {
570 case BYTECODE_OP_UNKNOWN:
571 default:
572 {
573 printk(KERN_WARNING "LTTng: bytecode: unknown bytecode op %u\n",
574 (unsigned int) *(bytecode_opcode_t *) pc);
575 ret = -EINVAL;
576 goto end;
577 }
578
579 case BYTECODE_OP_RETURN:
580 case BYTECODE_OP_RETURN_S64:
581 {
582 goto end;
583 }
584
585 /* binary */
586 case BYTECODE_OP_MUL:
587 case BYTECODE_OP_DIV:
588 case BYTECODE_OP_MOD:
589 case BYTECODE_OP_PLUS:
590 case BYTECODE_OP_MINUS:
591 /* Floating point */
592 case BYTECODE_OP_EQ_DOUBLE:
593 case BYTECODE_OP_NE_DOUBLE:
594 case BYTECODE_OP_GT_DOUBLE:
595 case BYTECODE_OP_LT_DOUBLE:
596 case BYTECODE_OP_GE_DOUBLE:
597 case BYTECODE_OP_LE_DOUBLE:
598 case BYTECODE_OP_EQ_DOUBLE_S64:
599 case BYTECODE_OP_NE_DOUBLE_S64:
600 case BYTECODE_OP_GT_DOUBLE_S64:
601 case BYTECODE_OP_LT_DOUBLE_S64:
602 case BYTECODE_OP_GE_DOUBLE_S64:
603 case BYTECODE_OP_LE_DOUBLE_S64:
604 case BYTECODE_OP_EQ_S64_DOUBLE:
605 case BYTECODE_OP_NE_S64_DOUBLE:
606 case BYTECODE_OP_GT_S64_DOUBLE:
607 case BYTECODE_OP_LT_S64_DOUBLE:
608 case BYTECODE_OP_GE_S64_DOUBLE:
609 case BYTECODE_OP_LE_S64_DOUBLE:
610 case BYTECODE_OP_UNARY_PLUS_DOUBLE:
611 case BYTECODE_OP_UNARY_MINUS_DOUBLE:
612 case BYTECODE_OP_UNARY_NOT_DOUBLE:
613 case BYTECODE_OP_LOAD_FIELD_REF_DOUBLE:
614 case BYTECODE_OP_LOAD_DOUBLE:
615 case BYTECODE_OP_CAST_DOUBLE_TO_S64:
616 case BYTECODE_OP_GET_CONTEXT_REF_DOUBLE:
617 {
618 printk(KERN_WARNING "LTTng: bytecode: unsupported bytecode op %u\n",
619 (unsigned int) *(bytecode_opcode_t *) pc);
620 ret = -EINVAL;
621 goto end;
622 }
623
624 case BYTECODE_OP_EQ:
625 {
626 ret = bin_op_compare_check(stack, opcode, "==");
627 if (ret < 0)
628 goto end;
629 break;
630 }
631 case BYTECODE_OP_NE:
632 {
633 ret = bin_op_compare_check(stack, opcode, "!=");
634 if (ret < 0)
635 goto end;
636 break;
637 }
638 case BYTECODE_OP_GT:
639 {
640 ret = bin_op_compare_check(stack, opcode, ">");
641 if (ret < 0)
642 goto end;
643 break;
644 }
645 case BYTECODE_OP_LT:
646 {
647 ret = bin_op_compare_check(stack, opcode, "<");
648 if (ret < 0)
649 goto end;
650 break;
651 }
652 case BYTECODE_OP_GE:
653 {
654 ret = bin_op_compare_check(stack, opcode, ">=");
655 if (ret < 0)
656 goto end;
657 break;
658 }
659 case BYTECODE_OP_LE:
660 {
661 ret = bin_op_compare_check(stack, opcode, "<=");
662 if (ret < 0)
663 goto end;
664 break;
665 }
666
667 case BYTECODE_OP_EQ_STRING:
668 case BYTECODE_OP_NE_STRING:
669 case BYTECODE_OP_GT_STRING:
670 case BYTECODE_OP_LT_STRING:
671 case BYTECODE_OP_GE_STRING:
672 case BYTECODE_OP_LE_STRING:
673 {
674 if (!vstack_ax(stack) || !vstack_bx(stack)) {
675 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
676 ret = -EINVAL;
677 goto end;
678 }
679 if (vstack_ax(stack)->type != REG_STRING
680 || vstack_bx(stack)->type != REG_STRING) {
681 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type for string comparator\n");
682 ret = -EINVAL;
683 goto end;
684 }
685 break;
686 }
687
688
689 case BYTECODE_OP_EQ_STAR_GLOB_STRING:
690 case BYTECODE_OP_NE_STAR_GLOB_STRING:
691 {
692 if (!vstack_ax(stack) || !vstack_bx(stack)) {
693 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
694 ret = -EINVAL;
695 goto end;
696 }
697 if (vstack_ax(stack)->type != REG_STAR_GLOB_STRING
698 && vstack_bx(stack)->type != REG_STAR_GLOB_STRING) {
699 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type for globbing pattern comparator\n");
700 ret = -EINVAL;
701 goto end;
702 }
703 break;
704 }
705
706 case BYTECODE_OP_EQ_S64:
707 case BYTECODE_OP_NE_S64:
708 case BYTECODE_OP_GT_S64:
709 case BYTECODE_OP_LT_S64:
710 case BYTECODE_OP_GE_S64:
711 case BYTECODE_OP_LE_S64:
712 {
713 if (!vstack_ax(stack) || !vstack_bx(stack)) {
714 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
715 ret = -EINVAL;
716 goto end;
717 }
718 switch (vstack_ax(stack)->type) {
719 case REG_S64:
720 case REG_U64:
721 break;
722 default:
723 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type for s64 comparator\n");
724 ret = -EINVAL;
725 goto end;
726 }
727 switch (vstack_bx(stack)->type) {
728 case REG_S64:
729 case REG_U64:
730 break;
731 default:
732 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type for s64 comparator\n");
733 ret = -EINVAL;
734 goto end;
735 }
736 break;
737 }
738
739 case BYTECODE_OP_BIT_RSHIFT:
740 ret = bin_op_bitwise_check(stack, opcode, ">>");
741 if (ret < 0)
742 goto end;
743 break;
744 case BYTECODE_OP_BIT_LSHIFT:
745 ret = bin_op_bitwise_check(stack, opcode, "<<");
746 if (ret < 0)
747 goto end;
748 break;
749 case BYTECODE_OP_BIT_AND:
750 ret = bin_op_bitwise_check(stack, opcode, "&");
751 if (ret < 0)
752 goto end;
753 break;
754 case BYTECODE_OP_BIT_OR:
755 ret = bin_op_bitwise_check(stack, opcode, "|");
756 if (ret < 0)
757 goto end;
758 break;
759 case BYTECODE_OP_BIT_XOR:
760 ret = bin_op_bitwise_check(stack, opcode, "^");
761 if (ret < 0)
762 goto end;
763 break;
764
765 /* unary */
766 case BYTECODE_OP_UNARY_PLUS:
767 case BYTECODE_OP_UNARY_MINUS:
768 case BYTECODE_OP_UNARY_NOT:
769 {
770 if (!vstack_ax(stack)) {
771 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
772 ret = -EINVAL;
773 goto end;
774 }
775 switch (vstack_ax(stack)->type) {
776 default:
777 case REG_DOUBLE:
778 printk(KERN_WARNING "LTTng: bytecode: unknown register type\n");
779 ret = -EINVAL;
780 goto end;
781
782 case REG_STRING:
783 case REG_STAR_GLOB_STRING:
784 printk(KERN_WARNING "LTTng: bytecode: Unary op can only be applied to numeric or floating point registers\n");
785 ret = -EINVAL;
786 goto end;
787 case REG_S64:
788 case REG_U64:
789 case REG_TYPE_UNKNOWN:
790 break;
791 }
792 break;
793 }
794 case BYTECODE_OP_UNARY_BIT_NOT:
795 {
796 if (!vstack_ax(stack)) {
797 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
798 ret = -EINVAL;
799 goto end;
800 }
801 switch (vstack_ax(stack)->type) {
802 default:
803 printk(KERN_WARNING "LTTng: bytecode: unknown register type\n");
804 ret = -EINVAL;
805 goto end;
806
807 case REG_STRING:
808 case REG_STAR_GLOB_STRING:
809 case REG_DOUBLE:
810 printk(KERN_WARNING "LTTng: bytecode: Unary bitwise op can only be applied to numeric registers\n");
811 ret = -EINVAL;
812 goto end;
813 case REG_S64:
814 case REG_U64:
815 case REG_TYPE_UNKNOWN:
816 break;
817 }
818 break;
819 }
820
821 case BYTECODE_OP_UNARY_PLUS_S64:
822 case BYTECODE_OP_UNARY_MINUS_S64:
823 case BYTECODE_OP_UNARY_NOT_S64:
824 {
825 if (!vstack_ax(stack)) {
826 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
827 ret = -EINVAL;
828 goto end;
829 }
830 if (vstack_ax(stack)->type != REG_S64 &&
831 vstack_ax(stack)->type != REG_U64) {
832 printk(KERN_WARNING "LTTng: bytecode: Invalid register type\n");
833 ret = -EINVAL;
834 goto end;
835 }
836 break;
837 }
838
839 /* logical */
840 case BYTECODE_OP_AND:
841 case BYTECODE_OP_OR:
842 {
843 struct logical_op *insn = (struct logical_op *) pc;
844
845 if (!vstack_ax(stack)) {
846 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
847 ret = -EINVAL;
848 goto end;
849 }
850 if (vstack_ax(stack)->type != REG_S64 &&
851 vstack_ax(stack)->type != REG_U64) {
852 printk(KERN_WARNING "LTTng: bytecode: Logical comparator expects S64 register\n");
853 ret = -EINVAL;
854 goto end;
855 }
856
857 dbg_printk("Validate jumping to bytecode offset %u\n",
858 (unsigned int) insn->skip_offset);
859 if (unlikely(start_pc + insn->skip_offset <= pc)) {
860 printk(KERN_WARNING "LTTng: bytecode: Loops are not allowed in bytecode\n");
861 ret = -EINVAL;
862 goto end;
863 }
864 break;
865 }
866
867 /* load field ref */
868 case BYTECODE_OP_LOAD_FIELD_REF:
869 {
870 printk(KERN_WARNING "LTTng: bytecode: Unknown field ref type\n");
871 ret = -EINVAL;
872 goto end;
873 }
874 case BYTECODE_OP_LOAD_FIELD_REF_STRING:
875 case BYTECODE_OP_LOAD_FIELD_REF_SEQUENCE:
876 case BYTECODE_OP_LOAD_FIELD_REF_USER_STRING:
877 case BYTECODE_OP_LOAD_FIELD_REF_USER_SEQUENCE:
878 {
879 struct load_op *insn = (struct load_op *) pc;
880 struct field_ref *ref = (struct field_ref *) insn->data;
881
882 dbg_printk("Validate load field ref offset %u type string\n",
883 ref->offset);
884 break;
885 }
886 case BYTECODE_OP_LOAD_FIELD_REF_S64:
887 {
888 struct load_op *insn = (struct load_op *) pc;
889 struct field_ref *ref = (struct field_ref *) insn->data;
890
891 dbg_printk("Validate load field ref offset %u type s64\n",
892 ref->offset);
893 break;
894 }
895
896 /* load from immediate operand */
897 case BYTECODE_OP_LOAD_STRING:
898 case BYTECODE_OP_LOAD_STAR_GLOB_STRING:
899 {
900 break;
901 }
902
903 case BYTECODE_OP_LOAD_S64:
904 {
905 break;
906 }
907
908 case BYTECODE_OP_CAST_TO_S64:
909 {
910 struct cast_op *insn = (struct cast_op *) pc;
911
912 if (!vstack_ax(stack)) {
913 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
914 ret = -EINVAL;
915 goto end;
916 }
917 switch (vstack_ax(stack)->type) {
918 default:
919 case REG_DOUBLE:
920 printk(KERN_WARNING "LTTng: bytecode: unknown register type\n");
921 ret = -EINVAL;
922 goto end;
923
924 case REG_STRING:
925 case REG_STAR_GLOB_STRING:
926 printk(KERN_WARNING "LTTng: bytecode: Cast op can only be applied to numeric or floating point registers\n");
927 ret = -EINVAL;
928 goto end;
929 case REG_S64:
930 break;
931 }
932 if (insn->op == BYTECODE_OP_CAST_DOUBLE_TO_S64) {
933 if (vstack_ax(stack)->type != REG_DOUBLE) {
934 printk(KERN_WARNING "LTTng: bytecode: Cast expects double\n");
935 ret = -EINVAL;
936 goto end;
937 }
938 }
939 break;
940 }
941 case BYTECODE_OP_CAST_NOP:
942 {
943 break;
944 }
945
946 /* get context ref */
947 case BYTECODE_OP_GET_CONTEXT_REF:
948 {
949 printk(KERN_WARNING "LTTng: bytecode: Unknown get context ref type\n");
950 ret = -EINVAL;
951 goto end;
952 }
953 case BYTECODE_OP_GET_CONTEXT_REF_STRING:
954 {
955 struct load_op *insn = (struct load_op *) pc;
956 struct field_ref *ref = (struct field_ref *) insn->data;
957
958 dbg_printk("Validate get context ref offset %u type string\n",
959 ref->offset);
960 break;
961 }
962 case BYTECODE_OP_GET_CONTEXT_REF_S64:
963 {
964 struct load_op *insn = (struct load_op *) pc;
965 struct field_ref *ref = (struct field_ref *) insn->data;
966
967 dbg_printk("Validate get context ref offset %u type s64\n",
968 ref->offset);
969 break;
970 }
971
972 /*
973 * Instructions for recursive traversal through composed types.
974 */
975 case BYTECODE_OP_GET_CONTEXT_ROOT:
976 {
977 dbg_printk("Validate get context root\n");
978 break;
979 }
980 case BYTECODE_OP_GET_APP_CONTEXT_ROOT:
981 {
982 dbg_printk("Validate get app context root\n");
983 break;
984 }
985 case BYTECODE_OP_GET_PAYLOAD_ROOT:
986 {
987 dbg_printk("Validate get payload root\n");
988 break;
989 }
990 case BYTECODE_OP_LOAD_FIELD:
991 {
992 /*
993 * We tolerate that field type is unknown at validation,
994 * because we are performing the load specialization in
995 * a phase after validation.
996 */
997 dbg_printk("Validate load field\n");
998 break;
999 }
1000
1001 /*
1002 * Disallow already specialized bytecode op load field instructions to
1003 * ensure that the received bytecode does not:
1004 *
1005 * - Read user-space memory without proper get_user accessors,
1006 * - Read a memory area larger than the memory targeted by the instrumentation.
1007 */
1008 case BYTECODE_OP_LOAD_FIELD_S8:
1009 case BYTECODE_OP_LOAD_FIELD_S16:
1010 case BYTECODE_OP_LOAD_FIELD_S32:
1011 case BYTECODE_OP_LOAD_FIELD_S64:
1012 case BYTECODE_OP_LOAD_FIELD_U8:
1013 case BYTECODE_OP_LOAD_FIELD_U16:
1014 case BYTECODE_OP_LOAD_FIELD_U32:
1015 case BYTECODE_OP_LOAD_FIELD_U64:
1016 case BYTECODE_OP_LOAD_FIELD_STRING:
1017 case BYTECODE_OP_LOAD_FIELD_SEQUENCE:
1018 case BYTECODE_OP_LOAD_FIELD_DOUBLE:
1019 {
1020 dbg_printk("Validate load field, reject specialized load instruction (%d)\n",
1021 (int) opcode);
1022 ret = -EINVAL;
1023 goto end;
1024 }
1025
1026 case BYTECODE_OP_GET_SYMBOL:
1027 {
1028 struct load_op *insn = (struct load_op *) pc;
1029 struct get_symbol *sym = (struct get_symbol *) insn->data;
1030
1031 dbg_printk("Validate get symbol offset %u\n", sym->offset);
1032 break;
1033 }
1034
1035 case BYTECODE_OP_GET_SYMBOL_FIELD:
1036 {
1037 struct load_op *insn = (struct load_op *) pc;
1038 struct get_symbol *sym = (struct get_symbol *) insn->data;
1039
1040 dbg_printk("Validate get symbol field offset %u\n", sym->offset);
1041 break;
1042 }
1043
1044 case BYTECODE_OP_GET_INDEX_U16:
1045 {
1046 struct load_op *insn = (struct load_op *) pc;
1047 struct get_index_u16 *get_index = (struct get_index_u16 *) insn->data;
1048
1049 dbg_printk("Validate get index u16 index %u\n", get_index->index);
1050 break;
1051 }
1052
1053 case BYTECODE_OP_GET_INDEX_U64:
1054 {
1055 struct load_op *insn = (struct load_op *) pc;
1056 struct get_index_u64 *get_index = (struct get_index_u64 *) insn->data;
1057
1058 dbg_printk("Validate get index u64 index %llu\n",
1059 (unsigned long long) get_index->index);
1060 break;
1061 }
1062 }
1063 end:
1064 return ret;
1065 }
1066
1067 /*
1068 * Return value:
1069 * 0: success
1070 * <0: error
1071 */
1072 static
1073 int validate_instruction_all_contexts(struct bytecode_runtime *bytecode,
1074 struct mp_table *mp_table,
1075 struct vstack *stack,
1076 char *start_pc,
1077 char *pc)
1078 {
1079 int ret, found = 0;
1080 unsigned long target_pc = pc - start_pc;
1081 unsigned long hash;
1082 struct hlist_head *head;
1083 struct mp_node *mp_node;
1084
1085 /* Validate the context resulting from the previous instruction */
1086 ret = validate_instruction_context(bytecode, stack, start_pc, pc);
1087 if (ret < 0)
1088 return ret;
1089
1090 /* Validate merge points */
1091 hash = jhash_1word(target_pc, 0);
1092 head = &mp_table->mp_head[hash & (MERGE_POINT_TABLE_SIZE - 1)];
1093 lttng_hlist_for_each_entry(mp_node, head, node) {
1094 if (lttng_hash_match(mp_node, target_pc)) {
1095 found = 1;
1096 break;
1097 }
1098 }
1099 if (found) {
1100 dbg_printk("Bytecode: validate merge point at offset %lu\n",
1101 target_pc);
1102 if (merge_points_compare(stack, &mp_node->stack)) {
1103 printk(KERN_WARNING "LTTng: bytecode: Merge points differ for offset %lu\n",
1104 target_pc);
1105 return -EINVAL;
1106 }
1107 /* Once validated, we can remove the merge point */
1108 dbg_printk("Bytecode: remove merge point at offset %lu\n",
1109 target_pc);
1110 hlist_del(&mp_node->node);
1111 }
1112 return 0;
1113 }
1114
1115 /*
1116 * Return value:
1117 * >0: going to next insn.
1118 * 0: success, stop iteration.
1119 * <0: error
1120 */
1121 static
1122 int exec_insn(struct bytecode_runtime *bytecode,
1123 struct mp_table *mp_table,
1124 struct vstack *stack,
1125 char **_next_pc,
1126 char *pc)
1127 {
1128 int ret = 1;
1129 char *next_pc = *_next_pc;
1130
1131 switch (*(bytecode_opcode_t *) pc) {
1132 case BYTECODE_OP_UNKNOWN:
1133 default:
1134 {
1135 printk(KERN_WARNING "LTTng: bytecode: unknown bytecode op %u\n",
1136 (unsigned int) *(bytecode_opcode_t *) pc);
1137 ret = -EINVAL;
1138 goto end;
1139 }
1140
1141 case BYTECODE_OP_RETURN:
1142 {
1143 if (!vstack_ax(stack)) {
1144 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
1145 ret = -EINVAL;
1146 goto end;
1147 }
1148 switch (vstack_ax(stack)->type) {
1149 case REG_S64:
1150 case REG_U64:
1151 case REG_DOUBLE:
1152 case REG_STRING:
1153 case REG_PTR:
1154 case REG_TYPE_UNKNOWN:
1155 break;
1156 default:
1157 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type %d at end of bytecode\n",
1158 (int) vstack_ax(stack)->type);
1159 ret = -EINVAL;
1160 goto end;
1161 }
1162
1163 ret = 0;
1164 goto end;
1165 }
1166
1167 case BYTECODE_OP_RETURN_S64:
1168 {
1169 if (!vstack_ax(stack)) {
1170 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
1171 ret = -EINVAL;
1172 goto end;
1173 }
1174 switch (vstack_ax(stack)->type) {
1175 case REG_S64:
1176 case REG_U64:
1177 break;
1178 default:
1179 case REG_TYPE_UNKNOWN:
1180 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type %d at end of bytecode\n",
1181 (int) vstack_ax(stack)->type);
1182 ret = -EINVAL;
1183 goto end;
1184 }
1185
1186 ret = 0;
1187 goto end;
1188 }
1189
1190 /* binary */
1191 case BYTECODE_OP_MUL:
1192 case BYTECODE_OP_DIV:
1193 case BYTECODE_OP_MOD:
1194 case BYTECODE_OP_PLUS:
1195 case BYTECODE_OP_MINUS:
1196 /* Floating point */
1197 case BYTECODE_OP_EQ_DOUBLE:
1198 case BYTECODE_OP_NE_DOUBLE:
1199 case BYTECODE_OP_GT_DOUBLE:
1200 case BYTECODE_OP_LT_DOUBLE:
1201 case BYTECODE_OP_GE_DOUBLE:
1202 case BYTECODE_OP_LE_DOUBLE:
1203 case BYTECODE_OP_EQ_DOUBLE_S64:
1204 case BYTECODE_OP_NE_DOUBLE_S64:
1205 case BYTECODE_OP_GT_DOUBLE_S64:
1206 case BYTECODE_OP_LT_DOUBLE_S64:
1207 case BYTECODE_OP_GE_DOUBLE_S64:
1208 case BYTECODE_OP_LE_DOUBLE_S64:
1209 case BYTECODE_OP_EQ_S64_DOUBLE:
1210 case BYTECODE_OP_NE_S64_DOUBLE:
1211 case BYTECODE_OP_GT_S64_DOUBLE:
1212 case BYTECODE_OP_LT_S64_DOUBLE:
1213 case BYTECODE_OP_GE_S64_DOUBLE:
1214 case BYTECODE_OP_LE_S64_DOUBLE:
1215 case BYTECODE_OP_UNARY_PLUS_DOUBLE:
1216 case BYTECODE_OP_UNARY_MINUS_DOUBLE:
1217 case BYTECODE_OP_UNARY_NOT_DOUBLE:
1218 case BYTECODE_OP_LOAD_FIELD_REF_DOUBLE:
1219 case BYTECODE_OP_GET_CONTEXT_REF_DOUBLE:
1220 case BYTECODE_OP_LOAD_DOUBLE:
1221 case BYTECODE_OP_CAST_DOUBLE_TO_S64:
1222 {
1223 printk(KERN_WARNING "LTTng: bytecode: unsupported bytecode op %u\n",
1224 (unsigned int) *(bytecode_opcode_t *) pc);
1225 ret = -EINVAL;
1226 goto end;
1227 }
1228
1229 case BYTECODE_OP_EQ:
1230 case BYTECODE_OP_NE:
1231 case BYTECODE_OP_GT:
1232 case BYTECODE_OP_LT:
1233 case BYTECODE_OP_GE:
1234 case BYTECODE_OP_LE:
1235 case BYTECODE_OP_EQ_STRING:
1236 case BYTECODE_OP_NE_STRING:
1237 case BYTECODE_OP_GT_STRING:
1238 case BYTECODE_OP_LT_STRING:
1239 case BYTECODE_OP_GE_STRING:
1240 case BYTECODE_OP_LE_STRING:
1241 case BYTECODE_OP_EQ_STAR_GLOB_STRING:
1242 case BYTECODE_OP_NE_STAR_GLOB_STRING:
1243 case BYTECODE_OP_EQ_S64:
1244 case BYTECODE_OP_NE_S64:
1245 case BYTECODE_OP_GT_S64:
1246 case BYTECODE_OP_LT_S64:
1247 case BYTECODE_OP_GE_S64:
1248 case BYTECODE_OP_LE_S64:
1249 {
1250 /* Pop 2, push 1 */
1251 if (vstack_pop(stack)) {
1252 ret = -EINVAL;
1253 goto end;
1254 }
1255 if (!vstack_ax(stack)) {
1256 printk(KERN_WARNING "Empty stack\n");
1257 ret = -EINVAL;
1258 goto end;
1259 }
1260 switch (vstack_ax(stack)->type) {
1261 case REG_S64:
1262 case REG_U64:
1263 case REG_DOUBLE:
1264 case REG_STRING:
1265 case REG_STAR_GLOB_STRING:
1266 case REG_TYPE_UNKNOWN:
1267 break;
1268 default:
1269 printk(KERN_WARNING "Unexpected register type %d for operation\n",
1270 (int) vstack_ax(stack)->type);
1271 ret = -EINVAL;
1272 goto end;
1273 }
1274
1275 vstack_ax(stack)->type = REG_S64;
1276 next_pc += sizeof(struct binary_op);
1277 break;
1278 }
1279 case BYTECODE_OP_BIT_RSHIFT:
1280 case BYTECODE_OP_BIT_LSHIFT:
1281 case BYTECODE_OP_BIT_AND:
1282 case BYTECODE_OP_BIT_OR:
1283 case BYTECODE_OP_BIT_XOR:
1284 {
1285 /* Pop 2, push 1 */
1286 if (vstack_pop(stack)) {
1287 ret = -EINVAL;
1288 goto end;
1289 }
1290 if (!vstack_ax(stack)) {
1291 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
1292 ret = -EINVAL;
1293 goto end;
1294 }
1295 switch (vstack_ax(stack)->type) {
1296 case REG_S64:
1297 case REG_U64:
1298 case REG_DOUBLE:
1299 case REG_STRING:
1300 case REG_STAR_GLOB_STRING:
1301 case REG_TYPE_UNKNOWN:
1302 break;
1303 default:
1304 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type %d for operation\n",
1305 (int) vstack_ax(stack)->type);
1306 ret = -EINVAL;
1307 goto end;
1308 }
1309
1310 vstack_ax(stack)->type = REG_U64;
1311 next_pc += sizeof(struct binary_op);
1312 break;
1313 }
1314
1315 /* unary */
1316 case BYTECODE_OP_UNARY_PLUS:
1317 case BYTECODE_OP_UNARY_MINUS:
1318 {
1319 /* Pop 1, push 1 */
1320 if (!vstack_ax(stack)) {
1321 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1322 ret = -EINVAL;
1323 goto end;
1324 }
1325 switch (vstack_ax(stack)->type) {
1326 case REG_S64:
1327 case REG_U64:
1328 case REG_TYPE_UNKNOWN:
1329 break;
1330 default:
1331 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type %d for operation\n",
1332 (int) vstack_ax(stack)->type);
1333 ret = -EINVAL;
1334 goto end;
1335 }
1336
1337 vstack_ax(stack)->type = REG_TYPE_UNKNOWN;
1338 next_pc += sizeof(struct unary_op);
1339 break;
1340 }
1341
1342 case BYTECODE_OP_UNARY_PLUS_S64:
1343 case BYTECODE_OP_UNARY_MINUS_S64:
1344 case BYTECODE_OP_UNARY_NOT_S64:
1345 {
1346 /* Pop 1, push 1 */
1347 if (!vstack_ax(stack)) {
1348 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1349 ret = -EINVAL;
1350 goto end;
1351 }
1352 switch (vstack_ax(stack)->type) {
1353 case REG_S64:
1354 case REG_U64:
1355 break;
1356 default:
1357 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type %d for operation\n",
1358 (int) vstack_ax(stack)->type);
1359 ret = -EINVAL;
1360 goto end;
1361 }
1362
1363 next_pc += sizeof(struct unary_op);
1364 break;
1365 }
1366
1367 case BYTECODE_OP_UNARY_NOT:
1368 {
1369 /* Pop 1, push 1 */
1370 if (!vstack_ax(stack)) {
1371 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1372 ret = -EINVAL;
1373 goto end;
1374 }
1375 switch (vstack_ax(stack)->type) {
1376 case REG_S64:
1377 case REG_U64:
1378 case REG_TYPE_UNKNOWN:
1379 break;
1380 default:
1381 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type %d for operation\n",
1382 (int) vstack_ax(stack)->type);
1383 ret = -EINVAL;
1384 goto end;
1385 }
1386
1387 next_pc += sizeof(struct unary_op);
1388 break;
1389 }
1390
1391 case BYTECODE_OP_UNARY_BIT_NOT:
1392 {
1393 /* Pop 1, push 1 */
1394 if (!vstack_ax(stack)) {
1395 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
1396 ret = -EINVAL;
1397 goto end;
1398 }
1399 switch (vstack_ax(stack)->type) {
1400 case REG_S64:
1401 case REG_U64:
1402 case REG_TYPE_UNKNOWN:
1403 break;
1404 case REG_DOUBLE:
1405 default:
1406 printk(KERN_WARNING "LTTng: bytecode: Unexpected register type %d for operation\n",
1407 (int) vstack_ax(stack)->type);
1408 ret = -EINVAL;
1409 goto end;
1410 }
1411
1412 vstack_ax(stack)->type = REG_U64;
1413 next_pc += sizeof(struct unary_op);
1414 break;
1415 }
1416
1417 /* logical */
1418 case BYTECODE_OP_AND:
1419 case BYTECODE_OP_OR:
1420 {
1421 struct logical_op *insn = (struct logical_op *) pc;
1422 int merge_ret;
1423
1424 /* Add merge point to table */
1425 merge_ret = merge_point_add_check(mp_table,
1426 insn->skip_offset, stack);
1427 if (merge_ret) {
1428 ret = merge_ret;
1429 goto end;
1430 }
1431
1432 if (!vstack_ax(stack)) {
1433 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1434 ret = -EINVAL;
1435 goto end;
1436 }
1437 /* There is always a cast-to-s64 operation before a or/and op. */
1438 switch (vstack_ax(stack)->type) {
1439 case REG_S64:
1440 case REG_U64:
1441 break;
1442 default:
1443 printk(KERN_WARNING "LTTng: bytecode: Incorrect register type %d for operation\n",
1444 (int) vstack_ax(stack)->type);
1445 ret = -EINVAL;
1446 goto end;
1447 }
1448
1449 /* Continue to next instruction */
1450 /* Pop 1 when jump not taken */
1451 if (vstack_pop(stack)) {
1452 ret = -EINVAL;
1453 goto end;
1454 }
1455 next_pc += sizeof(struct logical_op);
1456 break;
1457 }
1458
1459 /* load field ref */
1460 case BYTECODE_OP_LOAD_FIELD_REF:
1461 {
1462 printk(KERN_WARNING "LTTng: bytecode: Unknown field ref type\n");
1463 ret = -EINVAL;
1464 goto end;
1465 }
1466 /* get context ref */
1467 case BYTECODE_OP_GET_CONTEXT_REF:
1468 {
1469 printk(KERN_WARNING "LTTng: bytecode: Unknown get context ref type\n");
1470 ret = -EINVAL;
1471 goto end;
1472 }
1473 case BYTECODE_OP_LOAD_FIELD_REF_STRING:
1474 case BYTECODE_OP_LOAD_FIELD_REF_SEQUENCE:
1475 case BYTECODE_OP_GET_CONTEXT_REF_STRING:
1476 case BYTECODE_OP_LOAD_FIELD_REF_USER_STRING:
1477 case BYTECODE_OP_LOAD_FIELD_REF_USER_SEQUENCE:
1478 {
1479 if (vstack_push(stack)) {
1480 ret = -EINVAL;
1481 goto end;
1482 }
1483 vstack_ax(stack)->type = REG_STRING;
1484 next_pc += sizeof(struct load_op) + sizeof(struct field_ref);
1485 break;
1486 }
1487 case BYTECODE_OP_LOAD_FIELD_REF_S64:
1488 case BYTECODE_OP_GET_CONTEXT_REF_S64:
1489 {
1490 if (vstack_push(stack)) {
1491 ret = -EINVAL;
1492 goto end;
1493 }
1494 vstack_ax(stack)->type = REG_S64;
1495 next_pc += sizeof(struct load_op) + sizeof(struct field_ref);
1496 break;
1497 }
1498
1499 /* load from immediate operand */
1500 case BYTECODE_OP_LOAD_STRING:
1501 {
1502 struct load_op *insn = (struct load_op *) pc;
1503
1504 if (vstack_push(stack)) {
1505 ret = -EINVAL;
1506 goto end;
1507 }
1508 vstack_ax(stack)->type = REG_STRING;
1509 next_pc += sizeof(struct load_op) + strlen(insn->data) + 1;
1510 break;
1511 }
1512
1513 case BYTECODE_OP_LOAD_STAR_GLOB_STRING:
1514 {
1515 struct load_op *insn = (struct load_op *) pc;
1516
1517 if (vstack_push(stack)) {
1518 ret = -EINVAL;
1519 goto end;
1520 }
1521 vstack_ax(stack)->type = REG_STAR_GLOB_STRING;
1522 next_pc += sizeof(struct load_op) + strlen(insn->data) + 1;
1523 break;
1524 }
1525
1526 case BYTECODE_OP_LOAD_S64:
1527 {
1528 if (vstack_push(stack)) {
1529 ret = -EINVAL;
1530 goto end;
1531 }
1532 vstack_ax(stack)->type = REG_S64;
1533 next_pc += sizeof(struct load_op)
1534 + sizeof(struct literal_numeric);
1535 break;
1536 }
1537
1538 case BYTECODE_OP_CAST_TO_S64:
1539 {
1540 /* Pop 1, push 1 */
1541 if (!vstack_ax(stack)) {
1542 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n");
1543 ret = -EINVAL;
1544 goto end;
1545 }
1546 switch (vstack_ax(stack)->type) {
1547 case REG_S64:
1548 case REG_U64:
1549 case REG_DOUBLE:
1550 case REG_TYPE_UNKNOWN:
1551 break;
1552 default:
1553 printk(KERN_WARNING "LTTng: bytecode: Incorrect register type %d for cast\n",
1554 (int) vstack_ax(stack)->type);
1555 ret = -EINVAL;
1556 goto end;
1557 }
1558 vstack_ax(stack)->type = REG_S64;
1559 next_pc += sizeof(struct cast_op);
1560 break;
1561 }
1562 case BYTECODE_OP_CAST_NOP:
1563 {
1564 next_pc += sizeof(struct cast_op);
1565 break;
1566 }
1567
1568 /*
1569 * Instructions for recursive traversal through composed types.
1570 */
1571 case BYTECODE_OP_GET_CONTEXT_ROOT:
1572 case BYTECODE_OP_GET_APP_CONTEXT_ROOT:
1573 case BYTECODE_OP_GET_PAYLOAD_ROOT:
1574 {
1575 if (vstack_push(stack)) {
1576 ret = -EINVAL;
1577 goto end;
1578 }
1579 vstack_ax(stack)->type = REG_PTR;
1580 next_pc += sizeof(struct load_op);
1581 break;
1582 }
1583
1584 case BYTECODE_OP_LOAD_FIELD:
1585 {
1586 /* Pop 1, push 1 */
1587 if (!vstack_ax(stack)) {
1588 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1589 ret = -EINVAL;
1590 goto end;
1591 }
1592 if (vstack_ax(stack)->type != REG_PTR) {
1593 printk(KERN_WARNING "LTTng: bytecode: Expecting pointer on top of stack\n\n");
1594 ret = -EINVAL;
1595 goto end;
1596 }
1597 vstack_ax(stack)->type = REG_TYPE_UNKNOWN;
1598 next_pc += sizeof(struct load_op);
1599 break;
1600 }
1601
1602 case BYTECODE_OP_LOAD_FIELD_S8:
1603 case BYTECODE_OP_LOAD_FIELD_S16:
1604 case BYTECODE_OP_LOAD_FIELD_S32:
1605 case BYTECODE_OP_LOAD_FIELD_S64:
1606 {
1607 /* Pop 1, push 1 */
1608 if (!vstack_ax(stack)) {
1609 printk(KERN_WARNING "Empty stack\n\n");
1610 ret = -EINVAL;
1611 goto end;
1612 }
1613 if (vstack_ax(stack)->type != REG_PTR) {
1614 printk(KERN_WARNING "Expecting pointer on top of stack\n\n");
1615 ret = -EINVAL;
1616 goto end;
1617 }
1618 vstack_ax(stack)->type = REG_S64;
1619 next_pc += sizeof(struct load_op);
1620 break;
1621 }
1622 case BYTECODE_OP_LOAD_FIELD_U8:
1623 case BYTECODE_OP_LOAD_FIELD_U16:
1624 case BYTECODE_OP_LOAD_FIELD_U32:
1625 case BYTECODE_OP_LOAD_FIELD_U64:
1626 {
1627 /* Pop 1, push 1 */
1628 if (!vstack_ax(stack)) {
1629 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1630 ret = -EINVAL;
1631 goto end;
1632 }
1633 if (vstack_ax(stack)->type != REG_PTR) {
1634 printk(KERN_WARNING "LTTng: bytecode: Expecting pointer on top of stack\n\n");
1635 ret = -EINVAL;
1636 goto end;
1637 }
1638 vstack_ax(stack)->type = REG_U64;
1639 next_pc += sizeof(struct load_op);
1640 break;
1641 }
1642 case BYTECODE_OP_LOAD_FIELD_STRING:
1643 case BYTECODE_OP_LOAD_FIELD_SEQUENCE:
1644 {
1645 /* Pop 1, push 1 */
1646 if (!vstack_ax(stack)) {
1647 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1648 ret = -EINVAL;
1649 goto end;
1650 }
1651 if (vstack_ax(stack)->type != REG_PTR) {
1652 printk(KERN_WARNING "LTTng: bytecode: Expecting pointer on top of stack\n\n");
1653 ret = -EINVAL;
1654 goto end;
1655 }
1656 vstack_ax(stack)->type = REG_STRING;
1657 next_pc += sizeof(struct load_op);
1658 break;
1659 }
1660
1661 case BYTECODE_OP_LOAD_FIELD_DOUBLE:
1662 {
1663 /* Pop 1, push 1 */
1664 if (!vstack_ax(stack)) {
1665 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1666 ret = -EINVAL;
1667 goto end;
1668 }
1669 if (vstack_ax(stack)->type != REG_PTR) {
1670 printk(KERN_WARNING "LTTng: bytecode: Expecting pointer on top of stack\n\n");
1671 ret = -EINVAL;
1672 goto end;
1673 }
1674 vstack_ax(stack)->type = REG_DOUBLE;
1675 next_pc += sizeof(struct load_op);
1676 break;
1677 }
1678
1679 case BYTECODE_OP_GET_SYMBOL:
1680 case BYTECODE_OP_GET_SYMBOL_FIELD:
1681 {
1682 /* Pop 1, push 1 */
1683 if (!vstack_ax(stack)) {
1684 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1685 ret = -EINVAL;
1686 goto end;
1687 }
1688 if (vstack_ax(stack)->type != REG_PTR) {
1689 printk(KERN_WARNING "LTTng: bytecode: Expecting pointer on top of stack\n\n");
1690 ret = -EINVAL;
1691 goto end;
1692 }
1693 next_pc += sizeof(struct load_op) + sizeof(struct get_symbol);
1694 break;
1695 }
1696
1697 case BYTECODE_OP_GET_INDEX_U16:
1698 {
1699 /* Pop 1, push 1 */
1700 if (!vstack_ax(stack)) {
1701 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1702 ret = -EINVAL;
1703 goto end;
1704 }
1705 if (vstack_ax(stack)->type != REG_PTR) {
1706 printk(KERN_WARNING "LTTng: bytecode: Expecting pointer on top of stack\n\n");
1707 ret = -EINVAL;
1708 goto end;
1709 }
1710 next_pc += sizeof(struct load_op) + sizeof(struct get_index_u16);
1711 break;
1712 }
1713
1714 case BYTECODE_OP_GET_INDEX_U64:
1715 {
1716 /* Pop 1, push 1 */
1717 if (!vstack_ax(stack)) {
1718 printk(KERN_WARNING "LTTng: bytecode: Empty stack\n\n");
1719 ret = -EINVAL;
1720 goto end;
1721 }
1722 if (vstack_ax(stack)->type != REG_PTR) {
1723 printk(KERN_WARNING "LTTng: bytecode: Expecting pointer on top of stack\n\n");
1724 ret = -EINVAL;
1725 goto end;
1726 }
1727 next_pc += sizeof(struct load_op) + sizeof(struct get_index_u64);
1728 break;
1729 }
1730
1731 }
1732 end:
1733 *_next_pc = next_pc;
1734 return ret;
1735 }
1736
1737 /*
1738 * Never called concurrently (hash seed is shared).
1739 */
1740 int lttng_bytecode_validate(struct bytecode_runtime *bytecode)
1741 {
1742 struct mp_table *mp_table;
1743 char *pc, *next_pc, *start_pc;
1744 int ret = -EINVAL;
1745 struct vstack stack;
1746
1747 vstack_init(&stack);
1748
1749 mp_table = kzalloc(sizeof(*mp_table), GFP_KERNEL);
1750 if (!mp_table) {
1751 printk(KERN_WARNING "LTTng: bytecode: Error allocating hash table for bytecode validation\n");
1752 return -ENOMEM;
1753 }
1754 start_pc = &bytecode->code[0];
1755 for (pc = next_pc = start_pc; pc - start_pc < bytecode->len;
1756 pc = next_pc) {
1757 ret = bytecode_validate_overflow(bytecode, start_pc, pc);
1758 if (ret != 0) {
1759 if (ret == -ERANGE)
1760 printk(KERN_WARNING "LTTng: bytecode: bytecode overflow\n");
1761 goto end;
1762 }
1763 dbg_printk("Validating op %s (%u)\n",
1764 lttng_bytecode_print_op((unsigned int) *(bytecode_opcode_t *) pc),
1765 (unsigned int) *(bytecode_opcode_t *) pc);
1766
1767 /*
1768 * For each instruction, validate the current context
1769 * (traversal of entire execution flow), and validate
1770 * all merge points targeting this instruction.
1771 */
1772 ret = validate_instruction_all_contexts(bytecode, mp_table,
1773 &stack, start_pc, pc);
1774 if (ret)
1775 goto end;
1776 ret = exec_insn(bytecode, mp_table, &stack, &next_pc, pc);
1777 if (ret <= 0)
1778 goto end;
1779 }
1780 end:
1781 if (delete_all_nodes(mp_table)) {
1782 if (!ret) {
1783 printk(KERN_WARNING "LTTng: bytecode: Unexpected merge points\n");
1784 ret = -EINVAL;
1785 }
1786 }
1787 kfree(mp_table);
1788 return ret;
1789 }
LTTng 2.0/0.x modules
This page took 0.0673319999999999 seconds and 5 git commands to generate.