Commit | Line | Data |
---|---|---|
97b58163 MD |
1 | /* |
2 | * lttng-filter-validator.c | |
3 | * | |
4 | * LTTng UST filter bytecode validator. | |
5 | * | |
7e50015d | 6 | * Copyright (C) 2010-2016 Mathieu Desnoyers <mathieu.desnoyers@efficios.com> |
97b58163 | 7 | * |
7e50015d MD |
8 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
9 | * of this software and associated documentation files (the "Software"), to deal | |
10 | * in the Software without restriction, including without limitation the rights | |
11 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
12 | * copies of the Software, and to permit persons to whom the Software is | |
13 | * furnished to do so, subject to the following conditions: | |
97b58163 | 14 | * |
7e50015d MD |
15 | * The above copyright notice and this permission notice shall be included in |
16 | * all copies or substantial portions of the Software. | |
97b58163 | 17 | * |
7e50015d MD |
18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
19 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
20 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
21 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
22 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
23 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
24 | * SOFTWARE. | |
97b58163 MD |
25 | */ |
26 | ||
bf956ec0 | 27 | #define _LGPL_SOURCE |
b4051ad8 | 28 | #include <stddef.h> |
fb31eb73 | 29 | #include <stdint.h> |
bf956ec0 | 30 | #include <time.h> |
97b58163 | 31 | |
fb31eb73 | 32 | #include <urcu-bp.h> |
bf956ec0 | 33 | #include <urcu/rculfhash.h> |
fb31eb73 FD |
34 | |
35 | #include "lttng-filter.h" | |
bf956ec0 | 36 | #include "lttng-hash-helper.h" |
3151a51d | 37 | #include "string-utils.h" |
bf956ec0 | 38 | |
0305960f MD |
39 | /* |
40 | * Number of merge points for hash table size. Hash table initialized to | |
41 | * that size, and we do not resize, because we do not want to trigger | |
42 | * RCU worker thread execution: fall-back on linear traversal if number | |
43 | * of merge points exceeds this value. | |
44 | */ | |
45 | #define DEFAULT_NR_MERGE_POINTS 128 | |
46 | #define MIN_NR_BUCKETS 128 | |
47 | #define MAX_NR_BUCKETS 128 | |
48 | ||
bf956ec0 MD |
49 | /* merge point table node */ |
50 | struct lfht_mp_node { | |
51 | struct cds_lfht_node node; | |
52 | ||
53 | /* Context at merge point */ | |
0305960f | 54 | struct vstack stack; |
bf956ec0 MD |
55 | unsigned long target_pc; |
56 | }; | |
57 | ||
58 | static unsigned long lttng_hash_seed; | |
59 | static unsigned int lttng_hash_seed_ready; | |
60 | ||
61 | static | |
62 | int lttng_hash_match(struct cds_lfht_node *node, const void *key) | |
63 | { | |
64 | struct lfht_mp_node *mp_node = | |
65 | caa_container_of(node, struct lfht_mp_node, node); | |
66 | unsigned long key_pc = (unsigned long) key; | |
67 | ||
68 | if (mp_node->target_pc == key_pc) | |
69 | return 1; | |
70 | else | |
71 | return 0; | |
72 | } | |
73 | ||
74 | static | |
71c1ceeb MD |
75 | int merge_points_compare(const struct vstack *stacka, |
76 | const struct vstack *stackb) | |
77 | { | |
78 | int i, len; | |
79 | ||
80 | if (stacka->top != stackb->top) | |
81 | return 1; | |
82 | len = stacka->top + 1; | |
83 | assert(len >= 0); | |
84 | for (i = 0; i < len; i++) { | |
53569322 MD |
85 | if (stacka->e[i].type != REG_UNKNOWN |
86 | && stackb->e[i].type != REG_UNKNOWN | |
87 | && stacka->e[i].type != stackb->e[i].type) | |
71c1ceeb MD |
88 | return 1; |
89 | } | |
90 | return 0; | |
91 | } | |
92 | ||
93 | static | |
94 | int merge_point_add_check(struct cds_lfht *ht, unsigned long target_pc, | |
0305960f | 95 | const struct vstack *stack) |
bf956ec0 MD |
96 | { |
97 | struct lfht_mp_node *node; | |
22389ecb | 98 | unsigned long hash = lttng_hash_mix((const char *) target_pc, |
bf956ec0 MD |
99 | sizeof(target_pc), |
100 | lttng_hash_seed); | |
71c1ceeb | 101 | struct cds_lfht_node *ret; |
bf956ec0 MD |
102 | |
103 | dbg_printf("Filter: adding merge point at offset %lu, hash %lu\n", | |
104 | target_pc, hash); | |
105 | node = zmalloc(sizeof(struct lfht_mp_node)); | |
106 | if (!node) | |
107 | return -ENOMEM; | |
108 | node->target_pc = target_pc; | |
0305960f | 109 | memcpy(&node->stack, stack, sizeof(node->stack)); |
71c1ceeb | 110 | ret = cds_lfht_add_unique(ht, hash, lttng_hash_match, |
22389ecb | 111 | (const char *) target_pc, &node->node); |
71c1ceeb MD |
112 | if (ret != &node->node) { |
113 | struct lfht_mp_node *ret_mp = | |
114 | caa_container_of(ret, struct lfht_mp_node, node); | |
115 | ||
116 | /* Key already present */ | |
117 | dbg_printf("Filter: compare merge points for offset %lu, hash %lu\n", | |
118 | target_pc, hash); | |
119 | free(node); | |
120 | if (merge_points_compare(stack, &ret_mp->stack)) { | |
121 | ERR("Merge points differ for offset %lu\n", | |
122 | target_pc); | |
123 | return -EINVAL; | |
124 | } | |
125 | } | |
bf956ec0 MD |
126 | return 0; |
127 | } | |
128 | ||
129 | /* | |
0305960f | 130 | * Binary comparators use top of stack and top of stack -1. |
53569322 MD |
131 | * Return 0 if typing is known to match, 1 if typing is dynamic |
132 | * (unknown), negative error value on error. | |
bf956ec0 | 133 | */ |
97b58163 | 134 | static |
3151a51d PP |
135 | int bin_op_compare_check(struct vstack *stack, filter_opcode_t opcode, |
136 | const char *str) | |
97b58163 | 137 | { |
0305960f | 138 | if (unlikely(!vstack_ax(stack) || !vstack_bx(stack))) |
53569322 | 139 | goto error_empty; |
0305960f MD |
140 | |
141 | switch (vstack_ax(stack)->type) { | |
97b58163 | 142 | default: |
53569322 | 143 | goto error_type; |
97b58163 | 144 | |
53569322 MD |
145 | case REG_UNKNOWN: |
146 | goto unknown; | |
97b58163 | 147 | case REG_STRING: |
0305960f | 148 | switch (vstack_bx(stack)->type) { |
97b58163 | 149 | default: |
53569322 | 150 | goto error_type; |
97b58163 | 151 | |
53569322 MD |
152 | case REG_UNKNOWN: |
153 | goto unknown; | |
97b58163 MD |
154 | case REG_STRING: |
155 | break; | |
3151a51d PP |
156 | case REG_STAR_GLOB_STRING: |
157 | if (opcode != FILTER_OP_EQ && opcode != FILTER_OP_NE) { | |
158 | goto error_mismatch; | |
159 | } | |
160 | break; | |
161 | case REG_S64: | |
162 | case REG_DOUBLE: | |
163 | goto error_mismatch; | |
164 | } | |
165 | break; | |
166 | case REG_STAR_GLOB_STRING: | |
167 | switch (vstack_bx(stack)->type) { | |
168 | default: | |
169 | goto error_type; | |
170 | ||
171 | case REG_UNKNOWN: | |
172 | goto unknown; | |
173 | case REG_STRING: | |
174 | if (opcode != FILTER_OP_EQ && opcode != FILTER_OP_NE) { | |
175 | goto error_mismatch; | |
176 | } | |
177 | break; | |
178 | case REG_STAR_GLOB_STRING: | |
97b58163 MD |
179 | case REG_S64: |
180 | case REG_DOUBLE: | |
181 | goto error_mismatch; | |
182 | } | |
183 | break; | |
184 | case REG_S64: | |
185 | case REG_DOUBLE: | |
0305960f | 186 | switch (vstack_bx(stack)->type) { |
97b58163 | 187 | default: |
53569322 | 188 | goto error_type; |
97b58163 | 189 | |
53569322 MD |
190 | case REG_UNKNOWN: |
191 | goto unknown; | |
97b58163 | 192 | case REG_STRING: |
3151a51d | 193 | case REG_STAR_GLOB_STRING: |
97b58163 | 194 | goto error_mismatch; |
97b58163 MD |
195 | case REG_S64: |
196 | case REG_DOUBLE: | |
197 | break; | |
198 | } | |
199 | break; | |
200 | } | |
201 | return 0; | |
202 | ||
53569322 MD |
203 | unknown: |
204 | return 1; | |
0305960f | 205 | |
97b58163 MD |
206 | error_mismatch: |
207 | ERR("type mismatch for '%s' binary operator\n", str); | |
208 | return -EINVAL; | |
53569322 MD |
209 | |
210 | error_empty: | |
211 | ERR("empty stack for '%s' binary operator\n", str); | |
212 | return -EINVAL; | |
213 | ||
214 | error_type: | |
215 | ERR("unknown type for '%s' binary operator\n", str); | |
216 | return -EINVAL; | |
97b58163 MD |
217 | } |
218 | ||
47e5f13e MD |
219 | /* |
220 | * Binary bitwise operators use top of stack and top of stack -1. | |
221 | * Return 0 if typing is known to match, 1 if typing is dynamic | |
222 | * (unknown), negative error value on error. | |
223 | */ | |
224 | static | |
225 | int bin_op_bitwise_check(struct vstack *stack, filter_opcode_t opcode, | |
226 | const char *str) | |
227 | { | |
228 | if (unlikely(!vstack_ax(stack) || !vstack_bx(stack))) | |
229 | goto error_empty; | |
230 | ||
231 | switch (vstack_ax(stack)->type) { | |
232 | default: | |
233 | goto error_type; | |
234 | ||
235 | case REG_UNKNOWN: | |
236 | goto unknown; | |
237 | case REG_S64: | |
238 | switch (vstack_bx(stack)->type) { | |
239 | default: | |
240 | goto error_type; | |
241 | ||
242 | case REG_UNKNOWN: | |
243 | goto unknown; | |
244 | case REG_S64: | |
245 | break; | |
246 | } | |
247 | break; | |
248 | } | |
249 | return 0; | |
250 | ||
251 | unknown: | |
252 | return 1; | |
253 | ||
254 | error_empty: | |
255 | ERR("empty stack for '%s' binary operator\n", str); | |
256 | return -EINVAL; | |
257 | ||
258 | error_type: | |
259 | ERR("unknown type for '%s' binary operator\n", str); | |
260 | return -EINVAL; | |
261 | } | |
262 | ||
263 | static | |
264 | int validate_get_symbol(struct bytecode_runtime *bytecode, | |
265 | const struct get_symbol *sym) | |
266 | { | |
267 | const char *str, *str_limit; | |
268 | size_t len_limit; | |
269 | ||
270 | if (sym->offset >= bytecode->p.bc->bc.len - bytecode->p.bc->bc.reloc_offset) | |
271 | return -EINVAL; | |
272 | ||
273 | str = bytecode->p.bc->bc.data + bytecode->p.bc->bc.reloc_offset + sym->offset; | |
274 | str_limit = bytecode->p.bc->bc.data + bytecode->p.bc->bc.len; | |
275 | len_limit = str_limit - str; | |
276 | if (strnlen(str, len_limit) == len_limit) | |
277 | return -EINVAL; | |
278 | return 0; | |
279 | } | |
280 | ||
97b58163 MD |
281 | /* |
282 | * Validate bytecode range overflow within the validation pass. | |
283 | * Called for each instruction encountered. | |
284 | */ | |
285 | static | |
286 | int bytecode_validate_overflow(struct bytecode_runtime *bytecode, | |
22389ecb | 287 | char *start_pc, char *pc) |
97b58163 MD |
288 | { |
289 | int ret = 0; | |
290 | ||
291 | switch (*(filter_opcode_t *) pc) { | |
292 | case FILTER_OP_UNKNOWN: | |
293 | default: | |
294 | { | |
295 | ERR("unknown bytecode op %u\n", | |
296 | (unsigned int) *(filter_opcode_t *) pc); | |
297 | ret = -EINVAL; | |
298 | break; | |
299 | } | |
300 | ||
301 | case FILTER_OP_RETURN: | |
93c591bb | 302 | case FILTER_OP_RETURN_S64: |
97b58163 MD |
303 | { |
304 | if (unlikely(pc + sizeof(struct return_op) | |
305 | > start_pc + bytecode->len)) { | |
82513dbe | 306 | ret = -ERANGE; |
97b58163 MD |
307 | } |
308 | break; | |
309 | } | |
310 | ||
311 | /* binary */ | |
312 | case FILTER_OP_MUL: | |
313 | case FILTER_OP_DIV: | |
314 | case FILTER_OP_MOD: | |
315 | case FILTER_OP_PLUS: | |
316 | case FILTER_OP_MINUS: | |
97b58163 MD |
317 | { |
318 | ERR("unsupported bytecode op %u\n", | |
319 | (unsigned int) *(filter_opcode_t *) pc); | |
320 | ret = -EINVAL; | |
321 | break; | |
322 | } | |
323 | ||
324 | case FILTER_OP_EQ: | |
325 | case FILTER_OP_NE: | |
326 | case FILTER_OP_GT: | |
327 | case FILTER_OP_LT: | |
328 | case FILTER_OP_GE: | |
329 | case FILTER_OP_LE: | |
330 | case FILTER_OP_EQ_STRING: | |
331 | case FILTER_OP_NE_STRING: | |
332 | case FILTER_OP_GT_STRING: | |
333 | case FILTER_OP_LT_STRING: | |
334 | case FILTER_OP_GE_STRING: | |
335 | case FILTER_OP_LE_STRING: | |
3151a51d PP |
336 | case FILTER_OP_EQ_STAR_GLOB_STRING: |
337 | case FILTER_OP_NE_STAR_GLOB_STRING: | |
97b58163 MD |
338 | case FILTER_OP_EQ_S64: |
339 | case FILTER_OP_NE_S64: | |
340 | case FILTER_OP_GT_S64: | |
341 | case FILTER_OP_LT_S64: | |
342 | case FILTER_OP_GE_S64: | |
343 | case FILTER_OP_LE_S64: | |
344 | case FILTER_OP_EQ_DOUBLE: | |
345 | case FILTER_OP_NE_DOUBLE: | |
346 | case FILTER_OP_GT_DOUBLE: | |
347 | case FILTER_OP_LT_DOUBLE: | |
348 | case FILTER_OP_GE_DOUBLE: | |
349 | case FILTER_OP_LE_DOUBLE: | |
dbea82ec MD |
350 | case FILTER_OP_EQ_DOUBLE_S64: |
351 | case FILTER_OP_NE_DOUBLE_S64: | |
352 | case FILTER_OP_GT_DOUBLE_S64: | |
353 | case FILTER_OP_LT_DOUBLE_S64: | |
354 | case FILTER_OP_GE_DOUBLE_S64: | |
355 | case FILTER_OP_LE_DOUBLE_S64: | |
356 | case FILTER_OP_EQ_S64_DOUBLE: | |
357 | case FILTER_OP_NE_S64_DOUBLE: | |
358 | case FILTER_OP_GT_S64_DOUBLE: | |
359 | case FILTER_OP_LT_S64_DOUBLE: | |
360 | case FILTER_OP_GE_S64_DOUBLE: | |
361 | case FILTER_OP_LE_S64_DOUBLE: | |
0039e2d8 MD |
362 | case FILTER_OP_BIT_RSHIFT: |
363 | case FILTER_OP_BIT_LSHIFT: | |
47e5f13e MD |
364 | case FILTER_OP_BIT_AND: |
365 | case FILTER_OP_BIT_OR: | |
366 | case FILTER_OP_BIT_XOR: | |
97b58163 MD |
367 | { |
368 | if (unlikely(pc + sizeof(struct binary_op) | |
369 | > start_pc + bytecode->len)) { | |
82513dbe | 370 | ret = -ERANGE; |
97b58163 MD |
371 | } |
372 | break; | |
373 | } | |
374 | ||
375 | /* unary */ | |
376 | case FILTER_OP_UNARY_PLUS: | |
377 | case FILTER_OP_UNARY_MINUS: | |
378 | case FILTER_OP_UNARY_NOT: | |
379 | case FILTER_OP_UNARY_PLUS_S64: | |
380 | case FILTER_OP_UNARY_MINUS_S64: | |
381 | case FILTER_OP_UNARY_NOT_S64: | |
382 | case FILTER_OP_UNARY_PLUS_DOUBLE: | |
383 | case FILTER_OP_UNARY_MINUS_DOUBLE: | |
384 | case FILTER_OP_UNARY_NOT_DOUBLE: | |
0039e2d8 | 385 | case FILTER_OP_UNARY_BIT_NOT: |
97b58163 MD |
386 | { |
387 | if (unlikely(pc + sizeof(struct unary_op) | |
388 | > start_pc + bytecode->len)) { | |
82513dbe | 389 | ret = -ERANGE; |
97b58163 MD |
390 | } |
391 | break; | |
392 | } | |
393 | ||
394 | /* logical */ | |
395 | case FILTER_OP_AND: | |
396 | case FILTER_OP_OR: | |
397 | { | |
398 | if (unlikely(pc + sizeof(struct logical_op) | |
399 | > start_pc + bytecode->len)) { | |
82513dbe | 400 | ret = -ERANGE; |
97b58163 MD |
401 | } |
402 | break; | |
403 | } | |
404 | ||
77aa5901 | 405 | /* load field ref */ |
97b58163 MD |
406 | case FILTER_OP_LOAD_FIELD_REF: |
407 | { | |
408 | ERR("Unknown field ref type\n"); | |
409 | ret = -EINVAL; | |
410 | break; | |
411 | } | |
47e5f13e | 412 | |
77aa5901 MD |
413 | /* get context ref */ |
414 | case FILTER_OP_GET_CONTEXT_REF: | |
97b58163 MD |
415 | case FILTER_OP_LOAD_FIELD_REF_STRING: |
416 | case FILTER_OP_LOAD_FIELD_REF_SEQUENCE: | |
417 | case FILTER_OP_LOAD_FIELD_REF_S64: | |
418 | case FILTER_OP_LOAD_FIELD_REF_DOUBLE: | |
77aa5901 MD |
419 | case FILTER_OP_GET_CONTEXT_REF_STRING: |
420 | case FILTER_OP_GET_CONTEXT_REF_S64: | |
421 | case FILTER_OP_GET_CONTEXT_REF_DOUBLE: | |
97b58163 MD |
422 | { |
423 | if (unlikely(pc + sizeof(struct load_op) + sizeof(struct field_ref) | |
424 | > start_pc + bytecode->len)) { | |
82513dbe | 425 | ret = -ERANGE; |
97b58163 MD |
426 | } |
427 | break; | |
428 | } | |
429 | ||
77aa5901 | 430 | /* load from immediate operand */ |
97b58163 | 431 | case FILTER_OP_LOAD_STRING: |
3151a51d | 432 | case FILTER_OP_LOAD_STAR_GLOB_STRING: |
97b58163 MD |
433 | { |
434 | struct load_op *insn = (struct load_op *) pc; | |
435 | uint32_t str_len, maxlen; | |
436 | ||
437 | if (unlikely(pc + sizeof(struct load_op) | |
438 | > start_pc + bytecode->len)) { | |
82513dbe | 439 | ret = -ERANGE; |
97b58163 MD |
440 | break; |
441 | } | |
442 | ||
443 | maxlen = start_pc + bytecode->len - pc - sizeof(struct load_op); | |
444 | str_len = strnlen(insn->data, maxlen); | |
445 | if (unlikely(str_len >= maxlen)) { | |
446 | /* Final '\0' not found within range */ | |
82513dbe | 447 | ret = -ERANGE; |
97b58163 MD |
448 | } |
449 | break; | |
450 | } | |
451 | ||
452 | case FILTER_OP_LOAD_S64: | |
453 | { | |
454 | if (unlikely(pc + sizeof(struct load_op) + sizeof(struct literal_numeric) | |
455 | > start_pc + bytecode->len)) { | |
82513dbe | 456 | ret = -ERANGE; |
97b58163 MD |
457 | } |
458 | break; | |
459 | } | |
460 | ||
461 | case FILTER_OP_LOAD_DOUBLE: | |
462 | { | |
463 | if (unlikely(pc + sizeof(struct load_op) + sizeof(struct literal_double) | |
464 | > start_pc + bytecode->len)) { | |
82513dbe | 465 | ret = -ERANGE; |
97b58163 MD |
466 | } |
467 | break; | |
468 | } | |
469 | ||
470 | case FILTER_OP_CAST_TO_S64: | |
471 | case FILTER_OP_CAST_DOUBLE_TO_S64: | |
472 | case FILTER_OP_CAST_NOP: | |
473 | { | |
474 | if (unlikely(pc + sizeof(struct cast_op) | |
475 | > start_pc + bytecode->len)) { | |
82513dbe | 476 | ret = -ERANGE; |
97b58163 MD |
477 | } |
478 | break; | |
479 | } | |
77aa5901 | 480 | |
47e5f13e MD |
481 | /* |
482 | * Instructions for recursive traversal through composed types. | |
483 | */ | |
484 | case FILTER_OP_GET_CONTEXT_ROOT: | |
485 | case FILTER_OP_GET_APP_CONTEXT_ROOT: | |
486 | case FILTER_OP_GET_PAYLOAD_ROOT: | |
487 | case FILTER_OP_LOAD_FIELD: | |
488 | case FILTER_OP_LOAD_FIELD_S8: | |
489 | case FILTER_OP_LOAD_FIELD_S16: | |
490 | case FILTER_OP_LOAD_FIELD_S32: | |
491 | case FILTER_OP_LOAD_FIELD_S64: | |
492 | case FILTER_OP_LOAD_FIELD_U8: | |
493 | case FILTER_OP_LOAD_FIELD_U16: | |
494 | case FILTER_OP_LOAD_FIELD_U32: | |
495 | case FILTER_OP_LOAD_FIELD_U64: | |
496 | case FILTER_OP_LOAD_FIELD_STRING: | |
497 | case FILTER_OP_LOAD_FIELD_SEQUENCE: | |
498 | case FILTER_OP_LOAD_FIELD_DOUBLE: | |
499 | if (unlikely(pc + sizeof(struct load_op) | |
500 | > start_pc + bytecode->len)) { | |
501 | ret = -ERANGE; | |
502 | } | |
503 | break; | |
504 | ||
505 | case FILTER_OP_GET_SYMBOL: | |
506 | { | |
507 | struct load_op *insn = (struct load_op *) pc; | |
508 | struct get_symbol *sym = (struct get_symbol *) insn->data; | |
509 | ||
510 | if (unlikely(pc + sizeof(struct load_op) + sizeof(struct get_symbol) | |
511 | > start_pc + bytecode->len)) { | |
512 | ret = -ERANGE; | |
90732639 | 513 | break; |
47e5f13e MD |
514 | } |
515 | ret = validate_get_symbol(bytecode, sym); | |
516 | break; | |
517 | } | |
518 | ||
519 | case FILTER_OP_GET_SYMBOL_FIELD: | |
520 | ERR("Unexpected get symbol field"); | |
521 | ret = -EINVAL; | |
522 | break; | |
523 | ||
524 | case FILTER_OP_GET_INDEX_U16: | |
525 | if (unlikely(pc + sizeof(struct load_op) + sizeof(struct get_index_u16) | |
526 | > start_pc + bytecode->len)) { | |
527 | ret = -ERANGE; | |
528 | } | |
529 | break; | |
530 | ||
531 | case FILTER_OP_GET_INDEX_U64: | |
532 | if (unlikely(pc + sizeof(struct load_op) + sizeof(struct get_index_u64) | |
533 | > start_pc + bytecode->len)) { | |
534 | ret = -ERANGE; | |
535 | } | |
536 | break; | |
97b58163 MD |
537 | } |
538 | ||
539 | return ret; | |
540 | } | |
541 | ||
bf956ec0 MD |
542 | static |
543 | unsigned long delete_all_nodes(struct cds_lfht *ht) | |
97b58163 | 544 | { |
bf956ec0 MD |
545 | struct cds_lfht_iter iter; |
546 | struct lfht_mp_node *node; | |
547 | unsigned long nr_nodes = 0; | |
97b58163 | 548 | |
bf956ec0 MD |
549 | cds_lfht_for_each_entry(ht, &iter, node, node) { |
550 | int ret; | |
551 | ||
552 | ret = cds_lfht_del(ht, cds_lfht_iter_get_node(&iter)); | |
553 | assert(!ret); | |
554 | /* note: this hash table is never used concurrently */ | |
555 | free(node); | |
556 | nr_nodes++; | |
97b58163 | 557 | } |
bf956ec0 MD |
558 | return nr_nodes; |
559 | } | |
97b58163 | 560 | |
bf956ec0 MD |
561 | /* |
562 | * Return value: | |
53569322 | 563 | * >=0: success |
bf956ec0 MD |
564 | * <0: error |
565 | */ | |
566 | static | |
567 | int validate_instruction_context(struct bytecode_runtime *bytecode, | |
0305960f | 568 | struct vstack *stack, |
22389ecb MD |
569 | char *start_pc, |
570 | char *pc) | |
bf956ec0 MD |
571 | { |
572 | int ret = 0; | |
3151a51d | 573 | const filter_opcode_t opcode = *(filter_opcode_t *) pc; |
bf956ec0 | 574 | |
3151a51d | 575 | switch (opcode) { |
bf956ec0 MD |
576 | case FILTER_OP_UNKNOWN: |
577 | default: | |
578 | { | |
579 | ERR("unknown bytecode op %u\n", | |
97b58163 | 580 | (unsigned int) *(filter_opcode_t *) pc); |
bf956ec0 MD |
581 | ret = -EINVAL; |
582 | goto end; | |
583 | } | |
584 | ||
585 | case FILTER_OP_RETURN: | |
93c591bb | 586 | case FILTER_OP_RETURN_S64: |
bf956ec0 MD |
587 | { |
588 | goto end; | |
589 | } | |
590 | ||
591 | /* binary */ | |
592 | case FILTER_OP_MUL: | |
593 | case FILTER_OP_DIV: | |
594 | case FILTER_OP_MOD: | |
595 | case FILTER_OP_PLUS: | |
596 | case FILTER_OP_MINUS: | |
bf956ec0 MD |
597 | { |
598 | ERR("unsupported bytecode op %u\n", | |
3151a51d | 599 | (unsigned int) opcode); |
bf956ec0 MD |
600 | ret = -EINVAL; |
601 | goto end; | |
602 | } | |
97b58163 | 603 | |
bf956ec0 MD |
604 | case FILTER_OP_EQ: |
605 | { | |
3151a51d | 606 | ret = bin_op_compare_check(stack, opcode, "=="); |
53569322 | 607 | if (ret < 0) |
bf956ec0 MD |
608 | goto end; |
609 | break; | |
610 | } | |
611 | case FILTER_OP_NE: | |
612 | { | |
3151a51d | 613 | ret = bin_op_compare_check(stack, opcode, "!="); |
53569322 | 614 | if (ret < 0) |
bf956ec0 MD |
615 | goto end; |
616 | break; | |
617 | } | |
618 | case FILTER_OP_GT: | |
619 | { | |
3151a51d | 620 | ret = bin_op_compare_check(stack, opcode, ">"); |
53569322 | 621 | if (ret < 0) |
bf956ec0 MD |
622 | goto end; |
623 | break; | |
624 | } | |
625 | case FILTER_OP_LT: | |
626 | { | |
3151a51d | 627 | ret = bin_op_compare_check(stack, opcode, "<"); |
53569322 | 628 | if (ret < 0) |
bf956ec0 MD |
629 | goto end; |
630 | break; | |
631 | } | |
632 | case FILTER_OP_GE: | |
633 | { | |
3151a51d | 634 | ret = bin_op_compare_check(stack, opcode, ">="); |
53569322 | 635 | if (ret < 0) |
bf956ec0 MD |
636 | goto end; |
637 | break; | |
638 | } | |
639 | case FILTER_OP_LE: | |
640 | { | |
3151a51d | 641 | ret = bin_op_compare_check(stack, opcode, "<="); |
53569322 | 642 | if (ret < 0) |
97b58163 | 643 | goto end; |
bf956ec0 MD |
644 | break; |
645 | } | |
97b58163 | 646 | |
bf956ec0 MD |
647 | case FILTER_OP_EQ_STRING: |
648 | case FILTER_OP_NE_STRING: | |
649 | case FILTER_OP_GT_STRING: | |
650 | case FILTER_OP_LT_STRING: | |
651 | case FILTER_OP_GE_STRING: | |
652 | case FILTER_OP_LE_STRING: | |
653 | { | |
0305960f MD |
654 | if (!vstack_ax(stack) || !vstack_bx(stack)) { |
655 | ERR("Empty stack\n"); | |
656 | ret = -EINVAL; | |
657 | goto end; | |
658 | } | |
659 | if (vstack_ax(stack)->type != REG_STRING | |
660 | || vstack_bx(stack)->type != REG_STRING) { | |
bf956ec0 | 661 | ERR("Unexpected register type for string comparator\n"); |
97b58163 MD |
662 | ret = -EINVAL; |
663 | goto end; | |
97b58163 | 664 | } |
bf956ec0 MD |
665 | break; |
666 | } | |
97b58163 | 667 | |
3151a51d PP |
668 | case FILTER_OP_EQ_STAR_GLOB_STRING: |
669 | case FILTER_OP_NE_STAR_GLOB_STRING: | |
670 | { | |
671 | if (!vstack_ax(stack) || !vstack_bx(stack)) { | |
672 | ERR("Empty stack\n"); | |
673 | ret = -EINVAL; | |
674 | goto end; | |
675 | } | |
676 | if (vstack_ax(stack)->type != REG_STAR_GLOB_STRING | |
677 | && vstack_bx(stack)->type != REG_STAR_GLOB_STRING) { | |
678 | ERR("Unexpected register type for globbing pattern comparator\n"); | |
679 | ret = -EINVAL; | |
680 | goto end; | |
681 | } | |
682 | break; | |
683 | } | |
684 | ||
bf956ec0 MD |
685 | case FILTER_OP_EQ_S64: |
686 | case FILTER_OP_NE_S64: | |
687 | case FILTER_OP_GT_S64: | |
688 | case FILTER_OP_LT_S64: | |
689 | case FILTER_OP_GE_S64: | |
690 | case FILTER_OP_LE_S64: | |
691 | { | |
0305960f MD |
692 | if (!vstack_ax(stack) || !vstack_bx(stack)) { |
693 | ERR("Empty stack\n"); | |
694 | ret = -EINVAL; | |
695 | goto end; | |
696 | } | |
697 | if (vstack_ax(stack)->type != REG_S64 | |
698 | || vstack_bx(stack)->type != REG_S64) { | |
bf956ec0 MD |
699 | ERR("Unexpected register type for s64 comparator\n"); |
700 | ret = -EINVAL; | |
701 | goto end; | |
97b58163 | 702 | } |
bf956ec0 MD |
703 | break; |
704 | } | |
97b58163 | 705 | |
bf956ec0 MD |
706 | case FILTER_OP_EQ_DOUBLE: |
707 | case FILTER_OP_NE_DOUBLE: | |
708 | case FILTER_OP_GT_DOUBLE: | |
709 | case FILTER_OP_LT_DOUBLE: | |
710 | case FILTER_OP_GE_DOUBLE: | |
711 | case FILTER_OP_LE_DOUBLE: | |
712 | { | |
0305960f MD |
713 | if (!vstack_ax(stack) || !vstack_bx(stack)) { |
714 | ERR("Empty stack\n"); | |
715 | ret = -EINVAL; | |
716 | goto end; | |
717 | } | |
dbea82ec MD |
718 | if (vstack_ax(stack)->type != REG_DOUBLE && vstack_bx(stack)->type != REG_DOUBLE) { |
719 | ERR("Double operator should have two double registers\n"); | |
bf956ec0 MD |
720 | ret = -EINVAL; |
721 | goto end; | |
97b58163 | 722 | } |
dbea82ec MD |
723 | break; |
724 | } | |
725 | ||
726 | case FILTER_OP_EQ_DOUBLE_S64: | |
727 | case FILTER_OP_NE_DOUBLE_S64: | |
728 | case FILTER_OP_GT_DOUBLE_S64: | |
729 | case FILTER_OP_LT_DOUBLE_S64: | |
730 | case FILTER_OP_GE_DOUBLE_S64: | |
731 | case FILTER_OP_LE_DOUBLE_S64: | |
732 | { | |
733 | if (!vstack_ax(stack) || !vstack_bx(stack)) { | |
734 | ERR("Empty stack\n"); | |
735 | ret = -EINVAL; | |
736 | goto end; | |
737 | } | |
738 | if (vstack_ax(stack)->type != REG_S64 && vstack_bx(stack)->type != REG_DOUBLE) { | |
739 | ERR("Double-S64 operator has unexpected register types\n"); | |
740 | ret = -EINVAL; | |
741 | goto end; | |
742 | } | |
743 | break; | |
744 | } | |
745 | ||
746 | case FILTER_OP_EQ_S64_DOUBLE: | |
747 | case FILTER_OP_NE_S64_DOUBLE: | |
748 | case FILTER_OP_GT_S64_DOUBLE: | |
749 | case FILTER_OP_LT_S64_DOUBLE: | |
750 | case FILTER_OP_GE_S64_DOUBLE: | |
751 | case FILTER_OP_LE_S64_DOUBLE: | |
752 | { | |
753 | if (!vstack_ax(stack) || !vstack_bx(stack)) { | |
754 | ERR("Empty stack\n"); | |
755 | ret = -EINVAL; | |
756 | goto end; | |
757 | } | |
758 | if (vstack_ax(stack)->type != REG_DOUBLE && vstack_bx(stack)->type != REG_S64) { | |
759 | ERR("S64-Double operator has unexpected register types\n"); | |
bf956ec0 MD |
760 | ret = -EINVAL; |
761 | goto end; | |
97b58163 | 762 | } |
bf956ec0 MD |
763 | break; |
764 | } | |
97b58163 | 765 | |
0039e2d8 MD |
766 | case FILTER_OP_BIT_RSHIFT: |
767 | ret = bin_op_bitwise_check(stack, opcode, ">>"); | |
768 | if (ret < 0) | |
769 | goto end; | |
770 | break; | |
771 | case FILTER_OP_BIT_LSHIFT: | |
772 | ret = bin_op_bitwise_check(stack, opcode, "<<"); | |
773 | if (ret < 0) | |
774 | goto end; | |
775 | break; | |
47e5f13e MD |
776 | case FILTER_OP_BIT_AND: |
777 | ret = bin_op_bitwise_check(stack, opcode, "&"); | |
778 | if (ret < 0) | |
779 | goto end; | |
780 | break; | |
781 | case FILTER_OP_BIT_OR: | |
782 | ret = bin_op_bitwise_check(stack, opcode, "|"); | |
783 | if (ret < 0) | |
784 | goto end; | |
785 | break; | |
786 | case FILTER_OP_BIT_XOR: | |
787 | ret = bin_op_bitwise_check(stack, opcode, "^"); | |
788 | if (ret < 0) | |
789 | goto end; | |
790 | break; | |
791 | ||
bf956ec0 MD |
792 | /* unary */ |
793 | case FILTER_OP_UNARY_PLUS: | |
794 | case FILTER_OP_UNARY_MINUS: | |
795 | case FILTER_OP_UNARY_NOT: | |
796 | { | |
0305960f MD |
797 | if (!vstack_ax(stack)) { |
798 | ERR("Empty stack\n"); | |
bf956ec0 MD |
799 | ret = -EINVAL; |
800 | goto end; | |
801 | } | |
0305960f | 802 | switch (vstack_ax(stack)->type) { |
bf956ec0 MD |
803 | default: |
804 | ERR("unknown register type\n"); | |
805 | ret = -EINVAL; | |
806 | goto end; | |
97b58163 | 807 | |
bf956ec0 | 808 | case REG_STRING: |
3151a51d | 809 | case REG_STAR_GLOB_STRING: |
bf956ec0 MD |
810 | ERR("Unary op can only be applied to numeric or floating point registers\n"); |
811 | ret = -EINVAL; | |
812 | goto end; | |
813 | case REG_S64: | |
814 | break; | |
815 | case REG_DOUBLE: | |
97b58163 | 816 | break; |
53569322 MD |
817 | case REG_UNKNOWN: |
818 | break; | |
97b58163 | 819 | } |
bf956ec0 MD |
820 | break; |
821 | } | |
0039e2d8 MD |
822 | case FILTER_OP_UNARY_BIT_NOT: |
823 | { | |
824 | if (!vstack_ax(stack)) { | |
825 | ERR("Empty stack\n"); | |
826 | ret = -EINVAL; | |
827 | goto end; | |
828 | } | |
829 | switch (vstack_ax(stack)->type) { | |
830 | default: | |
831 | ERR("unknown register type\n"); | |
832 | ret = -EINVAL; | |
833 | goto end; | |
834 | ||
835 | case REG_STRING: | |
836 | case REG_STAR_GLOB_STRING: | |
837 | case REG_DOUBLE: | |
838 | ERR("Unary bitwise op can only be applied to numeric registers\n"); | |
839 | ret = -EINVAL; | |
840 | goto end; | |
841 | case REG_S64: | |
842 | break; | |
843 | case REG_UNKNOWN: | |
844 | break; | |
845 | } | |
846 | break; | |
847 | } | |
97b58163 | 848 | |
bf956ec0 MD |
849 | case FILTER_OP_UNARY_PLUS_S64: |
850 | case FILTER_OP_UNARY_MINUS_S64: | |
851 | case FILTER_OP_UNARY_NOT_S64: | |
852 | { | |
0305960f MD |
853 | if (!vstack_ax(stack)) { |
854 | ERR("Empty stack\n"); | |
bf956ec0 MD |
855 | ret = -EINVAL; |
856 | goto end; | |
857 | } | |
0305960f | 858 | if (vstack_ax(stack)->type != REG_S64) { |
bf956ec0 MD |
859 | ERR("Invalid register type\n"); |
860 | ret = -EINVAL; | |
861 | goto end; | |
97b58163 | 862 | } |
bf956ec0 MD |
863 | break; |
864 | } | |
97b58163 | 865 | |
bf956ec0 MD |
866 | case FILTER_OP_UNARY_PLUS_DOUBLE: |
867 | case FILTER_OP_UNARY_MINUS_DOUBLE: | |
868 | case FILTER_OP_UNARY_NOT_DOUBLE: | |
869 | { | |
0305960f MD |
870 | if (!vstack_ax(stack)) { |
871 | ERR("Empty stack\n"); | |
bf956ec0 MD |
872 | ret = -EINVAL; |
873 | goto end; | |
97b58163 | 874 | } |
0305960f | 875 | if (vstack_ax(stack)->type != REG_DOUBLE) { |
bf956ec0 MD |
876 | ERR("Invalid register type\n"); |
877 | ret = -EINVAL; | |
878 | goto end; | |
879 | } | |
880 | break; | |
881 | } | |
97b58163 | 882 | |
bf956ec0 MD |
883 | /* logical */ |
884 | case FILTER_OP_AND: | |
885 | case FILTER_OP_OR: | |
886 | { | |
887 | struct logical_op *insn = (struct logical_op *) pc; | |
97b58163 | 888 | |
0305960f MD |
889 | if (!vstack_ax(stack)) { |
890 | ERR("Empty stack\n"); | |
891 | ret = -EINVAL; | |
892 | goto end; | |
893 | } | |
53569322 MD |
894 | if (vstack_ax(stack)->type != REG_S64 |
895 | && vstack_ax(stack)->type != REG_UNKNOWN) { | |
896 | ERR("Logical comparator expects S64 or dynamic register\n"); | |
bf956ec0 MD |
897 | ret = -EINVAL; |
898 | goto end; | |
97b58163 MD |
899 | } |
900 | ||
bf956ec0 MD |
901 | dbg_printf("Validate jumping to bytecode offset %u\n", |
902 | (unsigned int) insn->skip_offset); | |
903 | if (unlikely(start_pc + insn->skip_offset <= pc)) { | |
904 | ERR("Loops are not allowed in bytecode\n"); | |
97b58163 MD |
905 | ret = -EINVAL; |
906 | goto end; | |
907 | } | |
bf956ec0 MD |
908 | break; |
909 | } | |
97b58163 | 910 | |
77aa5901 | 911 | /* load field ref */ |
bf956ec0 MD |
912 | case FILTER_OP_LOAD_FIELD_REF: |
913 | { | |
914 | ERR("Unknown field ref type\n"); | |
915 | ret = -EINVAL; | |
916 | goto end; | |
917 | } | |
918 | case FILTER_OP_LOAD_FIELD_REF_STRING: | |
919 | case FILTER_OP_LOAD_FIELD_REF_SEQUENCE: | |
920 | { | |
921 | struct load_op *insn = (struct load_op *) pc; | |
922 | struct field_ref *ref = (struct field_ref *) insn->data; | |
923 | ||
bf956ec0 MD |
924 | dbg_printf("Validate load field ref offset %u type string\n", |
925 | ref->offset); | |
926 | break; | |
927 | } | |
928 | case FILTER_OP_LOAD_FIELD_REF_S64: | |
929 | { | |
930 | struct load_op *insn = (struct load_op *) pc; | |
931 | struct field_ref *ref = (struct field_ref *) insn->data; | |
97b58163 | 932 | |
bf956ec0 MD |
933 | dbg_printf("Validate load field ref offset %u type s64\n", |
934 | ref->offset); | |
935 | break; | |
936 | } | |
937 | case FILTER_OP_LOAD_FIELD_REF_DOUBLE: | |
938 | { | |
939 | struct load_op *insn = (struct load_op *) pc; | |
940 | struct field_ref *ref = (struct field_ref *) insn->data; | |
97b58163 | 941 | |
bf956ec0 MD |
942 | dbg_printf("Validate load field ref offset %u type double\n", |
943 | ref->offset); | |
944 | break; | |
945 | } | |
97b58163 | 946 | |
77aa5901 | 947 | /* load from immediate operand */ |
bf956ec0 | 948 | case FILTER_OP_LOAD_STRING: |
3151a51d | 949 | case FILTER_OP_LOAD_STAR_GLOB_STRING: |
bf956ec0 | 950 | { |
bf956ec0 MD |
951 | break; |
952 | } | |
97b58163 | 953 | |
bf956ec0 MD |
954 | case FILTER_OP_LOAD_S64: |
955 | { | |
bf956ec0 MD |
956 | break; |
957 | } | |
97b58163 | 958 | |
bf956ec0 MD |
959 | case FILTER_OP_LOAD_DOUBLE: |
960 | { | |
bf956ec0 MD |
961 | break; |
962 | } | |
97b58163 | 963 | |
bf956ec0 MD |
964 | case FILTER_OP_CAST_TO_S64: |
965 | case FILTER_OP_CAST_DOUBLE_TO_S64: | |
966 | { | |
967 | struct cast_op *insn = (struct cast_op *) pc; | |
97b58163 | 968 | |
0305960f MD |
969 | if (!vstack_ax(stack)) { |
970 | ERR("Empty stack\n"); | |
bf956ec0 MD |
971 | ret = -EINVAL; |
972 | goto end; | |
973 | } | |
0305960f | 974 | switch (vstack_ax(stack)->type) { |
bf956ec0 MD |
975 | default: |
976 | ERR("unknown register type\n"); | |
977 | ret = -EINVAL; | |
978 | goto end; | |
97b58163 | 979 | |
bf956ec0 | 980 | case REG_STRING: |
3151a51d | 981 | case REG_STAR_GLOB_STRING: |
bf956ec0 MD |
982 | ERR("Cast op can only be applied to numeric or floating point registers\n"); |
983 | ret = -EINVAL; | |
984 | goto end; | |
985 | case REG_S64: | |
986 | break; | |
987 | case REG_DOUBLE: | |
988 | break; | |
53569322 MD |
989 | case REG_UNKNOWN: |
990 | break; | |
bf956ec0 MD |
991 | } |
992 | if (insn->op == FILTER_OP_CAST_DOUBLE_TO_S64) { | |
0305960f | 993 | if (vstack_ax(stack)->type != REG_DOUBLE) { |
bf956ec0 | 994 | ERR("Cast expects double\n"); |
97b58163 MD |
995 | ret = -EINVAL; |
996 | goto end; | |
97b58163 | 997 | } |
97b58163 | 998 | } |
bf956ec0 MD |
999 | break; |
1000 | } | |
1001 | case FILTER_OP_CAST_NOP: | |
1002 | { | |
1003 | break; | |
1004 | } | |
1005 | ||
77aa5901 MD |
1006 | /* get context ref */ |
1007 | case FILTER_OP_GET_CONTEXT_REF: | |
1008 | { | |
53569322 MD |
1009 | struct load_op *insn = (struct load_op *) pc; |
1010 | struct field_ref *ref = (struct field_ref *) insn->data; | |
1011 | ||
1012 | dbg_printf("Validate get context ref offset %u type dynamic\n", | |
1013 | ref->offset); | |
1014 | break; | |
77aa5901 MD |
1015 | } |
1016 | case FILTER_OP_GET_CONTEXT_REF_STRING: | |
1017 | { | |
1018 | struct load_op *insn = (struct load_op *) pc; | |
1019 | struct field_ref *ref = (struct field_ref *) insn->data; | |
1020 | ||
1021 | dbg_printf("Validate get context ref offset %u type string\n", | |
1022 | ref->offset); | |
1023 | break; | |
1024 | } | |
1025 | case FILTER_OP_GET_CONTEXT_REF_S64: | |
1026 | { | |
1027 | struct load_op *insn = (struct load_op *) pc; | |
1028 | struct field_ref *ref = (struct field_ref *) insn->data; | |
1029 | ||
1030 | dbg_printf("Validate get context ref offset %u type s64\n", | |
1031 | ref->offset); | |
1032 | break; | |
1033 | } | |
1034 | case FILTER_OP_GET_CONTEXT_REF_DOUBLE: | |
1035 | { | |
1036 | struct load_op *insn = (struct load_op *) pc; | |
1037 | struct field_ref *ref = (struct field_ref *) insn->data; | |
1038 | ||
1039 | dbg_printf("Validate get context ref offset %u type double\n", | |
1040 | ref->offset); | |
1041 | break; | |
1042 | } | |
1043 | ||
47e5f13e MD |
1044 | /* |
1045 | * Instructions for recursive traversal through composed types. | |
1046 | */ | |
1047 | case FILTER_OP_GET_CONTEXT_ROOT: | |
1048 | { | |
1049 | dbg_printf("Validate get context root\n"); | |
1050 | break; | |
1051 | } | |
1052 | case FILTER_OP_GET_APP_CONTEXT_ROOT: | |
1053 | { | |
1054 | dbg_printf("Validate get app context root\n"); | |
1055 | break; | |
1056 | } | |
1057 | case FILTER_OP_GET_PAYLOAD_ROOT: | |
1058 | { | |
1059 | dbg_printf("Validate get payload root\n"); | |
1060 | break; | |
1061 | } | |
1062 | case FILTER_OP_LOAD_FIELD: | |
1063 | { | |
1064 | /* | |
1065 | * We tolerate that field type is unknown at validation, | |
1066 | * because we are performing the load specialization in | |
1067 | * a phase after validation. | |
1068 | */ | |
1069 | dbg_printf("Validate load field\n"); | |
1070 | break; | |
1071 | } | |
1072 | case FILTER_OP_LOAD_FIELD_S8: | |
1073 | { | |
1074 | dbg_printf("Validate load field s8\n"); | |
1075 | break; | |
1076 | } | |
1077 | case FILTER_OP_LOAD_FIELD_S16: | |
1078 | { | |
1079 | dbg_printf("Validate load field s16\n"); | |
1080 | break; | |
1081 | } | |
1082 | case FILTER_OP_LOAD_FIELD_S32: | |
1083 | { | |
1084 | dbg_printf("Validate load field s32\n"); | |
1085 | break; | |
1086 | } | |
1087 | case FILTER_OP_LOAD_FIELD_S64: | |
1088 | { | |
1089 | dbg_printf("Validate load field s64\n"); | |
1090 | break; | |
1091 | } | |
1092 | case FILTER_OP_LOAD_FIELD_U8: | |
1093 | { | |
1094 | dbg_printf("Validate load field u8\n"); | |
1095 | break; | |
1096 | } | |
1097 | case FILTER_OP_LOAD_FIELD_U16: | |
1098 | { | |
1099 | dbg_printf("Validate load field u16\n"); | |
1100 | break; | |
1101 | } | |
1102 | case FILTER_OP_LOAD_FIELD_U32: | |
1103 | { | |
1104 | dbg_printf("Validate load field u32\n"); | |
1105 | break; | |
1106 | } | |
1107 | case FILTER_OP_LOAD_FIELD_U64: | |
1108 | { | |
1109 | dbg_printf("Validate load field u64\n"); | |
1110 | break; | |
1111 | } | |
1112 | case FILTER_OP_LOAD_FIELD_STRING: | |
1113 | { | |
1114 | dbg_printf("Validate load field string\n"); | |
1115 | break; | |
1116 | } | |
1117 | case FILTER_OP_LOAD_FIELD_SEQUENCE: | |
1118 | { | |
1119 | dbg_printf("Validate load field sequence\n"); | |
1120 | break; | |
1121 | } | |
1122 | case FILTER_OP_LOAD_FIELD_DOUBLE: | |
1123 | { | |
1124 | dbg_printf("Validate load field double\n"); | |
1125 | break; | |
1126 | } | |
1127 | ||
1128 | case FILTER_OP_GET_SYMBOL: | |
1129 | { | |
1130 | struct load_op *insn = (struct load_op *) pc; | |
1131 | struct get_symbol *sym = (struct get_symbol *) insn->data; | |
1132 | ||
1133 | dbg_printf("Validate get symbol offset %u\n", sym->offset); | |
1134 | break; | |
1135 | } | |
1136 | ||
1137 | case FILTER_OP_GET_SYMBOL_FIELD: | |
1138 | { | |
1139 | struct load_op *insn = (struct load_op *) pc; | |
1140 | struct get_symbol *sym = (struct get_symbol *) insn->data; | |
1141 | ||
1142 | dbg_printf("Validate get symbol field offset %u\n", sym->offset); | |
1143 | break; | |
1144 | } | |
1145 | ||
1146 | case FILTER_OP_GET_INDEX_U16: | |
1147 | { | |
1148 | struct load_op *insn = (struct load_op *) pc; | |
1149 | struct get_index_u16 *get_index = (struct get_index_u16 *) insn->data; | |
1150 | ||
1151 | dbg_printf("Validate get index u16 index %u\n", get_index->index); | |
1152 | break; | |
1153 | } | |
1154 | ||
1155 | case FILTER_OP_GET_INDEX_U64: | |
1156 | { | |
1157 | struct load_op *insn = (struct load_op *) pc; | |
1158 | struct get_index_u64 *get_index = (struct get_index_u64 *) insn->data; | |
1159 | ||
1160 | dbg_printf("Validate get index u64 index %" PRIu64 "\n", get_index->index); | |
1161 | break; | |
1162 | } | |
bf956ec0 MD |
1163 | } |
1164 | end: | |
1165 | return ret; | |
1166 | } | |
1167 | ||
1168 | /* | |
1169 | * Return value: | |
1170 | * 0: success | |
1171 | * <0: error | |
1172 | */ | |
1173 | static | |
1174 | int validate_instruction_all_contexts(struct bytecode_runtime *bytecode, | |
1175 | struct cds_lfht *merge_points, | |
0305960f | 1176 | struct vstack *stack, |
22389ecb MD |
1177 | char *start_pc, |
1178 | char *pc) | |
bf956ec0 MD |
1179 | { |
1180 | int ret; | |
1181 | unsigned long target_pc = pc - start_pc; | |
1182 | struct cds_lfht_iter iter; | |
1183 | struct cds_lfht_node *node; | |
71c1ceeb | 1184 | struct lfht_mp_node *mp_node; |
bf956ec0 MD |
1185 | unsigned long hash; |
1186 | ||
1187 | /* Validate the context resulting from the previous instruction */ | |
0305960f | 1188 | ret = validate_instruction_context(bytecode, stack, start_pc, pc); |
53569322 | 1189 | if (ret < 0) |
bf956ec0 MD |
1190 | return ret; |
1191 | ||
1192 | /* Validate merge points */ | |
22389ecb | 1193 | hash = lttng_hash_mix((const char *) target_pc, sizeof(target_pc), |
bf956ec0 | 1194 | lttng_hash_seed); |
71c1ceeb | 1195 | cds_lfht_lookup(merge_points, hash, lttng_hash_match, |
22389ecb | 1196 | (const char *) target_pc, &iter); |
71c1ceeb MD |
1197 | node = cds_lfht_iter_get_node(&iter); |
1198 | if (node) { | |
1199 | mp_node = caa_container_of(node, struct lfht_mp_node, node); | |
3151a51d | 1200 | |
bf956ec0 MD |
1201 | dbg_printf("Filter: validate merge point at offset %lu\n", |
1202 | target_pc); | |
71c1ceeb MD |
1203 | if (merge_points_compare(stack, &mp_node->stack)) { |
1204 | ERR("Merge points differ for offset %lu\n", | |
1205 | target_pc); | |
1206 | return -EINVAL; | |
1207 | } | |
bf956ec0 | 1208 | /* Once validated, we can remove the merge point */ |
71c1ceeb | 1209 | dbg_printf("Filter: remove merge point at offset %lu\n", |
bf956ec0 MD |
1210 | target_pc); |
1211 | ret = cds_lfht_del(merge_points, node); | |
1212 | assert(!ret); | |
1213 | } | |
1214 | return 0; | |
1215 | } | |
1216 | ||
1217 | /* | |
1218 | * Return value: | |
1219 | * >0: going to next insn. | |
1220 | * 0: success, stop iteration. | |
1221 | * <0: error | |
1222 | */ | |
1223 | static | |
1224 | int exec_insn(struct bytecode_runtime *bytecode, | |
1225 | struct cds_lfht *merge_points, | |
0305960f | 1226 | struct vstack *stack, |
22389ecb MD |
1227 | char **_next_pc, |
1228 | char *pc) | |
bf956ec0 MD |
1229 | { |
1230 | int ret = 1; | |
22389ecb | 1231 | char *next_pc = *_next_pc; |
bf956ec0 MD |
1232 | |
1233 | switch (*(filter_opcode_t *) pc) { | |
1234 | case FILTER_OP_UNKNOWN: | |
1235 | default: | |
1236 | { | |
1237 | ERR("unknown bytecode op %u\n", | |
1238 | (unsigned int) *(filter_opcode_t *) pc); | |
1239 | ret = -EINVAL; | |
1240 | goto end; | |
1241 | } | |
1242 | ||
1243 | case FILTER_OP_RETURN: | |
1244 | { | |
71c1ceeb MD |
1245 | if (!vstack_ax(stack)) { |
1246 | ERR("Empty stack\n"); | |
1247 | ret = -EINVAL; | |
1248 | goto end; | |
1249 | } | |
47e5f13e MD |
1250 | switch (vstack_ax(stack)->type) { |
1251 | case REG_S64: | |
1252 | case REG_UNKNOWN: | |
1253 | break; | |
1254 | default: | |
1255 | ERR("Unexpected register type %d at end of bytecode\n", | |
1256 | (int) vstack_ax(stack)->type); | |
1257 | ret = -EINVAL; | |
1258 | goto end; | |
1259 | } | |
1260 | ||
bf956ec0 MD |
1261 | ret = 0; |
1262 | goto end; | |
1263 | } | |
93c591bb MD |
1264 | case FILTER_OP_RETURN_S64: |
1265 | { | |
1266 | if (!vstack_ax(stack)) { | |
1267 | ERR("Empty stack\n"); | |
1268 | ret = -EINVAL; | |
1269 | goto end; | |
1270 | } | |
1271 | switch (vstack_ax(stack)->type) { | |
1272 | case REG_S64: | |
1273 | break; | |
1274 | default: | |
1275 | case REG_UNKNOWN: | |
1276 | ERR("Unexpected register type %d at end of bytecode\n", | |
1277 | (int) vstack_ax(stack)->type); | |
1278 | ret = -EINVAL; | |
1279 | goto end; | |
1280 | } | |
1281 | ||
1282 | ret = 0; | |
1283 | goto end; | |
1284 | } | |
bf956ec0 MD |
1285 | |
1286 | /* binary */ | |
1287 | case FILTER_OP_MUL: | |
1288 | case FILTER_OP_DIV: | |
1289 | case FILTER_OP_MOD: | |
1290 | case FILTER_OP_PLUS: | |
1291 | case FILTER_OP_MINUS: | |
bf956ec0 MD |
1292 | { |
1293 | ERR("unsupported bytecode op %u\n", | |
1294 | (unsigned int) *(filter_opcode_t *) pc); | |
1295 | ret = -EINVAL; | |
1296 | goto end; | |
1297 | } | |
1298 | ||
1299 | case FILTER_OP_EQ: | |
1300 | case FILTER_OP_NE: | |
1301 | case FILTER_OP_GT: | |
1302 | case FILTER_OP_LT: | |
1303 | case FILTER_OP_GE: | |
1304 | case FILTER_OP_LE: | |
1305 | case FILTER_OP_EQ_STRING: | |
1306 | case FILTER_OP_NE_STRING: | |
1307 | case FILTER_OP_GT_STRING: | |
1308 | case FILTER_OP_LT_STRING: | |
1309 | case FILTER_OP_GE_STRING: | |
1310 | case FILTER_OP_LE_STRING: | |
3151a51d PP |
1311 | case FILTER_OP_EQ_STAR_GLOB_STRING: |
1312 | case FILTER_OP_NE_STAR_GLOB_STRING: | |
bf956ec0 MD |
1313 | case FILTER_OP_EQ_S64: |
1314 | case FILTER_OP_NE_S64: | |
1315 | case FILTER_OP_GT_S64: | |
1316 | case FILTER_OP_LT_S64: | |
1317 | case FILTER_OP_GE_S64: | |
1318 | case FILTER_OP_LE_S64: | |
bf956ec0 MD |
1319 | case FILTER_OP_EQ_DOUBLE: |
1320 | case FILTER_OP_NE_DOUBLE: | |
1321 | case FILTER_OP_GT_DOUBLE: | |
1322 | case FILTER_OP_LT_DOUBLE: | |
1323 | case FILTER_OP_GE_DOUBLE: | |
1324 | case FILTER_OP_LE_DOUBLE: | |
dbea82ec MD |
1325 | case FILTER_OP_EQ_DOUBLE_S64: |
1326 | case FILTER_OP_NE_DOUBLE_S64: | |
1327 | case FILTER_OP_GT_DOUBLE_S64: | |
1328 | case FILTER_OP_LT_DOUBLE_S64: | |
1329 | case FILTER_OP_GE_DOUBLE_S64: | |
1330 | case FILTER_OP_LE_DOUBLE_S64: | |
1331 | case FILTER_OP_EQ_S64_DOUBLE: | |
1332 | case FILTER_OP_NE_S64_DOUBLE: | |
1333 | case FILTER_OP_GT_S64_DOUBLE: | |
1334 | case FILTER_OP_LT_S64_DOUBLE: | |
1335 | case FILTER_OP_GE_S64_DOUBLE: | |
1336 | case FILTER_OP_LE_S64_DOUBLE: | |
0039e2d8 MD |
1337 | case FILTER_OP_BIT_RSHIFT: |
1338 | case FILTER_OP_BIT_LSHIFT: | |
47e5f13e MD |
1339 | case FILTER_OP_BIT_AND: |
1340 | case FILTER_OP_BIT_OR: | |
1341 | case FILTER_OP_BIT_XOR: | |
bf956ec0 | 1342 | { |
0305960f MD |
1343 | /* Pop 2, push 1 */ |
1344 | if (vstack_pop(stack)) { | |
1345 | ret = -EINVAL; | |
1346 | goto end; | |
1347 | } | |
1348 | if (!vstack_ax(stack)) { | |
1349 | ERR("Empty stack\n"); | |
1350 | ret = -EINVAL; | |
1351 | goto end; | |
1352 | } | |
47e5f13e MD |
1353 | switch (vstack_ax(stack)->type) { |
1354 | case REG_S64: | |
1355 | case REG_DOUBLE: | |
1356 | case REG_STRING: | |
1357 | case REG_STAR_GLOB_STRING: | |
1358 | case REG_UNKNOWN: | |
1359 | break; | |
1360 | default: | |
1361 | ERR("Unexpected register type %d for operation\n", | |
1362 | (int) vstack_ax(stack)->type); | |
1363 | ret = -EINVAL; | |
1364 | goto end; | |
1365 | } | |
1366 | ||
0305960f | 1367 | vstack_ax(stack)->type = REG_S64; |
bf956ec0 MD |
1368 | next_pc += sizeof(struct binary_op); |
1369 | break; | |
1370 | } | |
1371 | ||
1372 | /* unary */ | |
1373 | case FILTER_OP_UNARY_PLUS: | |
1374 | case FILTER_OP_UNARY_MINUS: | |
53569322 MD |
1375 | { |
1376 | /* Pop 1, push 1 */ | |
1377 | if (!vstack_ax(stack)) { | |
1378 | ERR("Empty stack\n"); | |
1379 | ret = -EINVAL; | |
1380 | goto end; | |
1381 | } | |
47e5f13e MD |
1382 | switch (vstack_ax(stack)->type) { |
1383 | case REG_UNKNOWN: | |
1384 | case REG_DOUBLE: | |
1385 | case REG_S64: | |
1386 | break; | |
1387 | default: | |
1388 | ERR("Unexpected register type %d for operation\n", | |
1389 | (int) vstack_ax(stack)->type); | |
1390 | ret = -EINVAL; | |
1391 | goto end; | |
1392 | } | |
53569322 MD |
1393 | vstack_ax(stack)->type = REG_UNKNOWN; |
1394 | next_pc += sizeof(struct unary_op); | |
1395 | break; | |
1396 | } | |
1397 | ||
bf956ec0 MD |
1398 | case FILTER_OP_UNARY_PLUS_S64: |
1399 | case FILTER_OP_UNARY_MINUS_S64: | |
1400 | case FILTER_OP_UNARY_NOT_S64: | |
47e5f13e MD |
1401 | { |
1402 | /* Pop 1, push 1 */ | |
1403 | if (!vstack_ax(stack)) { | |
1404 | ERR("Empty stack\n"); | |
1405 | ret = -EINVAL; | |
1406 | goto end; | |
1407 | } | |
1408 | switch (vstack_ax(stack)->type) { | |
1409 | case REG_S64: | |
1410 | break; | |
1411 | default: | |
1412 | ERR("Unexpected register type %d for operation\n", | |
1413 | (int) vstack_ax(stack)->type); | |
1414 | ret = -EINVAL; | |
1415 | goto end; | |
1416 | } | |
1417 | ||
1418 | vstack_ax(stack)->type = REG_S64; | |
1419 | next_pc += sizeof(struct unary_op); | |
1420 | break; | |
1421 | } | |
1422 | ||
1423 | case FILTER_OP_UNARY_NOT: | |
1424 | { | |
1425 | /* Pop 1, push 1 */ | |
1426 | if (!vstack_ax(stack)) { | |
1427 | ERR("Empty stack\n"); | |
1428 | ret = -EINVAL; | |
1429 | goto end; | |
1430 | } | |
1431 | switch (vstack_ax(stack)->type) { | |
1432 | case REG_UNKNOWN: | |
1433 | case REG_DOUBLE: | |
1434 | case REG_S64: | |
1435 | break; | |
1436 | default: | |
1437 | ERR("Unexpected register type %d for operation\n", | |
1438 | (int) vstack_ax(stack)->type); | |
1439 | ret = -EINVAL; | |
1440 | goto end; | |
1441 | } | |
1442 | ||
1443 | vstack_ax(stack)->type = REG_S64; | |
1444 | next_pc += sizeof(struct unary_op); | |
1445 | break; | |
1446 | } | |
1447 | ||
0039e2d8 MD |
1448 | case FILTER_OP_UNARY_BIT_NOT: |
1449 | { | |
1450 | /* Pop 1, push 1 */ | |
1451 | if (!vstack_ax(stack)) { | |
1452 | ERR("Empty stack\n"); | |
1453 | ret = -EINVAL; | |
1454 | goto end; | |
1455 | } | |
1456 | switch (vstack_ax(stack)->type) { | |
1457 | case REG_UNKNOWN: | |
1458 | case REG_S64: | |
1459 | break; | |
1460 | case REG_DOUBLE: | |
1461 | default: | |
1462 | ERR("Unexpected register type %d for operation\n", | |
1463 | (int) vstack_ax(stack)->type); | |
1464 | ret = -EINVAL; | |
1465 | goto end; | |
1466 | } | |
1467 | ||
1468 | vstack_ax(stack)->type = REG_S64; | |
1469 | next_pc += sizeof(struct unary_op); | |
1470 | break; | |
1471 | } | |
1472 | ||
53569322 | 1473 | case FILTER_OP_UNARY_NOT_DOUBLE: |
bf956ec0 | 1474 | { |
0305960f MD |
1475 | /* Pop 1, push 1 */ |
1476 | if (!vstack_ax(stack)) { | |
1477 | ERR("Empty stack\n"); | |
1478 | ret = -EINVAL; | |
1479 | goto end; | |
1480 | } | |
47e5f13e MD |
1481 | switch (vstack_ax(stack)->type) { |
1482 | case REG_DOUBLE: | |
1483 | break; | |
1484 | default: | |
1485 | ERR("Incorrect register type %d for operation\n", | |
1486 | (int) vstack_ax(stack)->type); | |
1487 | ret = -EINVAL; | |
1488 | goto end; | |
1489 | } | |
1490 | ||
0305960f | 1491 | vstack_ax(stack)->type = REG_S64; |
bf956ec0 MD |
1492 | next_pc += sizeof(struct unary_op); |
1493 | break; | |
1494 | } | |
1495 | ||
1496 | case FILTER_OP_UNARY_PLUS_DOUBLE: | |
1497 | case FILTER_OP_UNARY_MINUS_DOUBLE: | |
bf956ec0 | 1498 | { |
0305960f MD |
1499 | /* Pop 1, push 1 */ |
1500 | if (!vstack_ax(stack)) { | |
1501 | ERR("Empty stack\n"); | |
1502 | ret = -EINVAL; | |
1503 | goto end; | |
1504 | } | |
47e5f13e MD |
1505 | switch (vstack_ax(stack)->type) { |
1506 | case REG_DOUBLE: | |
1507 | break; | |
1508 | default: | |
1509 | ERR("Incorrect register type %d for operation\n", | |
1510 | (int) vstack_ax(stack)->type); | |
1511 | ret = -EINVAL; | |
1512 | goto end; | |
1513 | } | |
1514 | ||
0305960f | 1515 | vstack_ax(stack)->type = REG_DOUBLE; |
bf956ec0 MD |
1516 | next_pc += sizeof(struct unary_op); |
1517 | break; | |
1518 | } | |
1519 | ||
1520 | /* logical */ | |
1521 | case FILTER_OP_AND: | |
1522 | case FILTER_OP_OR: | |
1523 | { | |
1524 | struct logical_op *insn = (struct logical_op *) pc; | |
1525 | int merge_ret; | |
1526 | ||
1527 | /* Add merge point to table */ | |
71c1ceeb MD |
1528 | merge_ret = merge_point_add_check(merge_points, |
1529 | insn->skip_offset, stack); | |
bf956ec0 MD |
1530 | if (merge_ret) { |
1531 | ret = merge_ret; | |
1532 | goto end; | |
97b58163 | 1533 | } |
47e5f13e MD |
1534 | |
1535 | if (!vstack_ax(stack)) { | |
1536 | ERR("Empty stack\n"); | |
1537 | ret = -EINVAL; | |
1538 | goto end; | |
1539 | } | |
1540 | /* There is always a cast-to-s64 operation before a or/and op. */ | |
1541 | switch (vstack_ax(stack)->type) { | |
1542 | case REG_S64: | |
1543 | break; | |
1544 | default: | |
1545 | ERR("Incorrect register type %d for operation\n", | |
1546 | (int) vstack_ax(stack)->type); | |
1547 | ret = -EINVAL; | |
1548 | goto end; | |
1549 | } | |
1550 | ||
bf956ec0 | 1551 | /* Continue to next instruction */ |
71c1ceeb MD |
1552 | /* Pop 1 when jump not taken */ |
1553 | if (vstack_pop(stack)) { | |
1554 | ret = -EINVAL; | |
1555 | goto end; | |
1556 | } | |
bf956ec0 MD |
1557 | next_pc += sizeof(struct logical_op); |
1558 | break; | |
1559 | } | |
1560 | ||
77aa5901 | 1561 | /* load field ref */ |
bf956ec0 MD |
1562 | case FILTER_OP_LOAD_FIELD_REF: |
1563 | { | |
1564 | ERR("Unknown field ref type\n"); | |
1565 | ret = -EINVAL; | |
1566 | goto end; | |
1567 | } | |
77aa5901 MD |
1568 | /* get context ref */ |
1569 | case FILTER_OP_GET_CONTEXT_REF: | |
1570 | { | |
53569322 MD |
1571 | if (vstack_push(stack)) { |
1572 | ret = -EINVAL; | |
1573 | goto end; | |
1574 | } | |
1575 | vstack_ax(stack)->type = REG_UNKNOWN; | |
1576 | next_pc += sizeof(struct load_op) + sizeof(struct field_ref); | |
1577 | break; | |
77aa5901 | 1578 | } |
bf956ec0 MD |
1579 | case FILTER_OP_LOAD_FIELD_REF_STRING: |
1580 | case FILTER_OP_LOAD_FIELD_REF_SEQUENCE: | |
77aa5901 | 1581 | case FILTER_OP_GET_CONTEXT_REF_STRING: |
bf956ec0 | 1582 | { |
0305960f MD |
1583 | if (vstack_push(stack)) { |
1584 | ret = -EINVAL; | |
1585 | goto end; | |
1586 | } | |
1587 | vstack_ax(stack)->type = REG_STRING; | |
bf956ec0 MD |
1588 | next_pc += sizeof(struct load_op) + sizeof(struct field_ref); |
1589 | break; | |
1590 | } | |
1591 | case FILTER_OP_LOAD_FIELD_REF_S64: | |
77aa5901 | 1592 | case FILTER_OP_GET_CONTEXT_REF_S64: |
bf956ec0 | 1593 | { |
0305960f MD |
1594 | if (vstack_push(stack)) { |
1595 | ret = -EINVAL; | |
1596 | goto end; | |
1597 | } | |
1598 | vstack_ax(stack)->type = REG_S64; | |
bf956ec0 MD |
1599 | next_pc += sizeof(struct load_op) + sizeof(struct field_ref); |
1600 | break; | |
1601 | } | |
1602 | case FILTER_OP_LOAD_FIELD_REF_DOUBLE: | |
77aa5901 | 1603 | case FILTER_OP_GET_CONTEXT_REF_DOUBLE: |
bf956ec0 | 1604 | { |
0305960f MD |
1605 | if (vstack_push(stack)) { |
1606 | ret = -EINVAL; | |
1607 | goto end; | |
1608 | } | |
1609 | vstack_ax(stack)->type = REG_DOUBLE; | |
bf956ec0 MD |
1610 | next_pc += sizeof(struct load_op) + sizeof(struct field_ref); |
1611 | break; | |
1612 | } | |
1613 | ||
77aa5901 | 1614 | /* load from immediate operand */ |
bf956ec0 MD |
1615 | case FILTER_OP_LOAD_STRING: |
1616 | { | |
1617 | struct load_op *insn = (struct load_op *) pc; | |
1618 | ||
0305960f MD |
1619 | if (vstack_push(stack)) { |
1620 | ret = -EINVAL; | |
1621 | goto end; | |
1622 | } | |
1623 | vstack_ax(stack)->type = REG_STRING; | |
bf956ec0 MD |
1624 | next_pc += sizeof(struct load_op) + strlen(insn->data) + 1; |
1625 | break; | |
1626 | } | |
1627 | ||
3151a51d PP |
1628 | case FILTER_OP_LOAD_STAR_GLOB_STRING: |
1629 | { | |
1630 | struct load_op *insn = (struct load_op *) pc; | |
1631 | ||
1632 | if (vstack_push(stack)) { | |
1633 | ret = -EINVAL; | |
1634 | goto end; | |
1635 | } | |
1636 | vstack_ax(stack)->type = REG_STAR_GLOB_STRING; | |
1637 | next_pc += sizeof(struct load_op) + strlen(insn->data) + 1; | |
1638 | break; | |
1639 | } | |
1640 | ||
bf956ec0 MD |
1641 | case FILTER_OP_LOAD_S64: |
1642 | { | |
0305960f MD |
1643 | if (vstack_push(stack)) { |
1644 | ret = -EINVAL; | |
1645 | goto end; | |
1646 | } | |
1647 | vstack_ax(stack)->type = REG_S64; | |
bf956ec0 MD |
1648 | next_pc += sizeof(struct load_op) |
1649 | + sizeof(struct literal_numeric); | |
1650 | break; | |
1651 | } | |
1652 | ||
1653 | case FILTER_OP_LOAD_DOUBLE: | |
1654 | { | |
0305960f MD |
1655 | if (vstack_push(stack)) { |
1656 | ret = -EINVAL; | |
1657 | goto end; | |
1658 | } | |
1659 | vstack_ax(stack)->type = REG_DOUBLE; | |
bf956ec0 MD |
1660 | next_pc += sizeof(struct load_op) |
1661 | + sizeof(struct literal_double); | |
1662 | break; | |
1663 | } | |
1664 | ||
1665 | case FILTER_OP_CAST_TO_S64: | |
1666 | case FILTER_OP_CAST_DOUBLE_TO_S64: | |
1667 | { | |
0305960f MD |
1668 | /* Pop 1, push 1 */ |
1669 | if (!vstack_ax(stack)) { | |
1670 | ERR("Empty stack\n"); | |
1671 | ret = -EINVAL; | |
1672 | goto end; | |
1673 | } | |
47e5f13e MD |
1674 | switch (vstack_ax(stack)->type) { |
1675 | case REG_S64: | |
1676 | case REG_DOUBLE: | |
1677 | case REG_UNKNOWN: | |
1678 | break; | |
1679 | default: | |
1680 | ERR("Incorrect register type %d for cast\n", | |
1681 | (int) vstack_ax(stack)->type); | |
1682 | ret = -EINVAL; | |
1683 | goto end; | |
1684 | } | |
0305960f | 1685 | vstack_ax(stack)->type = REG_S64; |
bf956ec0 MD |
1686 | next_pc += sizeof(struct cast_op); |
1687 | break; | |
1688 | } | |
1689 | case FILTER_OP_CAST_NOP: | |
1690 | { | |
1691 | next_pc += sizeof(struct cast_op); | |
1692 | break; | |
1693 | } | |
97b58163 | 1694 | |
47e5f13e MD |
1695 | /* |
1696 | * Instructions for recursive traversal through composed types. | |
1697 | */ | |
1698 | case FILTER_OP_GET_CONTEXT_ROOT: | |
1699 | case FILTER_OP_GET_APP_CONTEXT_ROOT: | |
1700 | case FILTER_OP_GET_PAYLOAD_ROOT: | |
1701 | { | |
1702 | if (vstack_push(stack)) { | |
1703 | ret = -EINVAL; | |
1704 | goto end; | |
1705 | } | |
1706 | vstack_ax(stack)->type = REG_PTR; | |
1707 | next_pc += sizeof(struct load_op); | |
1708 | break; | |
1709 | } | |
1710 | ||
1711 | case FILTER_OP_LOAD_FIELD: | |
1712 | { | |
1713 | /* Pop 1, push 1 */ | |
1714 | if (!vstack_ax(stack)) { | |
1715 | ERR("Empty stack\n"); | |
1716 | ret = -EINVAL; | |
1717 | goto end; | |
1718 | } | |
1719 | if (vstack_ax(stack)->type != REG_PTR) { | |
1720 | ERR("Expecting pointer on top of stack\n"); | |
1721 | ret = -EINVAL; | |
1722 | goto end; | |
1723 | } | |
1724 | vstack_ax(stack)->type = REG_UNKNOWN; | |
1725 | next_pc += sizeof(struct load_op); | |
1726 | break; | |
1727 | } | |
1728 | ||
1729 | case FILTER_OP_LOAD_FIELD_S8: | |
1730 | case FILTER_OP_LOAD_FIELD_S16: | |
1731 | case FILTER_OP_LOAD_FIELD_S32: | |
1732 | case FILTER_OP_LOAD_FIELD_S64: | |
1733 | case FILTER_OP_LOAD_FIELD_U8: | |
1734 | case FILTER_OP_LOAD_FIELD_U16: | |
1735 | case FILTER_OP_LOAD_FIELD_U32: | |
1736 | case FILTER_OP_LOAD_FIELD_U64: | |
1737 | { | |
1738 | /* Pop 1, push 1 */ | |
1739 | if (!vstack_ax(stack)) { | |
1740 | ERR("Empty stack\n"); | |
1741 | ret = -EINVAL; | |
1742 | goto end; | |
1743 | } | |
1744 | if (vstack_ax(stack)->type != REG_PTR) { | |
1745 | ERR("Expecting pointer on top of stack\n"); | |
1746 | ret = -EINVAL; | |
1747 | goto end; | |
1748 | } | |
1749 | vstack_ax(stack)->type = REG_S64; | |
1750 | next_pc += sizeof(struct load_op); | |
1751 | break; | |
1752 | } | |
1753 | ||
1754 | case FILTER_OP_LOAD_FIELD_STRING: | |
1755 | case FILTER_OP_LOAD_FIELD_SEQUENCE: | |
1756 | { | |
1757 | /* Pop 1, push 1 */ | |
1758 | if (!vstack_ax(stack)) { | |
1759 | ERR("Empty stack\n"); | |
1760 | ret = -EINVAL; | |
1761 | goto end; | |
1762 | } | |
1763 | if (vstack_ax(stack)->type != REG_PTR) { | |
1764 | ERR("Expecting pointer on top of stack\n"); | |
1765 | ret = -EINVAL; | |
1766 | goto end; | |
1767 | } | |
1768 | vstack_ax(stack)->type = REG_STRING; | |
1769 | next_pc += sizeof(struct load_op); | |
1770 | break; | |
1771 | } | |
1772 | ||
1773 | case FILTER_OP_LOAD_FIELD_DOUBLE: | |
1774 | { | |
1775 | /* Pop 1, push 1 */ | |
1776 | if (!vstack_ax(stack)) { | |
1777 | ERR("Empty stack\n"); | |
1778 | ret = -EINVAL; | |
1779 | goto end; | |
1780 | } | |
1781 | if (vstack_ax(stack)->type != REG_PTR) { | |
1782 | ERR("Expecting pointer on top of stack\n"); | |
1783 | ret = -EINVAL; | |
1784 | goto end; | |
1785 | } | |
1786 | vstack_ax(stack)->type = REG_DOUBLE; | |
1787 | next_pc += sizeof(struct load_op); | |
1788 | break; | |
1789 | } | |
1790 | ||
1791 | case FILTER_OP_GET_SYMBOL: | |
1792 | case FILTER_OP_GET_SYMBOL_FIELD: | |
1793 | { | |
1794 | /* Pop 1, push 1 */ | |
1795 | if (!vstack_ax(stack)) { | |
1796 | ERR("Empty stack\n"); | |
1797 | ret = -EINVAL; | |
1798 | goto end; | |
1799 | } | |
1800 | if (vstack_ax(stack)->type != REG_PTR) { | |
1801 | ERR("Expecting pointer on top of stack\n"); | |
1802 | ret = -EINVAL; | |
1803 | goto end; | |
1804 | } | |
1805 | next_pc += sizeof(struct load_op) + sizeof(struct get_symbol); | |
1806 | break; | |
1807 | } | |
1808 | ||
1809 | case FILTER_OP_GET_INDEX_U16: | |
1810 | { | |
1811 | /* Pop 1, push 1 */ | |
1812 | if (!vstack_ax(stack)) { | |
1813 | ERR("Empty stack\n"); | |
1814 | ret = -EINVAL; | |
1815 | goto end; | |
1816 | } | |
1817 | if (vstack_ax(stack)->type != REG_PTR) { | |
1818 | ERR("Expecting pointer on top of stack\n"); | |
1819 | ret = -EINVAL; | |
1820 | goto end; | |
1821 | } | |
1822 | next_pc += sizeof(struct load_op) + sizeof(struct get_index_u16); | |
1823 | break; | |
1824 | } | |
1825 | ||
1826 | case FILTER_OP_GET_INDEX_U64: | |
1827 | { | |
1828 | /* Pop 1, push 1 */ | |
1829 | if (!vstack_ax(stack)) { | |
1830 | ERR("Empty stack\n"); | |
1831 | ret = -EINVAL; | |
1832 | goto end; | |
1833 | } | |
1834 | if (vstack_ax(stack)->type != REG_PTR) { | |
1835 | ERR("Expecting pointer on top of stack\n"); | |
1836 | ret = -EINVAL; | |
1837 | goto end; | |
1838 | } | |
1839 | next_pc += sizeof(struct load_op) + sizeof(struct get_index_u64); | |
1840 | break; | |
1841 | } | |
1842 | ||
bf956ec0 MD |
1843 | } |
1844 | end: | |
1845 | *_next_pc = next_pc; | |
1846 | return ret; | |
1847 | } | |
1848 | ||
1849 | /* | |
1850 | * Never called concurrently (hash seed is shared). | |
1851 | */ | |
1852 | int lttng_filter_validate_bytecode(struct bytecode_runtime *bytecode) | |
1853 | { | |
1854 | struct cds_lfht *merge_points; | |
22389ecb | 1855 | char *pc, *next_pc, *start_pc; |
bf956ec0 | 1856 | int ret = -EINVAL; |
0305960f | 1857 | struct vstack stack; |
bf956ec0 | 1858 | |
0305960f | 1859 | vstack_init(&stack); |
bf956ec0 MD |
1860 | |
1861 | if (!lttng_hash_seed_ready) { | |
1862 | lttng_hash_seed = time(NULL); | |
1863 | lttng_hash_seed_ready = 1; | |
1864 | } | |
1865 | /* | |
1866 | * Note: merge_points hash table used by single thread, and | |
1867 | * never concurrently resized. Therefore, we can use it without | |
1868 | * holding RCU read-side lock and free nodes without using | |
1869 | * call_rcu. | |
1870 | */ | |
1871 | merge_points = cds_lfht_new(DEFAULT_NR_MERGE_POINTS, | |
1872 | MIN_NR_BUCKETS, MAX_NR_BUCKETS, | |
1873 | 0, NULL); | |
1874 | if (!merge_points) { | |
1875 | ERR("Error allocating hash table for bytecode validation\n"); | |
1876 | return -ENOMEM; | |
1877 | } | |
47e5f13e | 1878 | start_pc = &bytecode->code[0]; |
bf956ec0 MD |
1879 | for (pc = next_pc = start_pc; pc - start_pc < bytecode->len; |
1880 | pc = next_pc) { | |
82513dbe MD |
1881 | ret = bytecode_validate_overflow(bytecode, start_pc, pc); |
1882 | if (ret != 0) { | |
1883 | if (ret == -ERANGE) | |
1884 | ERR("filter bytecode overflow\n"); | |
bf956ec0 | 1885 | goto end; |
97b58163 | 1886 | } |
bf956ec0 MD |
1887 | dbg_printf("Validating op %s (%u)\n", |
1888 | print_op((unsigned int) *(filter_opcode_t *) pc), | |
1889 | (unsigned int) *(filter_opcode_t *) pc); | |
1890 | ||
1891 | /* | |
1892 | * For each instruction, validate the current context | |
1893 | * (traversal of entire execution flow), and validate | |
53569322 | 1894 | * all merge points targeting this instruction. |
bf956ec0 MD |
1895 | */ |
1896 | ret = validate_instruction_all_contexts(bytecode, merge_points, | |
0305960f | 1897 | &stack, start_pc, pc); |
bf956ec0 MD |
1898 | if (ret) |
1899 | goto end; | |
0305960f | 1900 | ret = exec_insn(bytecode, merge_points, &stack, &next_pc, pc); |
bf956ec0 MD |
1901 | if (ret <= 0) |
1902 | goto end; | |
97b58163 MD |
1903 | } |
1904 | end: | |
bf956ec0 MD |
1905 | if (delete_all_nodes(merge_points)) { |
1906 | if (!ret) { | |
1907 | ERR("Unexpected merge points\n"); | |
1908 | ret = -EINVAL; | |
1909 | } | |
1910 | } | |
1911 | if (cds_lfht_destroy(merge_points, NULL)) { | |
1912 | ERR("Error destroying hash table\n"); | |
1913 | } | |
97b58163 MD |
1914 | return ret; |
1915 | } |