~hc/RK356X_SDK_RELEASE.git

..	..	@@ -2,6 +2,8 @@
2	2	/* Copyright (c) 2018 Facebook */
3	3
4	4	#include <uapi/linux/btf.h>
	5	+#include <uapi/linux/bpf.h>
	6	+#include <uapi/linux/bpf_perf_event.h>
5	7	#include <uapi/linux/types.h>
6	8	#include <linux/seq_file.h>
7	9	#include <linux/compiler.h>
..	..	@@ -16,6 +18,12 @@
16	18	#include <linux/sort.h>
17	19	#include <linux/bpf_verifier.h>
18	20	#include <linux/btf.h>
	21	+#include <linux/btf_ids.h>
	22	+#include <linux/skmsg.h>
	23	+#include <linux/perf_event.h>
	24	+#include <linux/bsearch.h>
	25	+#include <linux/btf_ids.h>
	26	+#include <net/sock.h>
19	27
20	28	/* BTF (BPF Type Format) is the meta data format which describes
21	29	* the data types of BPF program/map. Hence, it basically focus
..	..	@@ -157,14 +165,14 @@
157	165	*
158	166	*/
159	167
160		-#define BITS_PER_U64 (sizeof(u64) * BITS_PER_BYTE)
	168	+#define BITS_PER_U128 (sizeof(u64) * BITS_PER_BYTE * 2)
161	169	#define BITS_PER_BYTE_MASK (BITS_PER_BYTE - 1)
162	170	#define BITS_PER_BYTE_MASKED(bits) ((bits) & BITS_PER_BYTE_MASK)
163	171	#define BITS_ROUNDDOWN_BYTES(bits) ((bits) >> 3)
164	172	#define BITS_ROUNDUP_BYTES(bits) \
165	173	(BITS_ROUNDDOWN_BYTES(bits) + !!BITS_PER_BYTE_MASKED(bits))
166	174
167		-#define BTF_INFO_MASK 0x0f00ffff
	175	+#define BTF_INFO_MASK 0x8f00ffff
168	176	#define BTF_INT_MASK 0x0fffffff
169	177	#define BTF_TYPE_ID_VALID(type_id) ((type_id) <= BTF_MAX_TYPE)
170	178	#define BTF_STR_OFFSET_VALID(name_off) ((name_off) <= BTF_MAX_NAME_OFFSET)
..	..	@@ -175,18 +183,18 @@
175	183	*/
176	184	#define BTF_MAX_SIZE (16 * 1024 * 1024)
177	185
178		-#define for_each_member(i, struct_type, member) \
179		- for (i = 0, member = btf_type_member(struct_type); \
180		- i < btf_type_vlen(struct_type); \
181		- i++, member++)
182		-
183	186	#define for_each_member_from(i, from, struct_type, member) \
184	187	for (i = from, member = btf_type_member(struct_type) + from; \
185	188	i < btf_type_vlen(struct_type); \
186	189	i++, member++)
187	190
188		-static DEFINE_IDR(btf_idr);
189		-static DEFINE_SPINLOCK(btf_idr_lock);
	191	+#define for_each_vsi_from(i, from, struct_type, member) \
	192	+ for (i = from, member = btf_type_var_secinfo(struct_type) + from; \
	193	+ i < btf_type_vlen(struct_type); \
	194	+ i++, member++)
	195	+
	196	+DEFINE_IDR(btf_idr);
	197	+DEFINE_SPINLOCK(btf_idr_lock);
190	198
191	199	struct btf {
192	200	void *data;
..	..	@@ -260,6 +268,100 @@
260	268	[BTF_KIND_VOLATILE] = "VOLATILE",
261	269	[BTF_KIND_CONST] = "CONST",
262	270	[BTF_KIND_RESTRICT] = "RESTRICT",
	271	+ [BTF_KIND_FUNC] = "FUNC",
	272	+ [BTF_KIND_FUNC_PROTO] = "FUNC_PROTO",
	273	+ [BTF_KIND_VAR] = "VAR",
	274	+ [BTF_KIND_DATASEC] = "DATASEC",
	275	+};
	276	+
	277	+static const char btf_type_str(const struct btf_type t)
	278	+{
	279	+ return btf_kind_str[BTF_INFO_KIND(t->info)];
	280	+}
	281	+
	282	+/* Chunk size we use in safe copy of data to be shown. */
	283	+#define BTF_SHOW_OBJ_SAFE_SIZE 32
	284	+
	285	+/*
	286	+ * This is the maximum size of a base type value (equivalent to a
	287	+ * 128-bit int); if we are at the end of our safe buffer and have
	288	+ * less than 16 bytes space we can't be assured of being able
	289	+ * to copy the next type safely, so in such cases we will initiate
	290	+ * a new copy.
	291	+ */
	292	+#define BTF_SHOW_OBJ_BASE_TYPE_SIZE 16
	293	+
	294	+/* Type name size */
	295	+#define BTF_SHOW_NAME_SIZE 80
	296	+
	297	+/*
	298	+ * Common data to all BTF show operations. Private show functions can add
	299	+ * their own data to a structure containing a struct btf_show and consult it
	300	+ * in the show callback. See btf_type_show() below.
	301	+ *
	302	+ * One challenge with showing nested data is we want to skip 0-valued
	303	+ * data, but in order to figure out whether a nested object is all zeros
	304	+ * we need to walk through it. As a result, we need to make two passes
	305	+ * when handling structs, unions and arrays; the first path simply looks
	306	+ * for nonzero data, while the second actually does the display. The first
	307	+ * pass is signalled by show->state.depth_check being set, and if we
	308	+ * encounter a non-zero value we set show->state.depth_to_show to
	309	+ * the depth at which we encountered it. When we have completed the
	310	+ * first pass, we will know if anything needs to be displayed if
	311	+ * depth_to_show > depth. See btf_[struct,array]_show() for the
	312	+ * implementation of this.
	313	+ *
	314	+ * Another problem is we want to ensure the data for display is safe to
	315	+ * access. To support this, the anonymous "struct {} obj" tracks the data
	316	+ * object and our safe copy of it. We copy portions of the data needed
	317	+ * to the object "copy" buffer, but because its size is limited to
	318	+ * BTF_SHOW_OBJ_COPY_LEN bytes, multiple copies may be required as we
	319	+ * traverse larger objects for display.
	320	+ *
	321	+ * The various data type show functions all start with a call to
	322	+ * btf_show_start_type() which returns a pointer to the safe copy
	323	+ * of the data needed (or if BTF_SHOW_UNSAFE is specified, to the
	324	+ * raw data itself). btf_show_obj_safe() is responsible for
	325	+ * using copy_from_kernel_nofault() to update the safe data if necessary
	326	+ * as we traverse the object's data. skbuff-like semantics are
	327	+ * used:
	328	+ *
	329	+ * - obj.head points to the start of the toplevel object for display
	330	+ * - obj.size is the size of the toplevel object
	331	+ * - obj.data points to the current point in the original data at
	332	+ * which our safe data starts. obj.data will advance as we copy
	333	+ * portions of the data.
	334	+ *
	335	+ * In most cases a single copy will suffice, but larger data structures
	336	+ * such as "struct task_struct" will require many copies. The logic in
	337	+ * btf_show_obj_safe() handles the logic that determines if a new
	338	+ * copy_from_kernel_nofault() is needed.
	339	+ */
	340	+struct btf_show {
	341	+ u64 flags;
	342	+ void target; / target of show operation (seq file, buffer) */
	343	+ void (showfn)(struct btf_show show, const char *fmt, va_list args);
	344	+ const struct btf *btf;
	345	+ /* below are used during iteration */
	346	+ struct {
	347	+ u8 depth;
	348	+ u8 depth_to_show;
	349	+ u8 depth_check;
	350	+ u8 array_member:1,
	351	+ array_terminated:1;
	352	+ u16 array_encoding;
	353	+ u32 type_id;
	354	+ int status; /* non-zero for error */
	355	+ const struct btf_type *type;
	356	+ const struct btf_member *member;
	357	+ char name[BTF_SHOW_NAME_SIZE]; /* space for member name/type */
	358	+ } state;
	359	+ struct {
	360	+ u32 size;
	361	+ void *head;
	362	+ void *data;
	363	+ u8 safe[BTF_SHOW_OBJ_SAFE_SIZE];
	364	+ } obj;
263	365	};
264	366
265	367	struct btf_kind_operations {
..	..	@@ -272,15 +374,22 @@
272	374	const struct btf_type *struct_type,
273	375	const struct btf_member *member,
274	376	const struct btf_type *member_type);
	377	+ int (check_kflag_member)(struct btf_verifier_env env,
	378	+ const struct btf_type *struct_type,
	379	+ const struct btf_member *member,
	380	+ const struct btf_type *member_type);
275	381	void (log_details)(struct btf_verifier_env env,
276	382	const struct btf_type *t);
277		- void (seq_show)(const struct btf btf, const struct btf_type *t,
	383	+ void (show)(const struct btf btf, const struct btf_type *t,
278	384	u32 type_id, void *data, u8 bits_offsets,
279		- struct seq_file *m);
	385	+ struct btf_show *show);
280	386	};
281	387
282	388	static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS];
283	389	static struct btf_type btf_void;
	390	+
	391	+static int btf_resolve(struct btf_verifier_env *env,
	392	+ const struct btf_type *t, u32 type_id);
284	393
285	394	static bool btf_type_is_modifier(const struct btf_type *t)
286	395	{
..	..	@@ -305,27 +414,30 @@
305	414	return false;
306	415	}
307	416
308		-static bool btf_type_is_void(const struct btf_type *t)
	417	+bool btf_type_is_void(const struct btf_type *t)
309	418	{
310		- /* void => no type and size info.
311		- * Hence, FWD is also treated as void.
312		- */
313		- return t == &btf_void \|\| BTF_INFO_KIND(t->info) == BTF_KIND_FWD;
	419	+ return t == &btf_void;
314	420	}
315	421
316		-static bool btf_type_is_void_or_null(const struct btf_type *t)
	422	+static bool btf_type_is_fwd(const struct btf_type *t)
317	423	{
318		- return !t \|\| btf_type_is_void(t);
	424	+ return BTF_INFO_KIND(t->info) == BTF_KIND_FWD;
319	425	}
320	426
321		-/* union is only a special case of struct:
322		- * all its offsetof(member) == 0
323		- */
324		-static bool btf_type_is_struct(const struct btf_type *t)
	427	+static bool btf_type_nosize(const struct btf_type *t)
325	428	{
326		- u8 kind = BTF_INFO_KIND(t->info);
	429	+ return btf_type_is_void(t) \|\| btf_type_is_fwd(t) \|\|
	430	+ btf_type_is_func(t) \|\| btf_type_is_func_proto(t);
	431	+}
327	432
328		- return kind == BTF_KIND_STRUCT \|\| kind == BTF_KIND_UNION;
	433	+static bool btf_type_nosize_or_null(const struct btf_type *t)
	434	+{
	435	+ return !t \|\| btf_type_nosize(t);
	436	+}
	437	+
	438	+static bool __btf_type_is_struct(const struct btf_type *t)
	439	+{
	440	+ return BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT;
329	441	}
330	442
331	443	static bool btf_type_is_array(const struct btf_type *t)
..	..	@@ -333,14 +445,77 @@
333	445	return BTF_INFO_KIND(t->info) == BTF_KIND_ARRAY;
334	446	}
335	447
336		-static bool btf_type_is_ptr(const struct btf_type *t)
	448	+static bool btf_type_is_datasec(const struct btf_type *t)
337	449	{
338		- return BTF_INFO_KIND(t->info) == BTF_KIND_PTR;
	450	+ return BTF_INFO_KIND(t->info) == BTF_KIND_DATASEC;
339	451	}
340	452
341		-static bool btf_type_is_int(const struct btf_type *t)
	453	+s32 btf_find_by_name_kind(const struct btf btf, const char name, u8 kind)
342	454	{
343		- return BTF_INFO_KIND(t->info) == BTF_KIND_INT;
	455	+ const struct btf_type *t;
	456	+ const char *tname;
	457	+ u32 i;
	458	+
	459	+ for (i = 1; i <= btf->nr_types; i++) {
	460	+ t = btf->types[i];
	461	+ if (BTF_INFO_KIND(t->info) != kind)
	462	+ continue;
	463	+
	464	+ tname = btf_name_by_offset(btf, t->name_off);
	465	+ if (!strcmp(tname, name))
	466	+ return i;
	467	+ }
	468	+
	469	+ return -ENOENT;
	470	+}
	471	+
	472	+const struct btf_type btf_type_skip_modifiers(const struct btf btf,
	473	+ u32 id, u32 *res_id)
	474	+{
	475	+ const struct btf_type *t = btf_type_by_id(btf, id);
	476	+
	477	+ while (btf_type_is_modifier(t)) {
	478	+ id = t->type;
	479	+ t = btf_type_by_id(btf, t->type);
	480	+ }
	481	+
	482	+ if (res_id)
	483	+ *res_id = id;
	484	+
	485	+ return t;
	486	+}
	487	+
	488	+const struct btf_type btf_type_resolve_ptr(const struct btf btf,
	489	+ u32 id, u32 *res_id)
	490	+{
	491	+ const struct btf_type *t;
	492	+
	493	+ t = btf_type_skip_modifiers(btf, id, NULL);
	494	+ if (!btf_type_is_ptr(t))
	495	+ return NULL;
	496	+
	497	+ return btf_type_skip_modifiers(btf, t->type, res_id);
	498	+}
	499	+
	500	+const struct btf_type btf_type_resolve_func_ptr(const struct btf btf,
	501	+ u32 id, u32 *res_id)
	502	+{
	503	+ const struct btf_type *ptype;
	504	+
	505	+ ptype = btf_type_resolve_ptr(btf, id, res_id);
	506	+ if (ptype && btf_type_is_func_proto(ptype))
	507	+ return ptype;
	508	+
	509	+ return NULL;
	510	+}
	511	+
	512	+/* Types that act only as a source, not sink or intermediate
	513	+ * type when resolving.
	514	+ */
	515	+static bool btf_type_is_resolve_source_only(const struct btf_type *t)
	516	+{
	517	+ return btf_type_is_var(t) \|\|
	518	+ btf_type_is_datasec(t);
344	519	}
345	520
346	521	/* What types need to be resolved?
..	..	@@ -349,7 +524,11 @@
349	524	*
350	525	* btf_type_is_struct() because its member refers to
351	526	* another type (through member->type).
352		-
	527	+ *
	528	+ * btf_type_is_var() because the variable refers to
	529	+ * another type. btf_type_is_datasec() holds multiple
	530	+ * btf_type_is_var() types that need resolving.
	531	+ *
353	532	* btf_type_is_array() because its element (array->type)
354	533	* refers to another type. Array can be thought of a
355	534	* special case of struct while array just has the same
..	..	@@ -358,9 +537,11 @@
358	537	static bool btf_type_needs_resolve(const struct btf_type *t)
359	538	{
360	539	return btf_type_is_modifier(t) \|\|
361		- btf_type_is_ptr(t) \|\|
362		- btf_type_is_struct(t) \|\|
363		- btf_type_is_array(t);
	540	+ btf_type_is_ptr(t) \|\|
	541	+ btf_type_is_struct(t) \|\|
	542	+ btf_type_is_array(t) \|\|
	543	+ btf_type_is_var(t) \|\|
	544	+ btf_type_is_datasec(t);
364	545	}
365	546
366	547	/* t->size can be used */
..	..	@@ -371,6 +552,7 @@
371	552	case BTF_KIND_STRUCT:
372	553	case BTF_KIND_UNION:
373	554	case BTF_KIND_ENUM:
	555	+ case BTF_KIND_DATASEC:
374	556	return true;
375	557	}
376	558
..	..	@@ -391,11 +573,6 @@
391	573	return "UNKN";
392	574	}
393	575
394		-static u16 btf_type_vlen(const struct btf_type *t)
395		-{
396		- return BTF_INFO_VLEN(t->info);
397		-}
398		-
399	576	static u32 btf_type_int(const struct btf_type *t)
400	577	{
401	578	return (u32 )(t + 1);
..	..	@@ -406,14 +583,14 @@
406	583	return (const struct btf_array *)(t + 1);
407	584	}
408	585
409		-static const struct btf_member btf_type_member(const struct btf_type t)
410		-{
411		- return (const struct btf_member *)(t + 1);
412		-}
413		-
414	586	static const struct btf_enum btf_type_enum(const struct btf_type t)
415	587	{
416	588	return (const struct btf_enum *)(t + 1);
	589	+}
	590	+
	591	+static const struct btf_var btf_type_var(const struct btf_type t)
	592	+{
	593	+ return (const struct btf_var *)(t + 1);
417	594	}
418	595
419	596	static const struct btf_kind_operations btf_type_ops(const struct btf_type t)
..	..	@@ -427,23 +604,31 @@
427	604	offset < btf->hdr.str_len;
428	605	}
429	606
430		-/* Only C-style identifier is permitted. This can be relaxed if
431		- * necessary.
432		- */
433		-static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
	607	+static bool __btf_name_char_ok(char c, bool first, bool dot_ok)
	608	+{
	609	+ if ((first ? !isalpha(c) :
	610	+ !isalnum(c)) &&
	611	+ c != '_' &&
	612	+ ((c == '.' && !dot_ok) \|\|
	613	+ c != '.'))
	614	+ return false;
	615	+ return true;
	616	+}
	617	+
	618	+static bool __btf_name_valid(const struct btf *btf, u32 offset, bool dot_ok)
434	619	{
435	620	/* offset must be valid */
436	621	const char *src = &btf->strings[offset];
437	622	const char *src_limit;
438	623
439		- if (!isalpha(src) && src != '_')
	624	+ if (!__btf_name_char_ok(*src, true, dot_ok))
440	625	return false;
441	626
442	627	/* set a limit on identifier length */
443	628	src_limit = src + KSYM_NAME_LEN;
444	629	src++;
445	630	while (*src && src < src_limit) {
446		- if (!isalnum(src) && src != '_')
	631	+ if (!__btf_name_char_ok(*src, false, dot_ok))
447	632	return false;
448	633	src++;
449	634	}
..	..	@@ -451,7 +636,20 @@
451	636	return !*src;
452	637	}
453	638
454		-static const char btf_name_by_offset(const struct btf btf, u32 offset)
	639	+/* Only C-style identifier is permitted. This can be relaxed if
	640	+ * necessary.
	641	+ */
	642	+static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
	643	+{
	644	+ return __btf_name_valid(btf, offset, false);
	645	+}
	646	+
	647	+static bool btf_name_valid_section(const struct btf *btf, u32 offset)
	648	+{
	649	+ return __btf_name_valid(btf, offset, true);
	650	+}
	651	+
	652	+static const char __btf_name_by_offset(const struct btf btf, u32 offset)
455	653	{
456	654	if (!offset)
457	655	return "(anon)";
..	..	@@ -461,7 +659,15 @@
461	659	return "(invalid-name-offset)";
462	660	}
463	661
464		-static const struct btf_type btf_type_by_id(const struct btf btf, u32 type_id)
	662	+const char btf_name_by_offset(const struct btf btf, u32 offset)
	663	+{
	664	+ if (offset < btf->hdr.str_len)
	665	+ return &btf->strings[offset];
	666	+
	667	+ return NULL;
	668	+}
	669	+
	670	+const struct btf_type btf_type_by_id(const struct btf btf, u32 type_id)
465	671	{
466	672	if (type_id > btf->nr_types)
467	673	return NULL;
..	..	@@ -471,7 +677,7 @@
471	677
472	678	/*
473	679	* Regular int is not a bit field and it must be either
474		- * u8/u16/u32/u64.
	680	+ * u8/u16/u32/u64 or __int128.
475	681	*/
476	682	static bool btf_type_int_is_regular(const struct btf_type *t)
477	683	{
..	..	@@ -484,11 +690,535 @@
484	690	if (BITS_PER_BYTE_MASKED(nr_bits) \|\|
485	691	BTF_INT_OFFSET(int_data) \|\|
486	692	(nr_bytes != sizeof(u8) && nr_bytes != sizeof(u16) &&
487		- nr_bytes != sizeof(u32) && nr_bytes != sizeof(u64))) {
	693	+ nr_bytes != sizeof(u32) && nr_bytes != sizeof(u64) &&
	694	+ nr_bytes != (2 * sizeof(u64)))) {
488	695	return false;
489	696	}
490	697
491	698	return true;
	699	+}
	700	+
	701	+/*
	702	+ * Check that given struct member is a regular int with expected
	703	+ * offset and size.
	704	+ */
	705	+bool btf_member_is_reg_int(const struct btf btf, const struct btf_type s,
	706	+ const struct btf_member *m,
	707	+ u32 expected_offset, u32 expected_size)
	708	+{
	709	+ const struct btf_type *t;
	710	+ u32 id, int_data;
	711	+ u8 nr_bits;
	712	+
	713	+ id = m->type;
	714	+ t = btf_type_id_size(btf, &id, NULL);
	715	+ if (!t \|\| !btf_type_is_int(t))
	716	+ return false;
	717	+
	718	+ int_data = btf_type_int(t);
	719	+ nr_bits = BTF_INT_BITS(int_data);
	720	+ if (btf_type_kflag(s)) {
	721	+ u32 bitfield_size = BTF_MEMBER_BITFIELD_SIZE(m->offset);
	722	+ u32 bit_offset = BTF_MEMBER_BIT_OFFSET(m->offset);
	723	+
	724	+ /* if kflag set, int should be a regular int and
	725	+ * bit offset should be at byte boundary.
	726	+ */
	727	+ return !bitfield_size &&
	728	+ BITS_ROUNDUP_BYTES(bit_offset) == expected_offset &&
	729	+ BITS_ROUNDUP_BYTES(nr_bits) == expected_size;
	730	+ }
	731	+
	732	+ if (BTF_INT_OFFSET(int_data) \|\|
	733	+ BITS_PER_BYTE_MASKED(m->offset) \|\|
	734	+ BITS_ROUNDUP_BYTES(m->offset) != expected_offset \|\|
	735	+ BITS_PER_BYTE_MASKED(nr_bits) \|\|
	736	+ BITS_ROUNDUP_BYTES(nr_bits) != expected_size)
	737	+ return false;
	738	+
	739	+ return true;
	740	+}
	741	+
	742	+/* Similar to btf_type_skip_modifiers() but does not skip typedefs. */
	743	+static const struct btf_type btf_type_skip_qualifiers(const struct btf btf,
	744	+ u32 id)
	745	+{
	746	+ const struct btf_type *t = btf_type_by_id(btf, id);
	747	+
	748	+ while (btf_type_is_modifier(t) &&
	749	+ BTF_INFO_KIND(t->info) != BTF_KIND_TYPEDEF) {
	750	+ id = t->type;
	751	+ t = btf_type_by_id(btf, t->type);
	752	+ }
	753	+
	754	+ return t;
	755	+}
	756	+
	757	+#define BTF_SHOW_MAX_ITER 10
	758	+
	759	+#define BTF_KIND_BIT(kind) (1ULL << kind)
	760	+
	761	+/*
	762	+ * Populate show->state.name with type name information.
	763	+ * Format of type name is
	764	+ *
	765	+ * [.member_name = ] (type_name)
	766	+ */
	767	+static const char btf_show_name(struct btf_show show)
	768	+{
	769	+ /* BTF_MAX_ITER array suffixes "[]" */
	770	+ const char *array_suffixes = "[][][][][][][][][][]";
	771	+ const char *array_suffix = &array_suffixes[strlen(array_suffixes)];
	772	+ /* BTF_MAX_ITER pointer suffixes "" /
	773	+ const char ptr_suffixes = "*********";
	774	+ const char *ptr_suffix = &ptr_suffixes[strlen(ptr_suffixes)];
	775	+ const char name = NULL, prefix = "", *parens = "";
	776	+ const struct btf_member *m = show->state.member;
	777	+ const struct btf_type *t = show->state.type;
	778	+ const struct btf_array *array;
	779	+ u32 id = show->state.type_id;
	780	+ const char *member = NULL;
	781	+ bool show_member = false;
	782	+ u64 kinds = 0;
	783	+ int i;
	784	+
	785	+ show->state.name[0] = '\0';
	786	+
	787	+ /*
	788	+ * Don't show type name if we're showing an array member;
	789	+ * in that case we show the array type so don't need to repeat
	790	+ * ourselves for each member.
	791	+ */
	792	+ if (show->state.array_member)
	793	+ return "";
	794	+
	795	+ /* Retrieve member name, if any. */
	796	+ if (m) {
	797	+ member = btf_name_by_offset(show->btf, m->name_off);
	798	+ show_member = strlen(member) > 0;
	799	+ id = m->type;
	800	+ }
	801	+
	802	+ /*
	803	+ * Start with type_id, as we have resolved the struct btf_type *
	804	+ * via btf_modifier_show() past the parent typedef to the child
	805	+ * struct, int etc it is defined as. In such cases, the type_id
	806	+ * still represents the starting type while the struct btf_type *
	807	+ * in our show->state points at the resolved type of the typedef.
	808	+ */
	809	+ t = btf_type_by_id(show->btf, id);
	810	+ if (!t)
	811	+ return "";
	812	+
	813	+ /*
	814	+ * The goal here is to build up the right number of pointer and
	815	+ * array suffixes while ensuring the type name for a typedef
	816	+ * is represented. Along the way we accumulate a list of
	817	+ * BTF kinds we have encountered, since these will inform later
	818	+ * display; for example, pointer types will not require an
	819	+ * opening "{" for struct, we will just display the pointer value.
	820	+ *
	821	+ * We also want to accumulate the right number of pointer or array
	822	+ * indices in the format string while iterating until we get to
	823	+ * the typedef/pointee/array member target type.
	824	+ *
	825	+ * We start by pointing at the end of pointer and array suffix
	826	+ * strings; as we accumulate pointers and arrays we move the pointer
	827	+ * or array string backwards so it will show the expected number of
	828	+ * '*' or '[]' for the type. BTF_SHOW_MAX_ITER of nesting of pointers
	829	+ * and/or arrays and typedefs are supported as a precaution.
	830	+ *
	831	+ * We also want to get typedef name while proceeding to resolve
	832	+ * type it points to so that we can add parentheses if it is a
	833	+ * "typedef struct" etc.
	834	+ */
	835	+ for (i = 0; i < BTF_SHOW_MAX_ITER; i++) {
	836	+
	837	+ switch (BTF_INFO_KIND(t->info)) {
	838	+ case BTF_KIND_TYPEDEF:
	839	+ if (!name)
	840	+ name = btf_name_by_offset(show->btf,
	841	+ t->name_off);
	842	+ kinds \|= BTF_KIND_BIT(BTF_KIND_TYPEDEF);
	843	+ id = t->type;
	844	+ break;
	845	+ case BTF_KIND_ARRAY:
	846	+ kinds \|= BTF_KIND_BIT(BTF_KIND_ARRAY);
	847	+ parens = "[";
	848	+ if (!t)
	849	+ return "";
	850	+ array = btf_type_array(t);
	851	+ if (array_suffix > array_suffixes)
	852	+ array_suffix -= 2;
	853	+ id = array->type;
	854	+ break;
	855	+ case BTF_KIND_PTR:
	856	+ kinds \|= BTF_KIND_BIT(BTF_KIND_PTR);
	857	+ if (ptr_suffix > ptr_suffixes)
	858	+ ptr_suffix -= 1;
	859	+ id = t->type;
	860	+ break;
	861	+ default:
	862	+ id = 0;
	863	+ break;
	864	+ }
	865	+ if (!id)
	866	+ break;
	867	+ t = btf_type_skip_qualifiers(show->btf, id);
	868	+ }
	869	+ /* We may not be able to represent this type; bail to be safe */
	870	+ if (i == BTF_SHOW_MAX_ITER)
	871	+ return "";
	872	+
	873	+ if (!name)
	874	+ name = btf_name_by_offset(show->btf, t->name_off);
	875	+
	876	+ switch (BTF_INFO_KIND(t->info)) {
	877	+ case BTF_KIND_STRUCT:
	878	+ case BTF_KIND_UNION:
	879	+ prefix = BTF_INFO_KIND(t->info) == BTF_KIND_STRUCT ?
	880	+ "struct" : "union";
	881	+ /* if it's an array of struct/union, parens is already set */
	882	+ if (!(kinds & (BTF_KIND_BIT(BTF_KIND_ARRAY))))
	883	+ parens = "{";
	884	+ break;
	885	+ case BTF_KIND_ENUM:
	886	+ prefix = "enum";
	887	+ break;
	888	+ default:
	889	+ break;
	890	+ }
	891	+
	892	+ /* pointer does not require parens */
	893	+ if (kinds & BTF_KIND_BIT(BTF_KIND_PTR))
	894	+ parens = "";
	895	+ /* typedef does not require struct/union/enum prefix */
	896	+ if (kinds & BTF_KIND_BIT(BTF_KIND_TYPEDEF))
	897	+ prefix = "";
	898	+
	899	+ if (!name)
	900	+ name = "";
	901	+
	902	+ /* Even if we don't want type name info, we want parentheses etc */
	903	+ if (show->flags & BTF_SHOW_NONAME)
	904	+ snprintf(show->state.name, sizeof(show->state.name), "%s",
	905	+ parens);
	906	+ else
	907	+ snprintf(show->state.name, sizeof(show->state.name),
	908	+ "%s%s%s(%s%s%s%s%s%s)%s",
	909	+ /* first 3 strings comprise ".member = " */
	910	+ show_member ? "." : "",
	911	+ show_member ? member : "",
	912	+ show_member ? " = " : "",
	913	+ /* ...next is our prefix (struct, enum, etc) */
	914	+ prefix,
	915	+ strlen(prefix) > 0 && strlen(name) > 0 ? " " : "",
	916	+ /* ...this is the type name itself */
	917	+ name,
	918	+ /* ...suffixed by the appropriate '', '[]' suffixes /
	919	+ strlen(ptr_suffix) > 0 ? " " : "", ptr_suffix,
	920	+ array_suffix, parens);
	921	+
	922	+ return show->state.name;
	923	+}
	924	+
	925	+static const char __btf_show_indent(struct btf_show show)
	926	+{
	927	+ const char *indents = " ";
	928	+ const char *indent = &indents[strlen(indents)];
	929	+
	930	+ if ((indent - show->state.depth) >= indents)
	931	+ return indent - show->state.depth;
	932	+ return indents;
	933	+}
	934	+
	935	+static const char btf_show_indent(struct btf_show show)
	936	+{
	937	+ return show->flags & BTF_SHOW_COMPACT ? "" : __btf_show_indent(show);
	938	+}
	939	+
	940	+static const char btf_show_newline(struct btf_show show)
	941	+{
	942	+ return show->flags & BTF_SHOW_COMPACT ? "" : "\n";
	943	+}
	944	+
	945	+static const char btf_show_delim(struct btf_show show)
	946	+{
	947	+ if (show->state.depth == 0)
	948	+ return "";
	949	+
	950	+ if ((show->flags & BTF_SHOW_COMPACT) && show->state.type &&
	951	+ BTF_INFO_KIND(show->state.type->info) == BTF_KIND_UNION)
	952	+ return "\|";
	953	+
	954	+ return ",";
	955	+}
	956	+
	957	+__printf(2, 3) static void btf_show(struct btf_show show, const char fmt, ...)
	958	+{
	959	+ va_list args;
	960	+
	961	+ if (!show->state.depth_check) {
	962	+ va_start(args, fmt);
	963	+ show->showfn(show, fmt, args);
	964	+ va_end(args);
	965	+ }
	966	+}
	967	+
	968	+/* Macros are used here as btf_show_type_value[s]() prepends and appends
	969	+ * format specifiers to the format specifier passed in; these do the work of
	970	+ * adding indentation, delimiters etc while the caller simply has to specify
	971	+ * the type value(s) in the format specifier + value(s).
	972	+ */
	973	+#define btf_show_type_value(show, fmt, value) \
	974	+ do { \
	975	+ if ((value) != 0 \|\| (show->flags & BTF_SHOW_ZERO) \|\| \
	976	+ show->state.depth == 0) { \
	977	+ btf_show(show, "%s%s" fmt "%s%s", \
	978	+ btf_show_indent(show), \
	979	+ btf_show_name(show), \
	980	+ value, btf_show_delim(show), \
	981	+ btf_show_newline(show)); \
	982	+ if (show->state.depth > show->state.depth_to_show) \
	983	+ show->state.depth_to_show = show->state.depth; \
	984	+ } \
	985	+ } while (0)
	986	+
	987	+#define btf_show_type_values(show, fmt, ...) \
	988	+ do { \
	989	+ btf_show(show, "%s%s" fmt "%s%s", btf_show_indent(show), \
	990	+ btf_show_name(show), \
	991	+ __VA_ARGS__, btf_show_delim(show), \
	992	+ btf_show_newline(show)); \
	993	+ if (show->state.depth > show->state.depth_to_show) \
	994	+ show->state.depth_to_show = show->state.depth; \
	995	+ } while (0)
	996	+
	997	+/* How much is left to copy to safe buffer after @data? */
	998	+static int btf_show_obj_size_left(struct btf_show show, void data)
	999	+{
	1000	+ return show->obj.head + show->obj.size - data;
	1001	+}
	1002	+
	1003	+/* Is object pointed to by @data of @size already copied to our safe buffer? */
	1004	+static bool btf_show_obj_is_safe(struct btf_show show, void data, int size)
	1005	+{
	1006	+ return data >= show->obj.data &&
	1007	+ (data + size) < (show->obj.data + BTF_SHOW_OBJ_SAFE_SIZE);
	1008	+}
	1009	+
	1010	+/*
	1011	+ * If object pointed to by @data of @size falls within our safe buffer, return
	1012	+ * the equivalent pointer to the same safe data. Assumes
	1013	+ * copy_from_kernel_nofault() has already happened and our safe buffer is
	1014	+ * populated.
	1015	+ */
	1016	+static void __btf_show_obj_safe(struct btf_show show, void *data, int size)
	1017	+{
	1018	+ if (btf_show_obj_is_safe(show, data, size))
	1019	+ return show->obj.safe + (data - show->obj.data);
	1020	+ return NULL;
	1021	+}
	1022	+
	1023	+/*
	1024	+ * Return a safe-to-access version of data pointed to by @data.
	1025	+ * We do this by copying the relevant amount of information
	1026	+ * to the struct btf_show obj.safe buffer using copy_from_kernel_nofault().
	1027	+ *
	1028	+ * If BTF_SHOW_UNSAFE is specified, just return data as-is; no
	1029	+ * safe copy is needed.
	1030	+ *
	1031	+ * Otherwise we need to determine if we have the required amount
	1032	+ * of data (determined by the @data pointer and the size of the
	1033	+ * largest base type we can encounter (represented by
	1034	+ * BTF_SHOW_OBJ_BASE_TYPE_SIZE). Having that much data ensures
	1035	+ * that we will be able to print some of the current object,
	1036	+ * and if more is needed a copy will be triggered.
	1037	+ * Some objects such as structs will not fit into the buffer;
	1038	+ * in such cases additional copies when we iterate over their
	1039	+ * members may be needed.
	1040	+ *
	1041	+ * btf_show_obj_safe() is used to return a safe buffer for
	1042	+ * btf_show_start_type(); this ensures that as we recurse into
	1043	+ * nested types we always have safe data for the given type.
	1044	+ * This approach is somewhat wasteful; it's possible for example
	1045	+ * that when iterating over a large union we'll end up copying the
	1046	+ * same data repeatedly, but the goal is safety not performance.
	1047	+ * We use stack data as opposed to per-CPU buffers because the
	1048	+ * iteration over a type can take some time, and preemption handling
	1049	+ * would greatly complicate use of the safe buffer.
	1050	+ */
	1051	+static void btf_show_obj_safe(struct btf_show show,
	1052	+ const struct btf_type *t,
	1053	+ void *data)
	1054	+{
	1055	+ const struct btf_type *rt;
	1056	+ int size_left, size;
	1057	+ void *safe = NULL;
	1058	+
	1059	+ if (show->flags & BTF_SHOW_UNSAFE)
	1060	+ return data;
	1061	+
	1062	+ rt = btf_resolve_size(show->btf, t, &size);
	1063	+ if (IS_ERR(rt)) {
	1064	+ show->state.status = PTR_ERR(rt);
	1065	+ return NULL;
	1066	+ }
	1067	+
	1068	+ /*
	1069	+ * Is this toplevel object? If so, set total object size and
	1070	+ * initialize pointers. Otherwise check if we still fall within
	1071	+ * our safe object data.
	1072	+ */
	1073	+ if (show->state.depth == 0) {
	1074	+ show->obj.size = size;
	1075	+ show->obj.head = data;
	1076	+ } else {
	1077	+ /*
	1078	+ * If the size of the current object is > our remaining
	1079	+ * safe buffer we _may_ need to do a new copy. However
	1080	+ * consider the case of a nested struct; it's size pushes
	1081	+ * us over the safe buffer limit, but showing any individual
	1082	+ * struct members does not. In such cases, we don't need
	1083	+ * to initiate a fresh copy yet; however we definitely need
	1084	+ * at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes left
	1085	+ * in our buffer, regardless of the current object size.
	1086	+ * The logic here is that as we resolve types we will
	1087	+ * hit a base type at some point, and we need to be sure
	1088	+ * the next chunk of data is safely available to display
	1089	+ * that type info safely. We cannot rely on the size of
	1090	+ * the current object here because it may be much larger
	1091	+ * than our current buffer (e.g. task_struct is 8k).
	1092	+ * All we want to do here is ensure that we can print the
	1093	+ * next basic type, which we can if either
	1094	+ * - the current type size is within the safe buffer; or
	1095	+ * - at least BTF_SHOW_OBJ_BASE_TYPE_SIZE bytes are left in
	1096	+ * the safe buffer.
	1097	+ */
	1098	+ safe = __btf_show_obj_safe(show, data,
	1099	+ min(size,
	1100	+ BTF_SHOW_OBJ_BASE_TYPE_SIZE));
	1101	+ }
	1102	+
	1103	+ /*
	1104	+ * We need a new copy to our safe object, either because we haven't
	1105	+ * yet copied and are intializing safe data, or because the data
	1106	+ * we want falls outside the boundaries of the safe object.
	1107	+ */
	1108	+ if (!safe) {
	1109	+ size_left = btf_show_obj_size_left(show, data);
	1110	+ if (size_left > BTF_SHOW_OBJ_SAFE_SIZE)
	1111	+ size_left = BTF_SHOW_OBJ_SAFE_SIZE;
	1112	+ show->state.status = copy_from_kernel_nofault(show->obj.safe,
	1113	+ data, size_left);
	1114	+ if (!show->state.status) {
	1115	+ show->obj.data = data;
	1116	+ safe = show->obj.safe;
	1117	+ }
	1118	+ }
	1119	+
	1120	+ return safe;
	1121	+}
	1122	+
	1123	+/*
	1124	+ * Set the type we are starting to show and return a safe data pointer
	1125	+ * to be used for showing the associated data.
	1126	+ */
	1127	+static void btf_show_start_type(struct btf_show show,
	1128	+ const struct btf_type *t,
	1129	+ u32 type_id, void *data)
	1130	+{
	1131	+ show->state.type = t;
	1132	+ show->state.type_id = type_id;
	1133	+ show->state.name[0] = '\0';
	1134	+
	1135	+ return btf_show_obj_safe(show, t, data);
	1136	+}
	1137	+
	1138	+static void btf_show_end_type(struct btf_show *show)
	1139	+{
	1140	+ show->state.type = NULL;
	1141	+ show->state.type_id = 0;
	1142	+ show->state.name[0] = '\0';
	1143	+}
	1144	+
	1145	+static void btf_show_start_aggr_type(struct btf_show show,
	1146	+ const struct btf_type *t,
	1147	+ u32 type_id, void *data)
	1148	+{
	1149	+ void *safe_data = btf_show_start_type(show, t, type_id, data);
	1150	+
	1151	+ if (!safe_data)
	1152	+ return safe_data;
	1153	+
	1154	+ btf_show(show, "%s%s%s", btf_show_indent(show),
	1155	+ btf_show_name(show),
	1156	+ btf_show_newline(show));
	1157	+ show->state.depth++;
	1158	+ return safe_data;
	1159	+}
	1160	+
	1161	+static void btf_show_end_aggr_type(struct btf_show *show,
	1162	+ const char *suffix)
	1163	+{
	1164	+ show->state.depth--;
	1165	+ btf_show(show, "%s%s%s%s", btf_show_indent(show), suffix,
	1166	+ btf_show_delim(show), btf_show_newline(show));
	1167	+ btf_show_end_type(show);
	1168	+}
	1169	+
	1170	+static void btf_show_start_member(struct btf_show *show,
	1171	+ const struct btf_member *m)
	1172	+{
	1173	+ show->state.member = m;
	1174	+}
	1175	+
	1176	+static void btf_show_start_array_member(struct btf_show *show)
	1177	+{
	1178	+ show->state.array_member = 1;
	1179	+ btf_show_start_member(show, NULL);
	1180	+}
	1181	+
	1182	+static void btf_show_end_member(struct btf_show *show)
	1183	+{
	1184	+ show->state.member = NULL;
	1185	+}
	1186	+
	1187	+static void btf_show_end_array_member(struct btf_show *show)
	1188	+{
	1189	+ show->state.array_member = 0;
	1190	+ btf_show_end_member(show);
	1191	+}
	1192	+
	1193	+static void btf_show_start_array_type(struct btf_show show,
	1194	+ const struct btf_type *t,
	1195	+ u32 type_id,
	1196	+ u16 array_encoding,
	1197	+ void *data)
	1198	+{
	1199	+ show->state.array_encoding = array_encoding;
	1200	+ show->state.array_terminated = 0;
	1201	+ return btf_show_start_aggr_type(show, t, type_id, data);
	1202	+}
	1203	+
	1204	+static void btf_show_end_array_type(struct btf_show *show)
	1205	+{
	1206	+ show->state.array_encoding = 0;
	1207	+ show->state.array_terminated = 0;
	1208	+ btf_show_end_aggr_type(show, "]");
	1209	+}
	1210	+
	1211	+static void btf_show_start_struct_type(struct btf_show show,
	1212	+ const struct btf_type *t,
	1213	+ u32 type_id,
	1214	+ void *data)
	1215	+{
	1216	+ return btf_show_start_aggr_type(show, t, type_id, data);
	1217	+}
	1218	+
	1219	+static void btf_show_end_struct_type(struct btf_show *show)
	1220	+{
	1221	+ btf_show_end_aggr_type(show, "}");
492	1222	}
493	1223
494	1224	__printf(2, 3) static void __btf_verifier_log(struct bpf_verifier_log *log,
..	..	@@ -528,10 +1258,17 @@
528	1258	if (!bpf_verifier_log_needed(log))
529	1259	return;
530	1260
	1261	+ /* btf verifier prints all types it is processing via
	1262	+ * btf_verifier_log_type(..., fmt = NULL).
	1263	+ * Skip those prints for in-kernel BTF verification.
	1264	+ */
	1265	+ if (log->level == BPF_LOG_KERNEL && !fmt)
	1266	+ return;
	1267	+
531	1268	__btf_verifier_log(log, "[%u] %s %s%s",
532	1269	env->log_type_id,
533	1270	btf_kind_str[kind],
534		- btf_name_by_offset(btf, t->name_off),
	1271	+ __btf_name_by_offset(btf, t->name_off),
535	1272	log_details ? " " : "");
536	1273
537	1274	if (log_details)
..	..	@@ -565,6 +1302,8 @@
565	1302	if (!bpf_verifier_log_needed(log))
566	1303	return;
567	1304
	1305	+ if (log->level == BPF_LOG_KERNEL && !fmt)
	1306	+ return;
568	1307	/* The CHECK_META phase already did a btf dump.
569	1308	*
570	1309	* If member is logged again, it must hit an error in
..	..	@@ -574,10 +1313,46 @@
574	1313	if (env->phase != CHECK_META)
575	1314	btf_verifier_log_type(env, struct_type, NULL);
576	1315
577		- __btf_verifier_log(log, "\t%s type_id=%u bits_offset=%u",
578		- btf_name_by_offset(btf, member->name_off),
579		- member->type, member->offset);
	1316	+ if (btf_type_kflag(struct_type))
	1317	+ __btf_verifier_log(log,
	1318	+ "\t%s type_id=%u bitfield_size=%u bits_offset=%u",
	1319	+ __btf_name_by_offset(btf, member->name_off),
	1320	+ member->type,
	1321	+ BTF_MEMBER_BITFIELD_SIZE(member->offset),
	1322	+ BTF_MEMBER_BIT_OFFSET(member->offset));
	1323	+ else
	1324	+ __btf_verifier_log(log, "\t%s type_id=%u bits_offset=%u",
	1325	+ __btf_name_by_offset(btf, member->name_off),
	1326	+ member->type, member->offset);
580	1327
	1328	+ if (fmt && *fmt) {
	1329	+ __btf_verifier_log(log, " ");
	1330	+ va_start(args, fmt);
	1331	+ bpf_verifier_vlog(log, fmt, args);
	1332	+ va_end(args);
	1333	+ }
	1334	+
	1335	+ __btf_verifier_log(log, "\n");
	1336	+}
	1337	+
	1338	+__printf(4, 5)
	1339	+static void btf_verifier_log_vsi(struct btf_verifier_env *env,
	1340	+ const struct btf_type *datasec_type,
	1341	+ const struct btf_var_secinfo *vsi,
	1342	+ const char *fmt, ...)
	1343	+{
	1344	+ struct bpf_verifier_log *log = &env->log;
	1345	+ va_list args;
	1346	+
	1347	+ if (!bpf_verifier_log_needed(log))
	1348	+ return;
	1349	+ if (log->level == BPF_LOG_KERNEL && !fmt)
	1350	+ return;
	1351	+ if (env->phase != CHECK_META)
	1352	+ btf_verifier_log_type(env, datasec_type, NULL);
	1353	+
	1354	+ __btf_verifier_log(log, "\t type_id=%u offset=%u size=%u",
	1355	+ vsi->type, vsi->offset, vsi->size);
581	1356	if (fmt && *fmt) {
582	1357	__btf_verifier_log(log, " ");
583	1358	va_start(args, fmt);
..	..	@@ -598,6 +1373,8 @@
598	1373	if (!bpf_verifier_log_needed(log))
599	1374	return;
600	1375
	1376	+ if (log->level == BPF_LOG_KERNEL)
	1377	+ return;
601	1378	hdr = &btf->hdr;
602	1379	__btf_verifier_log(log, "magic: 0x%x\n", hdr->magic);
603	1380	__btf_verifier_log(log, "version: %u\n", hdr->version);
..	..	@@ -765,11 +1542,15 @@
765	1542	/* int, enum or void is a sink */
766	1543	return !btf_type_needs_resolve(next_type);
767	1544	case RESOLVE_PTR:
768		- /* int, enum, void, struct or array is a sink for ptr */
	1545	+ /* int, enum, void, struct, array, func or func_proto is a sink
	1546	+ * for ptr
	1547	+ */
769	1548	return !btf_type_is_modifier(next_type) &&
770	1549	!btf_type_is_ptr(next_type);
771	1550	case RESOLVE_STRUCT_OR_ARRAY:
772		- /* int, enum, void or ptr is a sink for struct and array */
	1551	+ /* int, enum, void, ptr, func or func_proto is a sink
	1552	+ * for struct and array
	1553	+ */
773	1554	return !btf_type_is_modifier(next_type) &&
774	1555	!btf_type_is_array(next_type) &&
775	1556	!btf_type_is_struct(next_type);
..	..	@@ -835,6 +1616,100 @@
835	1616	return env->top_stack ? &env->stack[env->top_stack - 1] : NULL;
836	1617	}
837	1618
	1619	+/* Resolve the size of a passed-in "type"
	1620	+ *
	1621	+ * type: is an array (e.g. u32 array[x][y])
	1622	+ * return type: type "u32[x][y]", i.e. BTF_KIND_ARRAY,
	1623	+ * type_size: (x y * sizeof(u32)). Hence, *type_size always
	1624	+ * corresponds to the return type.
	1625	+ * *elem_type: u32
	1626	+ * *elem_id: id of u32
	1627	+ * total_nelems: (x y). Hence, individual elem size is
	1628	+ * (type_size / total_nelems)
	1629	+ * *type_id: id of type if it's changed within the function, 0 if not
	1630	+ *
	1631	+ * type: is not an array (e.g. const struct X)
	1632	+ * return type: type "struct X"
	1633	+ * *type_size: sizeof(struct X)
	1634	+ * *elem_type: same as return type ("struct X")
	1635	+ * *elem_id: 0
	1636	+ * *total_nelems: 1
	1637	+ * *type_id: id of type if it's changed within the function, 0 if not
	1638	+ */
	1639	+static const struct btf_type *
	1640	+__btf_resolve_size(const struct btf btf, const struct btf_type type,
	1641	+ u32 type_size, const struct btf_type *elem_type,
	1642	+ u32 elem_id, u32 total_nelems, u32 *type_id)
	1643	+{
	1644	+ const struct btf_type *array_type = NULL;
	1645	+ const struct btf_array *array = NULL;
	1646	+ u32 i, size, nelems = 1, id = 0;
	1647	+
	1648	+ for (i = 0; i < MAX_RESOLVE_DEPTH; i++) {
	1649	+ switch (BTF_INFO_KIND(type->info)) {
	1650	+ /* type->size can be used */
	1651	+ case BTF_KIND_INT:
	1652	+ case BTF_KIND_STRUCT:
	1653	+ case BTF_KIND_UNION:
	1654	+ case BTF_KIND_ENUM:
	1655	+ size = type->size;
	1656	+ goto resolved;
	1657	+
	1658	+ case BTF_KIND_PTR:
	1659	+ size = sizeof(void *);
	1660	+ goto resolved;
	1661	+
	1662	+ /* Modifiers */
	1663	+ case BTF_KIND_TYPEDEF:
	1664	+ case BTF_KIND_VOLATILE:
	1665	+ case BTF_KIND_CONST:
	1666	+ case BTF_KIND_RESTRICT:
	1667	+ id = type->type;
	1668	+ type = btf_type_by_id(btf, type->type);
	1669	+ break;
	1670	+
	1671	+ case BTF_KIND_ARRAY:
	1672	+ if (!array_type)
	1673	+ array_type = type;
	1674	+ array = btf_type_array(type);
	1675	+ if (nelems && array->nelems > U32_MAX / nelems)
	1676	+ return ERR_PTR(-EINVAL);
	1677	+ nelems *= array->nelems;
	1678	+ type = btf_type_by_id(btf, array->type);
	1679	+ break;
	1680	+
	1681	+ /* type without size */
	1682	+ default:
	1683	+ return ERR_PTR(-EINVAL);
	1684	+ }
	1685	+ }
	1686	+
	1687	+ return ERR_PTR(-EINVAL);
	1688	+
	1689	+resolved:
	1690	+ if (nelems && size > U32_MAX / nelems)
	1691	+ return ERR_PTR(-EINVAL);
	1692	+
	1693	+ type_size = nelems size;
	1694	+ if (total_nelems)
	1695	+ *total_nelems = nelems;
	1696	+ if (elem_type)
	1697	+ *elem_type = type;
	1698	+ if (elem_id)
	1699	+ *elem_id = array ? array->type : 0;
	1700	+ if (type_id && id)
	1701	+ *type_id = id;
	1702	+
	1703	+ return array_type ? : type;
	1704	+}
	1705	+
	1706	+const struct btf_type *
	1707	+btf_resolve_size(const struct btf btf, const struct btf_type type,
	1708	+ u32 *type_size)
	1709	+{
	1710	+ return __btf_resolve_size(btf, type, type_size, NULL, NULL, NULL, NULL);
	1711	+}
	1712	+
838	1713	/* The input param "type_id" must point to a needs_resolve type */
839	1714	static const struct btf_type btf_type_id_resolve(const struct btf btf,
840	1715	u32 *type_id)
..	..	@@ -851,7 +1726,7 @@
851	1726	u32 size = 0;
852	1727
853	1728	size_type = btf_type_by_id(btf, size_type_id);
854		- if (btf_type_is_void_or_null(size_type))
	1729	+ if (btf_type_nosize_or_null(size_type))
855	1730	return NULL;
856	1731
857	1732	if (btf_type_has_size(size_type)) {
..	..	@@ -861,13 +1736,21 @@
861	1736	} else if (btf_type_is_ptr(size_type)) {
862	1737	size = sizeof(void *);
863	1738	} else {
864		- if (WARN_ON_ONCE(!btf_type_is_modifier(size_type)))
	1739	+ if (WARN_ON_ONCE(!btf_type_is_modifier(size_type) &&
	1740	+ !btf_type_is_var(size_type)))
865	1741	return NULL;
866	1742
867		- size = btf->resolved_sizes[size_type_id];
868	1743	size_type_id = btf->resolved_ids[size_type_id];
869	1744	size_type = btf_type_by_id(btf, size_type_id);
870		- if (btf_type_is_void(size_type))
	1745	+ if (btf_type_nosize_or_null(size_type))
	1746	+ return NULL;
	1747	+ else if (btf_type_has_size(size_type))
	1748	+ size = size_type->size;
	1749	+ else if (btf_type_is_array(size_type))
	1750	+ size = btf->resolved_sizes[size_type_id];
	1751	+ else if (btf_type_is_ptr(size_type))
	1752	+ size = sizeof(void *);
	1753	+ else
871	1754	return NULL;
872	1755	}
873	1756
..	..	@@ -888,6 +1771,38 @@
888	1771	return -EINVAL;
889	1772	}
890	1773
	1774	+static int btf_df_check_kflag_member(struct btf_verifier_env *env,
	1775	+ const struct btf_type *struct_type,
	1776	+ const struct btf_member *member,
	1777	+ const struct btf_type *member_type)
	1778	+{
	1779	+ btf_verifier_log_basic(env, struct_type,
	1780	+ "Unsupported check_kflag_member");
	1781	+ return -EINVAL;
	1782	+}
	1783	+
	1784	+/* Used for ptr, array and struct/union type members.
	1785	+ * int, enum and modifier types have their specific callback functions.
	1786	+ */
	1787	+static int btf_generic_check_kflag_member(struct btf_verifier_env *env,
	1788	+ const struct btf_type *struct_type,
	1789	+ const struct btf_member *member,
	1790	+ const struct btf_type *member_type)
	1791	+{
	1792	+ if (BTF_MEMBER_BITFIELD_SIZE(member->offset)) {
	1793	+ btf_verifier_log_member(env, struct_type, member,
	1794	+ "Invalid member bitfield_size");
	1795	+ return -EINVAL;
	1796	+ }
	1797	+
	1798	+ /* bitfield size is 0, so member->offset represents bit offset only.
	1799	+ * It is safe to call non kflag check_member variants.
	1800	+ */
	1801	+ return btf_type_ops(member_type)->check_member(env, struct_type,
	1802	+ member,
	1803	+ member_type);
	1804	+}
	1805	+
891	1806	static int btf_df_resolve(struct btf_verifier_env *env,
892	1807	const struct resolve_vertex *v)
893	1808	{
..	..	@@ -895,11 +1810,11 @@
895	1810	return -EINVAL;
896	1811	}
897	1812
898		-static void btf_df_seq_show(const struct btf btf, const struct btf_type t,
899		- u32 type_id, void *data, u8 bits_offsets,
900		- struct seq_file *m)
	1813	+static void btf_df_show(const struct btf btf, const struct btf_type t,
	1814	+ u32 type_id, void *data, u8 bits_offsets,
	1815	+ struct btf_show *show)
901	1816	{
902		- seq_printf(m, "<unsupported kind:%u>", BTF_INFO_KIND(t->info));
	1817	+ btf_show(show, "<unsupported kind:%u>", BTF_INFO_KIND(t->info));
903	1818	}
904	1819
905	1820	static int btf_int_check_member(struct btf_verifier_env *env,
..	..	@@ -924,9 +1839,65 @@
924	1839	nr_copy_bits = BTF_INT_BITS(int_data) +
925	1840	BITS_PER_BYTE_MASKED(struct_bits_off);
926	1841
927		- if (nr_copy_bits > BITS_PER_U64) {
	1842	+ if (nr_copy_bits > BITS_PER_U128) {
928	1843	btf_verifier_log_member(env, struct_type, member,
929		- "nr_copy_bits exceeds 64");
	1844	+ "nr_copy_bits exceeds 128");
	1845	+ return -EINVAL;
	1846	+ }
	1847	+
	1848	+ if (struct_size < bytes_offset \|\|
	1849	+ struct_size - bytes_offset < BITS_ROUNDUP_BYTES(nr_copy_bits)) {
	1850	+ btf_verifier_log_member(env, struct_type, member,
	1851	+ "Member exceeds struct_size");
	1852	+ return -EINVAL;
	1853	+ }
	1854	+
	1855	+ return 0;
	1856	+}
	1857	+
	1858	+static int btf_int_check_kflag_member(struct btf_verifier_env *env,
	1859	+ const struct btf_type *struct_type,
	1860	+ const struct btf_member *member,
	1861	+ const struct btf_type *member_type)
	1862	+{
	1863	+ u32 struct_bits_off, nr_bits, nr_int_data_bits, bytes_offset;
	1864	+ u32 int_data = btf_type_int(member_type);
	1865	+ u32 struct_size = struct_type->size;
	1866	+ u32 nr_copy_bits;
	1867	+
	1868	+ /* a regular int type is required for the kflag int member */
	1869	+ if (!btf_type_int_is_regular(member_type)) {
	1870	+ btf_verifier_log_member(env, struct_type, member,
	1871	+ "Invalid member base type");
	1872	+ return -EINVAL;
	1873	+ }
	1874	+
	1875	+ /* check sanity of bitfield size */
	1876	+ nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
	1877	+ struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
	1878	+ nr_int_data_bits = BTF_INT_BITS(int_data);
	1879	+ if (!nr_bits) {
	1880	+ /* Not a bitfield member, member offset must be at byte
	1881	+ * boundary.
	1882	+ */
	1883	+ if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
	1884	+ btf_verifier_log_member(env, struct_type, member,
	1885	+ "Invalid member offset");
	1886	+ return -EINVAL;
	1887	+ }
	1888	+
	1889	+ nr_bits = nr_int_data_bits;
	1890	+ } else if (nr_bits > nr_int_data_bits) {
	1891	+ btf_verifier_log_member(env, struct_type, member,
	1892	+ "Invalid member bitfield_size");
	1893	+ return -EINVAL;
	1894	+ }
	1895	+
	1896	+ bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
	1897	+ nr_copy_bits = nr_bits + BITS_PER_BYTE_MASKED(struct_bits_off);
	1898	+ if (nr_copy_bits > BITS_PER_U128) {
	1899	+ btf_verifier_log_member(env, struct_type, member,
	1900	+ "nr_copy_bits exceeds 128");
930	1901	return -EINVAL;
931	1902	}
932	1903
..	..	@@ -959,6 +1930,11 @@
959	1930	return -EINVAL;
960	1931	}
961	1932
	1933	+ if (btf_type_kflag(t)) {
	1934	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	1935	+ return -EINVAL;
	1936	+ }
	1937	+
962	1938	int_data = btf_type_int(t);
963	1939	if (int_data & ~BTF_INT_MASK) {
964	1940	btf_verifier_log_basic(env, t, "Invalid int_data:%x",
..	..	@@ -968,9 +1944,9 @@
968	1944
969	1945	nr_bits = BTF_INT_BITS(int_data) + BTF_INT_OFFSET(int_data);
970	1946
971		- if (nr_bits > BITS_PER_U64) {
	1947	+ if (nr_bits > BITS_PER_U128) {
972	1948	btf_verifier_log_type(env, t, "nr_bits exceeds %zu",
973		- BITS_PER_U64);
	1949	+ BITS_PER_U128);
974	1950	return -EINVAL;
975	1951	}
976	1952
..	..	@@ -1011,96 +1987,193 @@
1011	1987	btf_int_encoding_str(BTF_INT_ENCODING(int_data)));
1012	1988	}
1013	1989
1014		-static void btf_int_bits_seq_show(const struct btf *btf,
1015		- const struct btf_type *t,
1016		- void *data, u8 bits_offset,
1017		- struct seq_file *m)
	1990	+static void btf_int128_print(struct btf_show show, void data)
	1991	+{
	1992	+ /* data points to a __int128 number.
	1993	+ * Suppose
	1994	+ * int128_num = (__int128 )data;
	1995	+ * The below formulas shows what upper_num and lower_num represents:
	1996	+ * upper_num = int128_num >> 64;
	1997	+ * lower_num = int128_num & 0xffffffffFFFFFFFFULL;
	1998	+ */
	1999	+ u64 upper_num, lower_num;
	2000	+
	2001	+#ifdef __BIG_ENDIAN_BITFIELD
	2002	+ upper_num = (u64 )data;
	2003	+ lower_num = (u64 )(data + 8);
	2004	+#else
	2005	+ upper_num = (u64 )(data + 8);
	2006	+ lower_num = (u64 )data;
	2007	+#endif
	2008	+ if (upper_num == 0)
	2009	+ btf_show_type_value(show, "0x%llx", lower_num);
	2010	+ else
	2011	+ btf_show_type_values(show, "0x%llx%016llx", upper_num,
	2012	+ lower_num);
	2013	+}
	2014	+
	2015	+static void btf_int128_shift(u64 *print_num, u16 left_shift_bits,
	2016	+ u16 right_shift_bits)
	2017	+{
	2018	+ u64 upper_num, lower_num;
	2019	+
	2020	+#ifdef __BIG_ENDIAN_BITFIELD
	2021	+ upper_num = print_num[0];
	2022	+ lower_num = print_num[1];
	2023	+#else
	2024	+ upper_num = print_num[1];
	2025	+ lower_num = print_num[0];
	2026	+#endif
	2027	+
	2028	+ /* shake out un-needed bits by shift/or operations */
	2029	+ if (left_shift_bits >= 64) {
	2030	+ upper_num = lower_num << (left_shift_bits - 64);
	2031	+ lower_num = 0;
	2032	+ } else {
	2033	+ upper_num = (upper_num << left_shift_bits) \|
	2034	+ (lower_num >> (64 - left_shift_bits));
	2035	+ lower_num = lower_num << left_shift_bits;
	2036	+ }
	2037	+
	2038	+ if (right_shift_bits >= 64) {
	2039	+ lower_num = upper_num >> (right_shift_bits - 64);
	2040	+ upper_num = 0;
	2041	+ } else {
	2042	+ lower_num = (lower_num >> right_shift_bits) \|
	2043	+ (upper_num << (64 - right_shift_bits));
	2044	+ upper_num = upper_num >> right_shift_bits;
	2045	+ }
	2046	+
	2047	+#ifdef __BIG_ENDIAN_BITFIELD
	2048	+ print_num[0] = upper_num;
	2049	+ print_num[1] = lower_num;
	2050	+#else
	2051	+ print_num[0] = lower_num;
	2052	+ print_num[1] = upper_num;
	2053	+#endif
	2054	+}
	2055	+
	2056	+static void btf_bitfield_show(void *data, u8 bits_offset,
	2057	+ u8 nr_bits, struct btf_show *show)
1018	2058	{
1019	2059	u16 left_shift_bits, right_shift_bits;
1020		- u32 int_data = btf_type_int(t);
1021		- u8 nr_bits = BTF_INT_BITS(int_data);
1022		- u8 total_bits_offset;
1023	2060	u8 nr_copy_bytes;
1024	2061	u8 nr_copy_bits;
1025		- u64 print_num;
	2062	+ u64 print_num[2] = {};
1026	2063
1027		- /*
1028		- * bits_offset is at most 7.
1029		- * BTF_INT_OFFSET() cannot exceed 64 bits.
1030		- */
1031		- total_bits_offset = bits_offset + BTF_INT_OFFSET(int_data);
1032		- data += BITS_ROUNDDOWN_BYTES(total_bits_offset);
1033		- bits_offset = BITS_PER_BYTE_MASKED(total_bits_offset);
1034	2064	nr_copy_bits = nr_bits + bits_offset;
1035	2065	nr_copy_bytes = BITS_ROUNDUP_BYTES(nr_copy_bits);
1036	2066
1037		- print_num = 0;
1038		- memcpy(&print_num, data, nr_copy_bytes);
	2067	+ memcpy(print_num, data, nr_copy_bytes);
1039	2068
1040	2069	#ifdef __BIG_ENDIAN_BITFIELD
1041	2070	left_shift_bits = bits_offset;
1042	2071	#else
1043		- left_shift_bits = BITS_PER_U64 - nr_copy_bits;
	2072	+ left_shift_bits = BITS_PER_U128 - nr_copy_bits;
1044	2073	#endif
1045		- right_shift_bits = BITS_PER_U64 - nr_bits;
	2074	+ right_shift_bits = BITS_PER_U128 - nr_bits;
1046	2075
1047		- print_num <<= left_shift_bits;
1048		- print_num >>= right_shift_bits;
1049		-
1050		- seq_printf(m, "0x%llx", print_num);
	2076	+ btf_int128_shift(print_num, left_shift_bits, right_shift_bits);
	2077	+ btf_int128_print(show, print_num);
1051	2078	}
1052	2079
1053		-static void btf_int_seq_show(const struct btf btf, const struct btf_type t,
1054		- u32 type_id, void *data, u8 bits_offset,
1055		- struct seq_file *m)
	2080	+
	2081	+static void btf_int_bits_show(const struct btf *btf,
	2082	+ const struct btf_type *t,
	2083	+ void *data, u8 bits_offset,
	2084	+ struct btf_show *show)
	2085	+{
	2086	+ u32 int_data = btf_type_int(t);
	2087	+ u8 nr_bits = BTF_INT_BITS(int_data);
	2088	+ u8 total_bits_offset;
	2089	+
	2090	+ /*
	2091	+ * bits_offset is at most 7.
	2092	+ * BTF_INT_OFFSET() cannot exceed 128 bits.
	2093	+ */
	2094	+ total_bits_offset = bits_offset + BTF_INT_OFFSET(int_data);
	2095	+ data += BITS_ROUNDDOWN_BYTES(total_bits_offset);
	2096	+ bits_offset = BITS_PER_BYTE_MASKED(total_bits_offset);
	2097	+ btf_bitfield_show(data, bits_offset, nr_bits, show);
	2098	+}
	2099	+
	2100	+static void btf_int_show(const struct btf btf, const struct btf_type t,
	2101	+ u32 type_id, void *data, u8 bits_offset,
	2102	+ struct btf_show *show)
1056	2103	{
1057	2104	u32 int_data = btf_type_int(t);
1058	2105	u8 encoding = BTF_INT_ENCODING(int_data);
1059	2106	bool sign = encoding & BTF_INT_SIGNED;
1060	2107	u8 nr_bits = BTF_INT_BITS(int_data);
	2108	+ void *safe_data;
	2109	+
	2110	+ safe_data = btf_show_start_type(show, t, type_id, data);
	2111	+ if (!safe_data)
	2112	+ return;
1061	2113
1062	2114	if (bits_offset \|\| BTF_INT_OFFSET(int_data) \|\|
1063	2115	BITS_PER_BYTE_MASKED(nr_bits)) {
1064		- btf_int_bits_seq_show(btf, t, data, bits_offset, m);
1065		- return;
	2116	+ btf_int_bits_show(btf, t, safe_data, bits_offset, show);
	2117	+ goto out;
1066	2118	}
1067	2119
1068	2120	switch (nr_bits) {
	2121	+ case 128:
	2122	+ btf_int128_print(show, safe_data);
	2123	+ break;
1069	2124	case 64:
1070	2125	if (sign)
1071		- seq_printf(m, "%lld", (s64 )data);
	2126	+ btf_show_type_value(show, "%lld", (s64 )safe_data);
1072	2127	else
1073		- seq_printf(m, "%llu", (u64 )data);
	2128	+ btf_show_type_value(show, "%llu", (u64 )safe_data);
1074	2129	break;
1075	2130	case 32:
1076	2131	if (sign)
1077		- seq_printf(m, "%d", (s32 )data);
	2132	+ btf_show_type_value(show, "%d", (s32 )safe_data);
1078	2133	else
1079		- seq_printf(m, "%u", (u32 )data);
	2134	+ btf_show_type_value(show, "%u", (u32 )safe_data);
1080	2135	break;
1081	2136	case 16:
1082	2137	if (sign)
1083		- seq_printf(m, "%d", (s16 )data);
	2138	+ btf_show_type_value(show, "%d", (s16 )safe_data);
1084	2139	else
1085		- seq_printf(m, "%u", (u16 )data);
	2140	+ btf_show_type_value(show, "%u", (u16 )safe_data);
1086	2141	break;
1087	2142	case 8:
	2143	+ if (show->state.array_encoding == BTF_INT_CHAR) {
	2144	+ /* check for null terminator */
	2145	+ if (show->state.array_terminated)
	2146	+ break;
	2147	+ if ((char )data == '\0') {
	2148	+ show->state.array_terminated = 1;
	2149	+ break;
	2150	+ }
	2151	+ if (isprint((char )data)) {
	2152	+ btf_show_type_value(show, "'%c'",
	2153	+ (char )safe_data);
	2154	+ break;
	2155	+ }
	2156	+ }
1088	2157	if (sign)
1089		- seq_printf(m, "%d", (s8 )data);
	2158	+ btf_show_type_value(show, "%d", (s8 )safe_data);
1090	2159	else
1091		- seq_printf(m, "%u", (u8 )data);
	2160	+ btf_show_type_value(show, "%u", (u8 )safe_data);
1092	2161	break;
1093	2162	default:
1094		- btf_int_bits_seq_show(btf, t, data, bits_offset, m);
	2163	+ btf_int_bits_show(btf, t, safe_data, bits_offset, show);
	2164	+ break;
1095	2165	}
	2166	+out:
	2167	+ btf_show_end_type(show);
1096	2168	}
1097	2169
1098	2170	static const struct btf_kind_operations int_ops = {
1099	2171	.check_meta = btf_int_check_meta,
1100	2172	.resolve = btf_df_resolve,
1101	2173	.check_member = btf_int_check_member,
	2174	+ .check_kflag_member = btf_int_check_kflag_member,
1102	2175	.log_details = btf_int_log,
1103		- .seq_show = btf_int_seq_show,
	2176	+ .show = btf_int_show,
1104	2177	};
1105	2178
1106	2179	static int btf_modifier_check_member(struct btf_verifier_env *env,
..	..	@@ -1126,6 +2199,31 @@
1126	2199	return btf_type_ops(resolved_type)->check_member(env, struct_type,
1127	2200	&resolved_member,
1128	2201	resolved_type);
	2202	+}
	2203	+
	2204	+static int btf_modifier_check_kflag_member(struct btf_verifier_env *env,
	2205	+ const struct btf_type *struct_type,
	2206	+ const struct btf_member *member,
	2207	+ const struct btf_type *member_type)
	2208	+{
	2209	+ const struct btf_type *resolved_type;
	2210	+ u32 resolved_type_id = member->type;
	2211	+ struct btf_member resolved_member;
	2212	+ struct btf *btf = env->btf;
	2213	+
	2214	+ resolved_type = btf_type_id_size(btf, &resolved_type_id, NULL);
	2215	+ if (!resolved_type) {
	2216	+ btf_verifier_log_member(env, struct_type, member,
	2217	+ "Invalid member");
	2218	+ return -EINVAL;
	2219	+ }
	2220	+
	2221	+ resolved_member = *member;
	2222	+ resolved_member.type = resolved_type_id;
	2223	+
	2224	+ return btf_type_ops(resolved_type)->check_kflag_member(env, struct_type,
	2225	+ &resolved_member,
	2226	+ resolved_type);
1129	2227	}
1130	2228
1131	2229	static int btf_ptr_check_member(struct btf_verifier_env *env,
..	..	@@ -1163,6 +2261,11 @@
1163	2261	return -EINVAL;
1164	2262	}
1165	2263
	2264	+ if (btf_type_kflag(t)) {
	2265	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	2266	+ return -EINVAL;
	2267	+ }
	2268	+
1166	2269	if (!BTF_TYPE_ID_VALID(t->type)) {
1167	2270	btf_verifier_log_type(env, t, "Invalid type_id");
1168	2271	return -EINVAL;
..	..	@@ -1196,17 +2299,12 @@
1196	2299	const struct btf_type *next_type;
1197	2300	u32 next_type_id = t->type;
1198	2301	struct btf *btf = env->btf;
1199		- u32 next_type_size = 0;
1200	2302
1201	2303	next_type = btf_type_by_id(btf, next_type_id);
1202		- if (!next_type) {
	2304	+ if (!next_type \|\| btf_type_is_resolve_source_only(next_type)) {
1203	2305	btf_verifier_log_type(env, v->t, "Invalid type_id");
1204	2306	return -EINVAL;
1205	2307	}
1206		-
1207		- /* "typedef void new_void", "const void"...etc */
1208		- if (btf_type_is_void(next_type))
1209		- goto resolved;
1210	2308
1211	2309	if (!env_type_is_resolve_sink(env, next_type) &&
1212	2310	!env_type_is_resolved(env, next_type_id))
..	..	@@ -1218,14 +2316,66 @@
1218	2316	* save us a few type-following when we use it later (e.g. in
1219	2317	* pretty print).
1220	2318	*/
1221		- if (!btf_type_id_size(btf, &next_type_id, &next_type_size) &&
1222		- !btf_type_is_void(btf_type_id_resolve(btf, &next_type_id))) {
	2319	+ if (!btf_type_id_size(btf, &next_type_id, NULL)) {
	2320	+ if (env_type_is_resolved(env, next_type_id))
	2321	+ next_type = btf_type_id_resolve(btf, &next_type_id);
	2322	+
	2323	+ /* "typedef void new_void", "const void"...etc */
	2324	+ if (!btf_type_is_void(next_type) &&
	2325	+ !btf_type_is_fwd(next_type) &&
	2326	+ !btf_type_is_func_proto(next_type)) {
	2327	+ btf_verifier_log_type(env, v->t, "Invalid type_id");
	2328	+ return -EINVAL;
	2329	+ }
	2330	+ }
	2331	+
	2332	+ env_stack_pop_resolved(env, next_type_id, 0);
	2333	+
	2334	+ return 0;
	2335	+}
	2336	+
	2337	+static int btf_var_resolve(struct btf_verifier_env *env,
	2338	+ const struct resolve_vertex *v)
	2339	+{
	2340	+ const struct btf_type *next_type;
	2341	+ const struct btf_type *t = v->t;
	2342	+ u32 next_type_id = t->type;
	2343	+ struct btf *btf = env->btf;
	2344	+
	2345	+ next_type = btf_type_by_id(btf, next_type_id);
	2346	+ if (!next_type \|\| btf_type_is_resolve_source_only(next_type)) {
1223	2347	btf_verifier_log_type(env, v->t, "Invalid type_id");
1224	2348	return -EINVAL;
1225	2349	}
1226	2350
1227		-resolved:
1228		- env_stack_pop_resolved(env, next_type_id, next_type_size);
	2351	+ if (!env_type_is_resolve_sink(env, next_type) &&
	2352	+ !env_type_is_resolved(env, next_type_id))
	2353	+ return env_stack_push(env, next_type, next_type_id);
	2354	+
	2355	+ if (btf_type_is_modifier(next_type)) {
	2356	+ const struct btf_type *resolved_type;
	2357	+ u32 resolved_type_id;
	2358	+
	2359	+ resolved_type_id = next_type_id;
	2360	+ resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
	2361	+
	2362	+ if (btf_type_is_ptr(resolved_type) &&
	2363	+ !env_type_is_resolve_sink(env, resolved_type) &&
	2364	+ !env_type_is_resolved(env, resolved_type_id))
	2365	+ return env_stack_push(env, resolved_type,
	2366	+ resolved_type_id);
	2367	+ }
	2368	+
	2369	+ /* We must resolve to something concrete at this point, no
	2370	+ * forward types or similar that would resolve to size of
	2371	+ * zero is allowed.
	2372	+ */
	2373	+ if (!btf_type_id_size(btf, &next_type_id, NULL)) {
	2374	+ btf_verifier_log_type(env, v->t, "Invalid type_id");
	2375	+ return -EINVAL;
	2376	+ }
	2377	+
	2378	+ env_stack_pop_resolved(env, next_type_id, 0);
1229	2379
1230	2380	return 0;
1231	2381	}
..	..	@@ -1237,17 +2387,12 @@
1237	2387	const struct btf_type *t = v->t;
1238	2388	u32 next_type_id = t->type;
1239	2389	struct btf *btf = env->btf;
1240		- u32 next_type_size = 0;
1241	2390
1242	2391	next_type = btf_type_by_id(btf, next_type_id);
1243		- if (!next_type) {
	2392	+ if (!next_type \|\| btf_type_is_resolve_source_only(next_type)) {
1244	2393	btf_verifier_log_type(env, v->t, "Invalid type_id");
1245	2394	return -EINVAL;
1246	2395	}
1247		-
1248		- /* "void " /
1249		- if (btf_type_is_void(next_type))
1250		- goto resolved;
1251	2396
1252	2397	if (!env_type_is_resolve_sink(env, next_type) &&
1253	2398	!env_type_is_resolved(env, next_type_id))
..	..	@@ -1275,34 +2420,61 @@
1275	2420	resolved_type_id);
1276	2421	}
1277	2422
1278		- if (!btf_type_id_size(btf, &next_type_id, &next_type_size) &&
1279		- !btf_type_is_void(btf_type_id_resolve(btf, &next_type_id))) {
1280		- btf_verifier_log_type(env, v->t, "Invalid type_id");
1281		- return -EINVAL;
	2423	+ if (!btf_type_id_size(btf, &next_type_id, NULL)) {
	2424	+ if (env_type_is_resolved(env, next_type_id))
	2425	+ next_type = btf_type_id_resolve(btf, &next_type_id);
	2426	+
	2427	+ if (!btf_type_is_void(next_type) &&
	2428	+ !btf_type_is_fwd(next_type) &&
	2429	+ !btf_type_is_func_proto(next_type)) {
	2430	+ btf_verifier_log_type(env, v->t, "Invalid type_id");
	2431	+ return -EINVAL;
	2432	+ }
1282	2433	}
1283	2434
1284		-resolved:
1285	2435	env_stack_pop_resolved(env, next_type_id, 0);
1286	2436
1287	2437	return 0;
1288	2438	}
1289	2439
1290		-static void btf_modifier_seq_show(const struct btf *btf,
1291		- const struct btf_type *t,
1292		- u32 type_id, void *data,
1293		- u8 bits_offset, struct seq_file *m)
	2440	+static void btf_modifier_show(const struct btf *btf,
	2441	+ const struct btf_type *t,
	2442	+ u32 type_id, void *data,
	2443	+ u8 bits_offset, struct btf_show *show)
	2444	+{
	2445	+ if (btf->resolved_ids)
	2446	+ t = btf_type_id_resolve(btf, &type_id);
	2447	+ else
	2448	+ t = btf_type_skip_modifiers(btf, type_id, NULL);
	2449	+
	2450	+ btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
	2451	+}
	2452	+
	2453	+static void btf_var_show(const struct btf btf, const struct btf_type t,
	2454	+ u32 type_id, void *data, u8 bits_offset,
	2455	+ struct btf_show *show)
1294	2456	{
1295	2457	t = btf_type_id_resolve(btf, &type_id);
1296	2458
1297		- btf_type_ops(t)->seq_show(btf, t, type_id, data, bits_offset, m);
	2459	+ btf_type_ops(t)->show(btf, t, type_id, data, bits_offset, show);
1298	2460	}
1299	2461
1300		-static void btf_ptr_seq_show(const struct btf btf, const struct btf_type t,
1301		- u32 type_id, void *data, u8 bits_offset,
1302		- struct seq_file *m)
	2462	+static void btf_ptr_show(const struct btf btf, const struct btf_type t,
	2463	+ u32 type_id, void *data, u8 bits_offset,
	2464	+ struct btf_show *show)
1303	2465	{
1304		- /* It is a hashed value */
1305		- seq_printf(m, "%p", (void *)data);
	2466	+ void *safe_data;
	2467	+
	2468	+ safe_data = btf_show_start_type(show, t, type_id, data);
	2469	+ if (!safe_data)
	2470	+ return;
	2471	+
	2472	+ /* It is a hashed value unless BTF_SHOW_PTR_RAW is specified */
	2473	+ if (show->flags & BTF_SHOW_PTR_RAW)
	2474	+ btf_show_type_value(show, "0x%px", (void *)safe_data);
	2475	+ else
	2476	+ btf_show_type_value(show, "0x%p", (void *)safe_data);
	2477	+ btf_show_end_type(show);
1306	2478	}
1307	2479
1308	2480	static void btf_ref_type_log(struct btf_verifier_env *env,
..	..	@@ -1315,16 +2487,18 @@
1315	2487	.check_meta = btf_ref_type_check_meta,
1316	2488	.resolve = btf_modifier_resolve,
1317	2489	.check_member = btf_modifier_check_member,
	2490	+ .check_kflag_member = btf_modifier_check_kflag_member,
1318	2491	.log_details = btf_ref_type_log,
1319		- .seq_show = btf_modifier_seq_show,
	2492	+ .show = btf_modifier_show,
1320	2493	};
1321	2494
1322	2495	static struct btf_kind_operations ptr_ops = {
1323	2496	.check_meta = btf_ref_type_check_meta,
1324	2497	.resolve = btf_ptr_resolve,
1325	2498	.check_member = btf_ptr_check_member,
	2499	+ .check_kflag_member = btf_generic_check_kflag_member,
1326	2500	.log_details = btf_ref_type_log,
1327		- .seq_show = btf_ptr_seq_show,
	2501	+ .show = btf_ptr_show,
1328	2502	};
1329	2503
1330	2504	static s32 btf_fwd_check_meta(struct btf_verifier_env *env,
..	..	@@ -1353,12 +2527,19 @@
1353	2527	return 0;
1354	2528	}
1355	2529
	2530	+static void btf_fwd_type_log(struct btf_verifier_env *env,
	2531	+ const struct btf_type *t)
	2532	+{
	2533	+ btf_verifier_log(env, "%s", btf_type_kflag(t) ? "union" : "struct");
	2534	+}
	2535	+
1356	2536	static struct btf_kind_operations fwd_ops = {
1357	2537	.check_meta = btf_fwd_check_meta,
1358	2538	.resolve = btf_df_resolve,
1359	2539	.check_member = btf_df_check_member,
1360		- .log_details = btf_ref_type_log,
1361		- .seq_show = btf_df_seq_show,
	2540	+ .check_kflag_member = btf_df_check_kflag_member,
	2541	+ .log_details = btf_fwd_type_log,
	2542	+ .show = btf_df_show,
1362	2543	};
1363	2544
1364	2545	static int btf_array_check_member(struct btf_verifier_env *env,
..	..	@@ -1415,6 +2596,11 @@
1415	2596	return -EINVAL;
1416	2597	}
1417	2598
	2599	+ if (btf_type_kflag(t)) {
	2600	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	2601	+ return -EINVAL;
	2602	+ }
	2603	+
1418	2604	if (t->size) {
1419	2605	btf_verifier_log_type(env, t, "size != 0");
1420	2606	return -EINVAL;
..	..	@@ -1450,7 +2636,8 @@
1450	2636	/* Check array->index_type */
1451	2637	index_type_id = array->index_type;
1452	2638	index_type = btf_type_by_id(btf, index_type_id);
1453		- if (btf_type_is_void_or_null(index_type)) {
	2639	+ if (btf_type_nosize_or_null(index_type) \|\|
	2640	+ btf_type_is_resolve_source_only(index_type)) {
1454	2641	btf_verifier_log_type(env, v->t, "Invalid index");
1455	2642	return -EINVAL;
1456	2643	}
..	..	@@ -1469,7 +2656,8 @@
1469	2656	/* Check array->type */
1470	2657	elem_type_id = array->type;
1471	2658	elem_type = btf_type_by_id(btf, elem_type_id);
1472		- if (btf_type_is_void_or_null(elem_type)) {
	2659	+ if (btf_type_nosize_or_null(elem_type) \|\|
	2660	+ btf_type_is_resolve_source_only(elem_type)) {
1473	2661	btf_verifier_log_type(env, v->t,
1474	2662	"Invalid elem");
1475	2663	return -EINVAL;
..	..	@@ -1510,36 +2698,99 @@
1510	2698	array->type, array->index_type, array->nelems);
1511	2699	}
1512	2700
1513		-static void btf_array_seq_show(const struct btf btf, const struct btf_type t,
1514		- u32 type_id, void *data, u8 bits_offset,
1515		- struct seq_file *m)
	2701	+static void __btf_array_show(const struct btf btf, const struct btf_type t,
	2702	+ u32 type_id, void *data, u8 bits_offset,
	2703	+ struct btf_show *show)
1516	2704	{
1517	2705	const struct btf_array *array = btf_type_array(t);
1518	2706	const struct btf_kind_operations *elem_ops;
1519	2707	const struct btf_type *elem_type;
1520		- u32 i, elem_size, elem_type_id;
	2708	+ u32 i, elem_size = 0, elem_type_id;
	2709	+ u16 encoding = 0;
1521	2710
1522	2711	elem_type_id = array->type;
1523		- elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size);
1524		- elem_ops = btf_type_ops(elem_type);
1525		- seq_puts(m, "[");
1526		- for (i = 0; i < array->nelems; i++) {
1527		- if (i)
1528		- seq_puts(m, ",");
	2712	+ elem_type = btf_type_skip_modifiers(btf, elem_type_id, NULL);
	2713	+ if (elem_type && btf_type_has_size(elem_type))
	2714	+ elem_size = elem_type->size;
1529	2715
1530		- elem_ops->seq_show(btf, elem_type, elem_type_id, data,
1531		- bits_offset, m);
1532		- data += elem_size;
	2716	+ if (elem_type && btf_type_is_int(elem_type)) {
	2717	+ u32 int_type = btf_type_int(elem_type);
	2718	+
	2719	+ encoding = BTF_INT_ENCODING(int_type);
	2720	+
	2721	+ /*
	2722	+ * BTF_INT_CHAR encoding never seems to be set for
	2723	+ * char arrays, so if size is 1 and element is
	2724	+ * printable as a char, we'll do that.
	2725	+ */
	2726	+ if (elem_size == 1)
	2727	+ encoding = BTF_INT_CHAR;
1533	2728	}
1534		- seq_puts(m, "]");
	2729	+
	2730	+ if (!btf_show_start_array_type(show, t, type_id, encoding, data))
	2731	+ return;
	2732	+
	2733	+ if (!elem_type)
	2734	+ goto out;
	2735	+ elem_ops = btf_type_ops(elem_type);
	2736	+
	2737	+ for (i = 0; i < array->nelems; i++) {
	2738	+
	2739	+ btf_show_start_array_member(show);
	2740	+
	2741	+ elem_ops->show(btf, elem_type, elem_type_id, data,
	2742	+ bits_offset, show);
	2743	+ data += elem_size;
	2744	+
	2745	+ btf_show_end_array_member(show);
	2746	+
	2747	+ if (show->state.array_terminated)
	2748	+ break;
	2749	+ }
	2750	+out:
	2751	+ btf_show_end_array_type(show);
	2752	+}
	2753	+
	2754	+static void btf_array_show(const struct btf btf, const struct btf_type t,
	2755	+ u32 type_id, void *data, u8 bits_offset,
	2756	+ struct btf_show *show)
	2757	+{
	2758	+ const struct btf_member *m = show->state.member;
	2759	+
	2760	+ /*
	2761	+ * First check if any members would be shown (are non-zero).
	2762	+ * See comments above "struct btf_show" definition for more
	2763	+ * details on how this works at a high-level.
	2764	+ */
	2765	+ if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
	2766	+ if (!show->state.depth_check) {
	2767	+ show->state.depth_check = show->state.depth + 1;
	2768	+ show->state.depth_to_show = 0;
	2769	+ }
	2770	+ __btf_array_show(btf, t, type_id, data, bits_offset, show);
	2771	+ show->state.member = m;
	2772	+
	2773	+ if (show->state.depth_check != show->state.depth + 1)
	2774	+ return;
	2775	+ show->state.depth_check = 0;
	2776	+
	2777	+ if (show->state.depth_to_show <= show->state.depth)
	2778	+ return;
	2779	+ /*
	2780	+ * Reaching here indicates we have recursed and found
	2781	+ * non-zero array member(s).
	2782	+ */
	2783	+ }
	2784	+ __btf_array_show(btf, t, type_id, data, bits_offset, show);
1535	2785	}
1536	2786
1537	2787	static struct btf_kind_operations array_ops = {
1538	2788	.check_meta = btf_array_check_meta,
1539	2789	.resolve = btf_array_resolve,
1540	2790	.check_member = btf_array_check_member,
	2791	+ .check_kflag_member = btf_generic_check_kflag_member,
1541	2792	.log_details = btf_array_log,
1542		- .seq_show = btf_array_seq_show,
	2793	+ .show = btf_array_show,
1543	2794	};
1544	2795
1545	2796	static int btf_struct_check_member(struct btf_verifier_env *env,
..	..	@@ -1576,6 +2827,7 @@
1576	2827	u32 meta_needed, last_offset;
1577	2828	struct btf *btf = env->btf;
1578	2829	u32 struct_size = t->size;
	2830	+ u32 offset;
1579	2831	u16 i;
1580	2832
1581	2833	meta_needed = btf_type_vlen(t) * sizeof(*member);
..	..	@@ -1617,7 +2869,8 @@
1617	2869	return -EINVAL;
1618	2870	}
1619	2871
1620		- if (is_union && member->offset) {
	2872	+ offset = btf_member_bit_offset(t, member);
	2873	+ if (is_union && offset) {
1621	2874	btf_verifier_log_member(env, t, member,
1622	2875	"Invalid member bits_offset");
1623	2876	return -EINVAL;
..	..	@@ -1627,20 +2880,20 @@
1627	2880	* ">" instead of ">=" because the last member could be
1628	2881	* "char a[0];"
1629	2882	*/
1630		- if (last_offset > member->offset) {
	2883	+ if (last_offset > offset) {
1631	2884	btf_verifier_log_member(env, t, member,
1632	2885	"Invalid member bits_offset");
1633	2886	return -EINVAL;
1634	2887	}
1635	2888
1636		- if (BITS_ROUNDUP_BYTES(member->offset) > struct_size) {
	2889	+ if (BITS_ROUNDUP_BYTES(offset) > struct_size) {
1637	2890	btf_verifier_log_member(env, t, member,
1638		- "Memmber bits_offset exceeds its struct size");
	2891	+ "Member bits_offset exceeds its struct size");
1639	2892	return -EINVAL;
1640	2893	}
1641	2894
1642	2895	btf_verifier_log_member(env, t, member, NULL);
1643		- last_offset = member->offset;
	2896	+ last_offset = offset;
1644	2897	}
1645	2898
1646	2899	return meta_needed;
..	..	@@ -1660,7 +2913,7 @@
1660	2913	if (v->next_member) {
1661	2914	const struct btf_type *last_member_type;
1662	2915	const struct btf_member *last_member;
1663		- u16 last_member_type_id;
	2916	+ u32 last_member_type_id;
1664	2917
1665	2918	last_member = btf_type_member(v->t) + v->next_member - 1;
1666	2919	last_member_type_id = last_member->type;
..	..	@@ -1670,9 +2923,14 @@
1670	2923
1671	2924	last_member_type = btf_type_by_id(env->btf,
1672	2925	last_member_type_id);
1673		- err = btf_type_ops(last_member_type)->check_member(env, v->t,
1674		- last_member,
1675		- last_member_type);
	2926	+ if (btf_type_kflag(v->t))
	2927	+ err = btf_type_ops(last_member_type)->check_kflag_member(env, v->t,
	2928	+ last_member,
	2929	+ last_member_type);
	2930	+ else
	2931	+ err = btf_type_ops(last_member_type)->check_member(env, v->t,
	2932	+ last_member,
	2933	+ last_member_type);
1676	2934	if (err)
1677	2935	return err;
1678	2936	}
..	..	@@ -1682,7 +2940,8 @@
1682	2940	const struct btf_type *member_type = btf_type_by_id(env->btf,
1683	2941	member_type_id);
1684	2942
1685		- if (btf_type_is_void_or_null(member_type)) {
	2943	+ if (btf_type_nosize_or_null(member_type) \|\|
	2944	+ btf_type_is_resolve_source_only(member_type)) {
1686	2945	btf_verifier_log_member(env, v->t, member,
1687	2946	"Invalid member");
1688	2947	return -EINVAL;
..	..	@@ -1694,9 +2953,14 @@
1694	2953	return env_stack_push(env, member_type, member_type_id);
1695	2954	}
1696	2955
1697		- err = btf_type_ops(member_type)->check_member(env, v->t,
1698		- member,
1699		- member_type);
	2956	+ if (btf_type_kflag(v->t))
	2957	+ err = btf_type_ops(member_type)->check_kflag_member(env, v->t,
	2958	+ member,
	2959	+ member_type);
	2960	+ else
	2961	+ err = btf_type_ops(member_type)->check_member(env, v->t,
	2962	+ member,
	2963	+ member_type);
1700	2964	if (err)
1701	2965	return err;
1702	2966	}
..	..	@@ -1712,39 +2976,131 @@
1712	2976	btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
1713	2977	}
1714	2978
1715		-static void btf_struct_seq_show(const struct btf btf, const struct btf_type t,
1716		- u32 type_id, void *data, u8 bits_offset,
1717		- struct seq_file *m)
	2979	+/* find 'struct bpf_spin_lock' in map value.
	2980	+ * return >= 0 offset if found
	2981	+ * and < 0 in case of error
	2982	+ */
	2983	+int btf_find_spin_lock(const struct btf btf, const struct btf_type t)
1718	2984	{
1719		- const char *seq = BTF_INFO_KIND(t->info) == BTF_KIND_UNION ? "\|" : ",";
1720	2985	const struct btf_member *member;
	2986	+ u32 i, off = -ENOENT;
	2987	+
	2988	+ if (!__btf_type_is_struct(t))
	2989	+ return -EINVAL;
	2990	+
	2991	+ for_each_member(i, t, member) {
	2992	+ const struct btf_type *member_type = btf_type_by_id(btf,
	2993	+ member->type);
	2994	+ if (!__btf_type_is_struct(member_type))
	2995	+ continue;
	2996	+ if (member_type->size != sizeof(struct bpf_spin_lock))
	2997	+ continue;
	2998	+ if (strcmp(__btf_name_by_offset(btf, member_type->name_off),
	2999	+ "bpf_spin_lock"))
	3000	+ continue;
	3001	+ if (off != -ENOENT)
	3002	+ /* only one 'struct bpf_spin_lock' is allowed */
	3003	+ return -E2BIG;
	3004	+ off = btf_member_bit_offset(t, member);
	3005	+ if (off % 8)
	3006	+ /* valid C code cannot generate such BTF */
	3007	+ return -EINVAL;
	3008	+ off /= 8;
	3009	+ if (off % __alignof__(struct bpf_spin_lock))
	3010	+ /* valid struct bpf_spin_lock will be 4 byte aligned */
	3011	+ return -EINVAL;
	3012	+ }
	3013	+ return off;
	3014	+}
	3015	+
	3016	+static void __btf_struct_show(const struct btf btf, const struct btf_type t,
	3017	+ u32 type_id, void *data, u8 bits_offset,
	3018	+ struct btf_show *show)
	3019	+{
	3020	+ const struct btf_member *member;
	3021	+ void *safe_data;
1721	3022	u32 i;
1722	3023
1723		- seq_puts(m, "{");
	3024	+ safe_data = btf_show_start_struct_type(show, t, type_id, data);
	3025	+ if (!safe_data)
	3026	+ return;
	3027	+
1724	3028	for_each_member(i, t, member) {
1725	3029	const struct btf_type *member_type = btf_type_by_id(btf,
1726	3030	member->type);
1727		- u32 member_offset = member->offset;
1728		- u32 bytes_offset = BITS_ROUNDDOWN_BYTES(member_offset);
1729		- u8 bits8_offset = BITS_PER_BYTE_MASKED(member_offset);
1730	3031	const struct btf_kind_operations *ops;
	3032	+ u32 member_offset, bitfield_size;
	3033	+ u32 bytes_offset;
	3034	+ u8 bits8_offset;
1731	3035
1732		- if (i)
1733		- seq_puts(m, seq);
	3036	+ btf_show_start_member(show, member);
1734	3037
1735		- ops = btf_type_ops(member_type);
1736		- ops->seq_show(btf, member_type, member->type,
1737		- data + bytes_offset, bits8_offset, m);
	3038	+ member_offset = btf_member_bit_offset(t, member);
	3039	+ bitfield_size = btf_member_bitfield_size(t, member);
	3040	+ bytes_offset = BITS_ROUNDDOWN_BYTES(member_offset);
	3041	+ bits8_offset = BITS_PER_BYTE_MASKED(member_offset);
	3042	+ if (bitfield_size) {
	3043	+ safe_data = btf_show_start_type(show, member_type,
	3044	+ member->type,
	3045	+ data + bytes_offset);
	3046	+ if (safe_data)
	3047	+ btf_bitfield_show(safe_data,
	3048	+ bits8_offset,
	3049	+ bitfield_size, show);
	3050	+ btf_show_end_type(show);
	3051	+ } else {
	3052	+ ops = btf_type_ops(member_type);
	3053	+ ops->show(btf, member_type, member->type,
	3054	+ data + bytes_offset, bits8_offset, show);
	3055	+ }
	3056	+
	3057	+ btf_show_end_member(show);
1738	3058	}
1739		- seq_puts(m, "}");
	3059	+
	3060	+ btf_show_end_struct_type(show);
	3061	+}
	3062	+
	3063	+static void btf_struct_show(const struct btf btf, const struct btf_type t,
	3064	+ u32 type_id, void *data, u8 bits_offset,
	3065	+ struct btf_show *show)
	3066	+{
	3067	+ const struct btf_member *m = show->state.member;
	3068	+
	3069	+ /*
	3070	+ * First check if any members would be shown (are non-zero).
	3071	+ * See comments above "struct btf_show" definition for more
	3072	+ * details on how this works at a high-level.
	3073	+ */
	3074	+ if (show->state.depth > 0 && !(show->flags & BTF_SHOW_ZERO)) {
	3075	+ if (!show->state.depth_check) {
	3076	+ show->state.depth_check = show->state.depth + 1;
	3077	+ show->state.depth_to_show = 0;
	3078	+ }
	3079	+ __btf_struct_show(btf, t, type_id, data, bits_offset, show);
	3080	+ /* Restore saved member data here */
	3081	+ show->state.member = m;
	3082	+ if (show->state.depth_check != show->state.depth + 1)
	3083	+ return;
	3084	+ show->state.depth_check = 0;
	3085	+
	3086	+ if (show->state.depth_to_show <= show->state.depth)
	3087	+ return;
	3088	+ /*
	3089	+ * Reaching here indicates we have recursed and found
	3090	+ * non-zero child values.
	3091	+ */
	3092	+ }
	3093	+
	3094	+ __btf_struct_show(btf, t, type_id, data, bits_offset, show);
1740	3095	}
1741	3096
1742	3097	static struct btf_kind_operations struct_ops = {
1743	3098	.check_meta = btf_struct_check_meta,
1744	3099	.resolve = btf_struct_resolve,
1745	3100	.check_member = btf_struct_check_member,
	3101	+ .check_kflag_member = btf_generic_check_kflag_member,
1746	3102	.log_details = btf_struct_log,
1747		- .seq_show = btf_struct_seq_show,
	3103	+ .show = btf_struct_show,
1748	3104	};
1749	3105
1750	3106	static int btf_enum_check_member(struct btf_verifier_env *env,
..	..	@@ -1772,6 +3128,41 @@
1772	3128	return 0;
1773	3129	}
1774	3130
	3131	+static int btf_enum_check_kflag_member(struct btf_verifier_env *env,
	3132	+ const struct btf_type *struct_type,
	3133	+ const struct btf_member *member,
	3134	+ const struct btf_type *member_type)
	3135	+{
	3136	+ u32 struct_bits_off, nr_bits, bytes_end, struct_size;
	3137	+ u32 int_bitsize = sizeof(int) * BITS_PER_BYTE;
	3138	+
	3139	+ struct_bits_off = BTF_MEMBER_BIT_OFFSET(member->offset);
	3140	+ nr_bits = BTF_MEMBER_BITFIELD_SIZE(member->offset);
	3141	+ if (!nr_bits) {
	3142	+ if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
	3143	+ btf_verifier_log_member(env, struct_type, member,
	3144	+ "Member is not byte aligned");
	3145	+ return -EINVAL;
	3146	+ }
	3147	+
	3148	+ nr_bits = int_bitsize;
	3149	+ } else if (nr_bits > int_bitsize) {
	3150	+ btf_verifier_log_member(env, struct_type, member,
	3151	+ "Invalid member bitfield_size");
	3152	+ return -EINVAL;
	3153	+ }
	3154	+
	3155	+ struct_size = struct_type->size;
	3156	+ bytes_end = BITS_ROUNDUP_BYTES(struct_bits_off + nr_bits);
	3157	+ if (struct_size < bytes_end) {
	3158	+ btf_verifier_log_member(env, struct_type, member,
	3159	+ "Member exceeds struct_size");
	3160	+ return -EINVAL;
	3161	+ }
	3162	+
	3163	+ return 0;
	3164	+}
	3165	+
1775	3166	static s32 btf_enum_check_meta(struct btf_verifier_env *env,
1776	3167	const struct btf_type *t,
1777	3168	u32 meta_left)
..	..	@@ -1791,9 +3182,13 @@
1791	3182	return -EINVAL;
1792	3183	}
1793	3184
1794		- if (t->size != sizeof(int)) {
1795		- btf_verifier_log_type(env, t, "Expected size:%zu",
1796		- sizeof(int));
	3185	+ if (btf_type_kflag(t)) {
	3186	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	3187	+ return -EINVAL;
	3188	+ }
	3189	+
	3190	+ if (t->size > 8 \|\| !is_power_of_2(t->size)) {
	3191	+ btf_verifier_log_type(env, t, "Unexpected size");
1797	3192	return -EINVAL;
1798	3193	}
1799	3194
..	..	@@ -1820,9 +3215,10 @@
1820	3215	return -EINVAL;
1821	3216	}
1822	3217
1823		-
	3218	+ if (env->log.level == BPF_LOG_KERNEL)
	3219	+ continue;
1824	3220	btf_verifier_log(env, "\t%s val=%d\n",
1825		- btf_name_by_offset(btf, enums[i].name_off),
	3221	+ __btf_name_by_offset(btf, enums[i].name_off),
1826	3222	enums[i].val);
1827	3223	}
1828	3224
..	..	@@ -1835,32 +3231,503 @@
1835	3231	btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
1836	3232	}
1837	3233
1838		-static void btf_enum_seq_show(const struct btf btf, const struct btf_type t,
1839		- u32 type_id, void *data, u8 bits_offset,
1840		- struct seq_file *m)
	3234	+static void btf_enum_show(const struct btf btf, const struct btf_type t,
	3235	+ u32 type_id, void *data, u8 bits_offset,
	3236	+ struct btf_show *show)
1841	3237	{
1842	3238	const struct btf_enum *enums = btf_type_enum(t);
1843	3239	u32 i, nr_enums = btf_type_vlen(t);
1844		- int v = (int )data;
	3240	+ void *safe_data;
	3241	+ int v;
	3242	+
	3243	+ safe_data = btf_show_start_type(show, t, type_id, data);
	3244	+ if (!safe_data)
	3245	+ return;
	3246	+
	3247	+ v = (int )safe_data;
1845	3248
1846	3249	for (i = 0; i < nr_enums; i++) {
1847		- if (v == enums[i].val) {
1848		- seq_printf(m, "%s",
1849		- btf_name_by_offset(btf, enums[i].name_off));
1850		- return;
1851		- }
	3250	+ if (v != enums[i].val)
	3251	+ continue;
	3252	+
	3253	+ btf_show_type_value(show, "%s",
	3254	+ __btf_name_by_offset(btf,
	3255	+ enums[i].name_off));
	3256	+
	3257	+ btf_show_end_type(show);
	3258	+ return;
1852	3259	}
1853	3260
1854		- seq_printf(m, "%d", v);
	3261	+ btf_show_type_value(show, "%d", v);
	3262	+ btf_show_end_type(show);
1855	3263	}
1856	3264
1857	3265	static struct btf_kind_operations enum_ops = {
1858	3266	.check_meta = btf_enum_check_meta,
1859	3267	.resolve = btf_df_resolve,
1860	3268	.check_member = btf_enum_check_member,
	3269	+ .check_kflag_member = btf_enum_check_kflag_member,
1861	3270	.log_details = btf_enum_log,
1862		- .seq_show = btf_enum_seq_show,
	3271	+ .show = btf_enum_show,
1863	3272	};
	3273	+
	3274	+static s32 btf_func_proto_check_meta(struct btf_verifier_env *env,
	3275	+ const struct btf_type *t,
	3276	+ u32 meta_left)
	3277	+{
	3278	+ u32 meta_needed = btf_type_vlen(t) * sizeof(struct btf_param);
	3279	+
	3280	+ if (meta_left < meta_needed) {
	3281	+ btf_verifier_log_basic(env, t,
	3282	+ "meta_left:%u meta_needed:%u",
	3283	+ meta_left, meta_needed);
	3284	+ return -EINVAL;
	3285	+ }
	3286	+
	3287	+ if (t->name_off) {
	3288	+ btf_verifier_log_type(env, t, "Invalid name");
	3289	+ return -EINVAL;
	3290	+ }
	3291	+
	3292	+ if (btf_type_kflag(t)) {
	3293	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	3294	+ return -EINVAL;
	3295	+ }
	3296	+
	3297	+ btf_verifier_log_type(env, t, NULL);
	3298	+
	3299	+ return meta_needed;
	3300	+}
	3301	+
	3302	+static void btf_func_proto_log(struct btf_verifier_env *env,
	3303	+ const struct btf_type *t)
	3304	+{
	3305	+ const struct btf_param args = (const struct btf_param )(t + 1);
	3306	+ u16 nr_args = btf_type_vlen(t), i;
	3307	+
	3308	+ btf_verifier_log(env, "return=%u args=(", t->type);
	3309	+ if (!nr_args) {
	3310	+ btf_verifier_log(env, "void");
	3311	+ goto done;
	3312	+ }
	3313	+
	3314	+ if (nr_args == 1 && !args[0].type) {
	3315	+ /* Only one vararg */
	3316	+ btf_verifier_log(env, "vararg");
	3317	+ goto done;
	3318	+ }
	3319	+
	3320	+ btf_verifier_log(env, "%u %s", args[0].type,
	3321	+ __btf_name_by_offset(env->btf,
	3322	+ args[0].name_off));
	3323	+ for (i = 1; i < nr_args - 1; i++)
	3324	+ btf_verifier_log(env, ", %u %s", args[i].type,
	3325	+ __btf_name_by_offset(env->btf,
	3326	+ args[i].name_off));
	3327	+
	3328	+ if (nr_args > 1) {
	3329	+ const struct btf_param *last_arg = &args[nr_args - 1];
	3330	+
	3331	+ if (last_arg->type)
	3332	+ btf_verifier_log(env, ", %u %s", last_arg->type,
	3333	+ __btf_name_by_offset(env->btf,
	3334	+ last_arg->name_off));
	3335	+ else
	3336	+ btf_verifier_log(env, ", vararg");
	3337	+ }
	3338	+
	3339	+done:
	3340	+ btf_verifier_log(env, ")");
	3341	+}
	3342	+
	3343	+static struct btf_kind_operations func_proto_ops = {
	3344	+ .check_meta = btf_func_proto_check_meta,
	3345	+ .resolve = btf_df_resolve,
	3346	+ /*
	3347	+ * BTF_KIND_FUNC_PROTO cannot be directly referred by
	3348	+ * a struct's member.
	3349	+ *
	3350	+ * It should be a funciton pointer instead.
	3351	+ * (i.e. struct's member -> BTF_KIND_PTR -> BTF_KIND_FUNC_PROTO)
	3352	+ *
	3353	+ * Hence, there is no btf_func_check_member().
	3354	+ */
	3355	+ .check_member = btf_df_check_member,
	3356	+ .check_kflag_member = btf_df_check_kflag_member,
	3357	+ .log_details = btf_func_proto_log,
	3358	+ .show = btf_df_show,
	3359	+};
	3360	+
	3361	+static s32 btf_func_check_meta(struct btf_verifier_env *env,
	3362	+ const struct btf_type *t,
	3363	+ u32 meta_left)
	3364	+{
	3365	+ if (!t->name_off \|\|
	3366	+ !btf_name_valid_identifier(env->btf, t->name_off)) {
	3367	+ btf_verifier_log_type(env, t, "Invalid name");
	3368	+ return -EINVAL;
	3369	+ }
	3370	+
	3371	+ if (btf_type_vlen(t) > BTF_FUNC_GLOBAL) {
	3372	+ btf_verifier_log_type(env, t, "Invalid func linkage");
	3373	+ return -EINVAL;
	3374	+ }
	3375	+
	3376	+ if (btf_type_kflag(t)) {
	3377	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	3378	+ return -EINVAL;
	3379	+ }
	3380	+
	3381	+ btf_verifier_log_type(env, t, NULL);
	3382	+
	3383	+ return 0;
	3384	+}
	3385	+
	3386	+static struct btf_kind_operations func_ops = {
	3387	+ .check_meta = btf_func_check_meta,
	3388	+ .resolve = btf_df_resolve,
	3389	+ .check_member = btf_df_check_member,
	3390	+ .check_kflag_member = btf_df_check_kflag_member,
	3391	+ .log_details = btf_ref_type_log,
	3392	+ .show = btf_df_show,
	3393	+};
	3394	+
	3395	+static s32 btf_var_check_meta(struct btf_verifier_env *env,
	3396	+ const struct btf_type *t,
	3397	+ u32 meta_left)
	3398	+{
	3399	+ const struct btf_var *var;
	3400	+ u32 meta_needed = sizeof(*var);
	3401	+
	3402	+ if (meta_left < meta_needed) {
	3403	+ btf_verifier_log_basic(env, t,
	3404	+ "meta_left:%u meta_needed:%u",
	3405	+ meta_left, meta_needed);
	3406	+ return -EINVAL;
	3407	+ }
	3408	+
	3409	+ if (btf_type_vlen(t)) {
	3410	+ btf_verifier_log_type(env, t, "vlen != 0");
	3411	+ return -EINVAL;
	3412	+ }
	3413	+
	3414	+ if (btf_type_kflag(t)) {
	3415	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	3416	+ return -EINVAL;
	3417	+ }
	3418	+
	3419	+ if (!t->name_off \|\|
	3420	+ !__btf_name_valid(env->btf, t->name_off, true)) {
	3421	+ btf_verifier_log_type(env, t, "Invalid name");
	3422	+ return -EINVAL;
	3423	+ }
	3424	+
	3425	+ /* A var cannot be in type void */
	3426	+ if (!t->type \|\| !BTF_TYPE_ID_VALID(t->type)) {
	3427	+ btf_verifier_log_type(env, t, "Invalid type_id");
	3428	+ return -EINVAL;
	3429	+ }
	3430	+
	3431	+ var = btf_type_var(t);
	3432	+ if (var->linkage != BTF_VAR_STATIC &&
	3433	+ var->linkage != BTF_VAR_GLOBAL_ALLOCATED) {
	3434	+ btf_verifier_log_type(env, t, "Linkage not supported");
	3435	+ return -EINVAL;
	3436	+ }
	3437	+
	3438	+ btf_verifier_log_type(env, t, NULL);
	3439	+
	3440	+ return meta_needed;
	3441	+}
	3442	+
	3443	+static void btf_var_log(struct btf_verifier_env env, const struct btf_type t)
	3444	+{
	3445	+ const struct btf_var *var = btf_type_var(t);
	3446	+
	3447	+ btf_verifier_log(env, "type_id=%u linkage=%u", t->type, var->linkage);
	3448	+}
	3449	+
	3450	+static const struct btf_kind_operations var_ops = {
	3451	+ .check_meta = btf_var_check_meta,
	3452	+ .resolve = btf_var_resolve,
	3453	+ .check_member = btf_df_check_member,
	3454	+ .check_kflag_member = btf_df_check_kflag_member,
	3455	+ .log_details = btf_var_log,
	3456	+ .show = btf_var_show,
	3457	+};
	3458	+
	3459	+static s32 btf_datasec_check_meta(struct btf_verifier_env *env,
	3460	+ const struct btf_type *t,
	3461	+ u32 meta_left)
	3462	+{
	3463	+ const struct btf_var_secinfo *vsi;
	3464	+ u64 last_vsi_end_off = 0, sum = 0;
	3465	+ u32 i, meta_needed;
	3466	+
	3467	+ meta_needed = btf_type_vlen(t) * sizeof(*vsi);
	3468	+ if (meta_left < meta_needed) {
	3469	+ btf_verifier_log_basic(env, t,
	3470	+ "meta_left:%u meta_needed:%u",
	3471	+ meta_left, meta_needed);
	3472	+ return -EINVAL;
	3473	+ }
	3474	+
	3475	+ if (!btf_type_vlen(t)) {
	3476	+ btf_verifier_log_type(env, t, "vlen == 0");
	3477	+ return -EINVAL;
	3478	+ }
	3479	+
	3480	+ if (!t->size) {
	3481	+ btf_verifier_log_type(env, t, "size == 0");
	3482	+ return -EINVAL;
	3483	+ }
	3484	+
	3485	+ if (btf_type_kflag(t)) {
	3486	+ btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
	3487	+ return -EINVAL;
	3488	+ }
	3489	+
	3490	+ if (!t->name_off \|\|
	3491	+ !btf_name_valid_section(env->btf, t->name_off)) {
	3492	+ btf_verifier_log_type(env, t, "Invalid name");
	3493	+ return -EINVAL;
	3494	+ }
	3495	+
	3496	+ btf_verifier_log_type(env, t, NULL);
	3497	+
	3498	+ for_each_vsi(i, t, vsi) {
	3499	+ /* A var cannot be in type void */
	3500	+ if (!vsi->type \|\| !BTF_TYPE_ID_VALID(vsi->type)) {
	3501	+ btf_verifier_log_vsi(env, t, vsi,
	3502	+ "Invalid type_id");
	3503	+ return -EINVAL;
	3504	+ }
	3505	+
	3506	+ if (vsi->offset < last_vsi_end_off \|\| vsi->offset >= t->size) {
	3507	+ btf_verifier_log_vsi(env, t, vsi,
	3508	+ "Invalid offset");
	3509	+ return -EINVAL;
	3510	+ }
	3511	+
	3512	+ if (!vsi->size \|\| vsi->size > t->size) {
	3513	+ btf_verifier_log_vsi(env, t, vsi,
	3514	+ "Invalid size");
	3515	+ return -EINVAL;
	3516	+ }
	3517	+
	3518	+ last_vsi_end_off = vsi->offset + vsi->size;
	3519	+ if (last_vsi_end_off > t->size) {
	3520	+ btf_verifier_log_vsi(env, t, vsi,
	3521	+ "Invalid offset+size");
	3522	+ return -EINVAL;
	3523	+ }
	3524	+
	3525	+ btf_verifier_log_vsi(env, t, vsi, NULL);
	3526	+ sum += vsi->size;
	3527	+ }
	3528	+
	3529	+ if (t->size < sum) {
	3530	+ btf_verifier_log_type(env, t, "Invalid btf_info size");
	3531	+ return -EINVAL;
	3532	+ }
	3533	+
	3534	+ return meta_needed;
	3535	+}
	3536	+
	3537	+static int btf_datasec_resolve(struct btf_verifier_env *env,
	3538	+ const struct resolve_vertex *v)
	3539	+{
	3540	+ const struct btf_var_secinfo *vsi;
	3541	+ struct btf *btf = env->btf;
	3542	+ u16 i;
	3543	+
	3544	+ for_each_vsi_from(i, v->next_member, v->t, vsi) {
	3545	+ u32 var_type_id = vsi->type, type_id, type_size = 0;
	3546	+ const struct btf_type *var_type = btf_type_by_id(env->btf,
	3547	+ var_type_id);
	3548	+ if (!var_type \|\| !btf_type_is_var(var_type)) {
	3549	+ btf_verifier_log_vsi(env, v->t, vsi,
	3550	+ "Not a VAR kind member");
	3551	+ return -EINVAL;
	3552	+ }
	3553	+
	3554	+ if (!env_type_is_resolve_sink(env, var_type) &&
	3555	+ !env_type_is_resolved(env, var_type_id)) {
	3556	+ env_stack_set_next_member(env, i + 1);
	3557	+ return env_stack_push(env, var_type, var_type_id);
	3558	+ }
	3559	+
	3560	+ type_id = var_type->type;
	3561	+ if (!btf_type_id_size(btf, &type_id, &type_size)) {
	3562	+ btf_verifier_log_vsi(env, v->t, vsi, "Invalid type");
	3563	+ return -EINVAL;
	3564	+ }
	3565	+
	3566	+ if (vsi->size < type_size) {
	3567	+ btf_verifier_log_vsi(env, v->t, vsi, "Invalid size");
	3568	+ return -EINVAL;
	3569	+ }
	3570	+ }
	3571	+
	3572	+ env_stack_pop_resolved(env, 0, 0);
	3573	+ return 0;
	3574	+}
	3575	+
	3576	+static void btf_datasec_log(struct btf_verifier_env *env,
	3577	+ const struct btf_type *t)
	3578	+{
	3579	+ btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
	3580	+}
	3581	+
	3582	+static void btf_datasec_show(const struct btf *btf,
	3583	+ const struct btf_type *t, u32 type_id,
	3584	+ void *data, u8 bits_offset,
	3585	+ struct btf_show *show)
	3586	+{
	3587	+ const struct btf_var_secinfo *vsi;
	3588	+ const struct btf_type *var;
	3589	+ u32 i;
	3590	+
	3591	+ if (!btf_show_start_type(show, t, type_id, data))
	3592	+ return;
	3593	+
	3594	+ btf_show_type_value(show, "section (\"%s\") = {",
	3595	+ __btf_name_by_offset(btf, t->name_off));
	3596	+ for_each_vsi(i, t, vsi) {
	3597	+ var = btf_type_by_id(btf, vsi->type);
	3598	+ if (i)
	3599	+ btf_show(show, ",");
	3600	+ btf_type_ops(var)->show(btf, var, vsi->type,
	3601	+ data + vsi->offset, bits_offset, show);
	3602	+ }
	3603	+ btf_show_end_type(show);
	3604	+}
	3605	+
	3606	+static const struct btf_kind_operations datasec_ops = {
	3607	+ .check_meta = btf_datasec_check_meta,
	3608	+ .resolve = btf_datasec_resolve,
	3609	+ .check_member = btf_df_check_member,
	3610	+ .check_kflag_member = btf_df_check_kflag_member,
	3611	+ .log_details = btf_datasec_log,
	3612	+ .show = btf_datasec_show,
	3613	+};
	3614	+
	3615	+static int btf_func_proto_check(struct btf_verifier_env *env,
	3616	+ const struct btf_type *t)
	3617	+{
	3618	+ const struct btf_type *ret_type;
	3619	+ const struct btf_param *args;
	3620	+ const struct btf *btf;
	3621	+ u16 nr_args, i;
	3622	+ int err;
	3623	+
	3624	+ btf = env->btf;
	3625	+ args = (const struct btf_param *)(t + 1);
	3626	+ nr_args = btf_type_vlen(t);
	3627	+
	3628	+ /* Check func return type which could be "void" (t->type == 0) */
	3629	+ if (t->type) {
	3630	+ u32 ret_type_id = t->type;
	3631	+
	3632	+ ret_type = btf_type_by_id(btf, ret_type_id);
	3633	+ if (!ret_type) {
	3634	+ btf_verifier_log_type(env, t, "Invalid return type");
	3635	+ return -EINVAL;
	3636	+ }
	3637	+
	3638	+ if (btf_type_needs_resolve(ret_type) &&
	3639	+ !env_type_is_resolved(env, ret_type_id)) {
	3640	+ err = btf_resolve(env, ret_type, ret_type_id);
	3641	+ if (err)
	3642	+ return err;
	3643	+ }
	3644	+
	3645	+ /* Ensure the return type is a type that has a size */
	3646	+ if (!btf_type_id_size(btf, &ret_type_id, NULL)) {
	3647	+ btf_verifier_log_type(env, t, "Invalid return type");
	3648	+ return -EINVAL;
	3649	+ }
	3650	+ }
	3651	+
	3652	+ if (!nr_args)
	3653	+ return 0;
	3654	+
	3655	+ /* Last func arg type_id could be 0 if it is a vararg */
	3656	+ if (!args[nr_args - 1].type) {
	3657	+ if (args[nr_args - 1].name_off) {
	3658	+ btf_verifier_log_type(env, t, "Invalid arg#%u",
	3659	+ nr_args);
	3660	+ return -EINVAL;
	3661	+ }
	3662	+ nr_args--;
	3663	+ }
	3664	+
	3665	+ err = 0;
	3666	+ for (i = 0; i < nr_args; i++) {
	3667	+ const struct btf_type *arg_type;
	3668	+ u32 arg_type_id;
	3669	+
	3670	+ arg_type_id = args[i].type;
	3671	+ arg_type = btf_type_by_id(btf, arg_type_id);
	3672	+ if (!arg_type) {
	3673	+ btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
	3674	+ err = -EINVAL;
	3675	+ break;
	3676	+ }
	3677	+
	3678	+ if (args[i].name_off &&
	3679	+ (!btf_name_offset_valid(btf, args[i].name_off) \|\|
	3680	+ !btf_name_valid_identifier(btf, args[i].name_off))) {
	3681	+ btf_verifier_log_type(env, t,
	3682	+ "Invalid arg#%u", i + 1);
	3683	+ err = -EINVAL;
	3684	+ break;
	3685	+ }
	3686	+
	3687	+ if (btf_type_needs_resolve(arg_type) &&
	3688	+ !env_type_is_resolved(env, arg_type_id)) {
	3689	+ err = btf_resolve(env, arg_type, arg_type_id);
	3690	+ if (err)
	3691	+ break;
	3692	+ }
	3693	+
	3694	+ if (!btf_type_id_size(btf, &arg_type_id, NULL)) {
	3695	+ btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
	3696	+ err = -EINVAL;
	3697	+ break;
	3698	+ }
	3699	+ }
	3700	+
	3701	+ return err;
	3702	+}
	3703	+
	3704	+static int btf_func_check(struct btf_verifier_env *env,
	3705	+ const struct btf_type *t)
	3706	+{
	3707	+ const struct btf_type *proto_type;
	3708	+ const struct btf_param *args;
	3709	+ const struct btf *btf;
	3710	+ u16 nr_args, i;
	3711	+
	3712	+ btf = env->btf;
	3713	+ proto_type = btf_type_by_id(btf, t->type);
	3714	+
	3715	+ if (!proto_type \|\| !btf_type_is_func_proto(proto_type)) {
	3716	+ btf_verifier_log_type(env, t, "Invalid type_id");
	3717	+ return -EINVAL;
	3718	+ }
	3719	+
	3720	+ args = (const struct btf_param *)(proto_type + 1);
	3721	+ nr_args = btf_type_vlen(proto_type);
	3722	+ for (i = 0; i < nr_args; i++) {
	3723	+ if (!args[i].name_off && args[i].type) {
	3724	+ btf_verifier_log_type(env, t, "Invalid arg#%u", i + 1);
	3725	+ return -EINVAL;
	3726	+ }
	3727	+ }
	3728	+
	3729	+ return 0;
	3730	+}
1864	3731
1865	3732	static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS] = {
1866	3733	[BTF_KIND_INT] = &int_ops,
..	..	@@ -1874,6 +3741,10 @@
1874	3741	[BTF_KIND_VOLATILE] = &modifier_ops,
1875	3742	[BTF_KIND_CONST] = &modifier_ops,
1876	3743	[BTF_KIND_RESTRICT] = &modifier_ops,
	3744	+ [BTF_KIND_FUNC] = &func_ops,
	3745	+ [BTF_KIND_FUNC_PROTO] = &func_proto_ops,
	3746	+ [BTF_KIND_VAR] = &var_ops,
	3747	+ [BTF_KIND_DATASEC] = &datasec_ops,
1877	3748	};
1878	3749
1879	3750	static s32 btf_check_meta(struct btf_verifier_env *env,
..	..	@@ -1945,30 +3816,6 @@
1945	3816	return 0;
1946	3817	}
1947	3818
1948		-static int btf_resolve(struct btf_verifier_env *env,
1949		- const struct btf_type *t, u32 type_id)
1950		-{
1951		- const struct resolve_vertex *v;
1952		- int err = 0;
1953		-
1954		- env->resolve_mode = RESOLVE_TBD;
1955		- env_stack_push(env, t, type_id);
1956		- while (!err && (v = env_stack_peak(env))) {
1957		- env->log_type_id = v->type_id;
1958		- err = btf_type_ops(v->t)->resolve(env, v);
1959		- }
1960		-
1961		- env->log_type_id = type_id;
1962		- if (err == -E2BIG)
1963		- btf_verifier_log_type(env, t,
1964		- "Exceeded max resolving depth:%u",
1965		- MAX_RESOLVE_DEPTH);
1966		- else if (err == -EEXIST)
1967		- btf_verifier_log_type(env, t, "Loop detected");
1968		-
1969		- return err;
1970		-}
1971		-
1972	3819	static bool btf_resolve_valid(struct btf_verifier_env *env,
1973	3820	const struct btf_type *t,
1974	3821	u32 type_id)
..	..	@@ -1978,13 +3825,17 @@
1978	3825	if (!env_type_is_resolved(env, type_id))
1979	3826	return false;
1980	3827
1981		- if (btf_type_is_struct(t))
	3828	+ if (btf_type_is_struct(t) \|\| btf_type_is_datasec(t))
1982	3829	return !btf->resolved_ids[type_id] &&
1983		- !btf->resolved_sizes[type_id];
	3830	+ !btf->resolved_sizes[type_id];
1984	3831
1985		- if (btf_type_is_modifier(t) \|\| btf_type_is_ptr(t)) {
	3832	+ if (btf_type_is_modifier(t) \|\| btf_type_is_ptr(t) \|\|
	3833	+ btf_type_is_var(t)) {
1986	3834	t = btf_type_id_resolve(btf, &type_id);
1987		- return t && !btf_type_is_modifier(t);
	3835	+ return t &&
	3836	+ !btf_type_is_modifier(t) &&
	3837	+ !btf_type_is_var(t) &&
	3838	+ !btf_type_is_datasec(t);
1988	3839	}
1989	3840
1990	3841	if (btf_type_is_array(t)) {
..	..	@@ -2000,6 +3851,39 @@
2000	3851	}
2001	3852
2002	3853	return false;
	3854	+}
	3855	+
	3856	+static int btf_resolve(struct btf_verifier_env *env,
	3857	+ const struct btf_type *t, u32 type_id)
	3858	+{
	3859	+ u32 save_log_type_id = env->log_type_id;
	3860	+ const struct resolve_vertex *v;
	3861	+ int err = 0;
	3862	+
	3863	+ env->resolve_mode = RESOLVE_TBD;
	3864	+ env_stack_push(env, t, type_id);
	3865	+ while (!err && (v = env_stack_peak(env))) {
	3866	+ env->log_type_id = v->type_id;
	3867	+ err = btf_type_ops(v->t)->resolve(env, v);
	3868	+ }
	3869	+
	3870	+ env->log_type_id = type_id;
	3871	+ if (err == -E2BIG) {
	3872	+ btf_verifier_log_type(env, t,
	3873	+ "Exceeded max resolving depth:%u",
	3874	+ MAX_RESOLVE_DEPTH);
	3875	+ } else if (err == -EEXIST) {
	3876	+ btf_verifier_log_type(env, t, "Loop detected");
	3877	+ }
	3878	+
	3879	+ /* Final sanity check */
	3880	+ if (!err && !btf_resolve_valid(env, t, type_id)) {
	3881	+ btf_verifier_log_type(env, t, "Invalid resolve state");
	3882	+ err = -EINVAL;
	3883	+ }
	3884	+
	3885	+ env->log_type_id = save_log_type_id;
	3886	+ return err;
2003	3887	}
2004	3888
2005	3889	static int btf_check_all_types(struct btf_verifier_env *env)
..	..	@@ -2024,10 +3908,16 @@
2024	3908	return err;
2025	3909	}
2026	3910
2027		- if (btf_type_needs_resolve(t) &&
2028		- !btf_resolve_valid(env, t, type_id)) {
2029		- btf_verifier_log_type(env, t, "Invalid resolve state");
2030		- return -EINVAL;
	3911	+ if (btf_type_is_func_proto(t)) {
	3912	+ err = btf_func_proto_check(env, t);
	3913	+ if (err)
	3914	+ return err;
	3915	+ }
	3916	+
	3917	+ if (btf_type_is_func(t)) {
	3918	+ err = btf_func_check(env, t);
	3919	+ if (err)
	3920	+ return err;
2031	3921	}
2032	3922	}
2033	3923
..	..	@@ -2190,9 +4080,6 @@
2190	4080
2191	4081	hdr = &btf->hdr;
2192	4082
2193		- if (hdr->hdr_len != hdr_len)
2194		- return -EINVAL;
2195		-
2196	4083	btf_verifier_log_hdr(env, btf_data_size);
2197	4084
2198	4085	if (hdr->magic != BTF_MAGIC) {
..	..	@@ -2248,8 +4135,7 @@
2248	4135	log->len_total = log_size;
2249	4136
2250	4137	/* log attributes have to be sane */
2251		- if (log->len_total < 128 \|\| log->len_total > UINT_MAX >> 8 \|\|
2252		- !log->level \|\| !log->ubuf) {
	4138	+ if (!bpf_verifier_log_attr_valid(log)) {
2253	4139	err = -EINVAL;
2254	4140	goto errout;
2255	4141	}
..	..	@@ -2306,13 +4192,1232 @@
2306	4192	return ERR_PTR(err);
2307	4193	}
2308	4194
2309		-void btf_type_seq_show(const struct btf btf, u32 type_id, void obj,
2310		- struct seq_file *m)
	4195	+extern char __weak __start_BTF[];
	4196	+extern char __weak __stop_BTF[];
	4197	+extern struct btf *btf_vmlinux;
	4198	+
	4199	+#define BPF_MAP_TYPE(_id, _ops)
	4200	+#define BPF_LINK_TYPE(_id, _name)
	4201	+static union {
	4202	+ struct bpf_ctx_convert {
	4203	+#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
	4204	+ prog_ctx_type _id##_prog; \
	4205	+ kern_ctx_type _id##_kern;
	4206	+#include <linux/bpf_types.h>
	4207	+#undef BPF_PROG_TYPE
	4208	+ } *__t;
	4209	+ /* 't' is written once under lock. Read many times. */
	4210	+ const struct btf_type *t;
	4211	+} bpf_ctx_convert;
	4212	+enum {
	4213	+#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
	4214	+ __ctx_convert##_id,
	4215	+#include <linux/bpf_types.h>
	4216	+#undef BPF_PROG_TYPE
	4217	+ __ctx_convert_unused, /* to avoid empty enum in extreme .config */
	4218	+};
	4219	+static u8 bpf_ctx_convert_map[] = {
	4220	+#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) \
	4221	+ [_id] = __ctx_convert##_id,
	4222	+#include <linux/bpf_types.h>
	4223	+#undef BPF_PROG_TYPE
	4224	+ 0, /* avoid empty array */
	4225	+};
	4226	+#undef BPF_MAP_TYPE
	4227	+#undef BPF_LINK_TYPE
	4228	+
	4229	+static const struct btf_member *
	4230	+btf_get_prog_ctx_type(struct bpf_verifier_log log, struct btf btf,
	4231	+ const struct btf_type *t, enum bpf_prog_type prog_type,
	4232	+ int arg)
	4233	+{
	4234	+ const struct btf_type *conv_struct;
	4235	+ const struct btf_type *ctx_struct;
	4236	+ const struct btf_member *ctx_type;
	4237	+ const char tname, ctx_tname;
	4238	+
	4239	+ conv_struct = bpf_ctx_convert.t;
	4240	+ if (!conv_struct) {
	4241	+ bpf_log(log, "btf_vmlinux is malformed\n");
	4242	+ return NULL;
	4243	+ }
	4244	+ t = btf_type_by_id(btf, t->type);
	4245	+ while (btf_type_is_modifier(t))
	4246	+ t = btf_type_by_id(btf, t->type);
	4247	+ if (!btf_type_is_struct(t)) {
	4248	+ /* Only pointer to struct is supported for now.
	4249	+ * That means that BPF_PROG_TYPE_TRACEPOINT with BTF
	4250	+ * is not supported yet.
	4251	+ * BPF_PROG_TYPE_RAW_TRACEPOINT is fine.
	4252	+ */
	4253	+ if (log->level & BPF_LOG_LEVEL)
	4254	+ bpf_log(log, "arg#%d type is not a struct\n", arg);
	4255	+ return NULL;
	4256	+ }
	4257	+ tname = btf_name_by_offset(btf, t->name_off);
	4258	+ if (!tname) {
	4259	+ bpf_log(log, "arg#%d struct doesn't have a name\n", arg);
	4260	+ return NULL;
	4261	+ }
	4262	+ /* prog_type is valid bpf program type. No need for bounds check. */
	4263	+ ctx_type = btf_type_member(conv_struct) + bpf_ctx_convert_map[prog_type] * 2;
	4264	+ /* ctx_struct is a pointer to prog_ctx_type in vmlinux.
	4265	+ * Like 'struct __sk_buff'
	4266	+ */
	4267	+ ctx_struct = btf_type_by_id(btf_vmlinux, ctx_type->type);
	4268	+ if (!ctx_struct)
	4269	+ /* should not happen */
	4270	+ return NULL;
	4271	+ ctx_tname = btf_name_by_offset(btf_vmlinux, ctx_struct->name_off);
	4272	+ if (!ctx_tname) {
	4273	+ /* should not happen */
	4274	+ bpf_log(log, "Please fix kernel include/linux/bpf_types.h\n");
	4275	+ return NULL;
	4276	+ }
	4277	+ /* only compare that prog's ctx type name is the same as
	4278	+ * kernel expects. No need to compare field by field.
	4279	+ * It's ok for bpf prog to do:
	4280	+ * struct __sk_buff {};
	4281	+ * int socket_filter_bpf_prog(struct __sk_buff *skb)
	4282	+ * { // no fields of skb are ever used }
	4283	+ */
	4284	+ if (strcmp(ctx_tname, tname))
	4285	+ return NULL;
	4286	+ return ctx_type;
	4287	+}
	4288	+
	4289	+static const struct bpf_map_ops * const btf_vmlinux_map_ops[] = {
	4290	+#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
	4291	+#define BPF_LINK_TYPE(_id, _name)
	4292	+#define BPF_MAP_TYPE(_id, _ops) \
	4293	+ [_id] = &_ops,
	4294	+#include <linux/bpf_types.h>
	4295	+#undef BPF_PROG_TYPE
	4296	+#undef BPF_LINK_TYPE
	4297	+#undef BPF_MAP_TYPE
	4298	+};
	4299	+
	4300	+static int btf_vmlinux_map_ids_init(const struct btf *btf,
	4301	+ struct bpf_verifier_log *log)
	4302	+{
	4303	+ const struct bpf_map_ops *ops;
	4304	+ int i, btf_id;
	4305	+
	4306	+ for (i = 0; i < ARRAY_SIZE(btf_vmlinux_map_ops); ++i) {
	4307	+ ops = btf_vmlinux_map_ops[i];
	4308	+ if (!ops \|\| (!ops->map_btf_name && !ops->map_btf_id))
	4309	+ continue;
	4310	+ if (!ops->map_btf_name \|\| !ops->map_btf_id) {
	4311	+ bpf_log(log, "map type %d is misconfigured\n", i);
	4312	+ return -EINVAL;
	4313	+ }
	4314	+ btf_id = btf_find_by_name_kind(btf, ops->map_btf_name,
	4315	+ BTF_KIND_STRUCT);
	4316	+ if (btf_id < 0)
	4317	+ return btf_id;
	4318	+ *ops->map_btf_id = btf_id;
	4319	+ }
	4320	+
	4321	+ return 0;
	4322	+}
	4323	+
	4324	+static int btf_translate_to_vmlinux(struct bpf_verifier_log *log,
	4325	+ struct btf *btf,
	4326	+ const struct btf_type *t,
	4327	+ enum bpf_prog_type prog_type,
	4328	+ int arg)
	4329	+{
	4330	+ const struct btf_member prog_ctx_type, kern_ctx_type;
	4331	+
	4332	+ prog_ctx_type = btf_get_prog_ctx_type(log, btf, t, prog_type, arg);
	4333	+ if (!prog_ctx_type)
	4334	+ return -ENOENT;
	4335	+ kern_ctx_type = prog_ctx_type + 1;
	4336	+ return kern_ctx_type->type;
	4337	+}
	4338	+
	4339	+BTF_ID_LIST(bpf_ctx_convert_btf_id)
	4340	+BTF_ID(struct, bpf_ctx_convert)
	4341	+
	4342	+struct btf *btf_parse_vmlinux(void)
	4343	+{
	4344	+ struct btf_verifier_env *env = NULL;
	4345	+ struct bpf_verifier_log *log;
	4346	+ struct btf *btf = NULL;
	4347	+ int err;
	4348	+
	4349	+ env = kzalloc(sizeof(*env), GFP_KERNEL \| __GFP_NOWARN);
	4350	+ if (!env)
	4351	+ return ERR_PTR(-ENOMEM);
	4352	+
	4353	+ log = &env->log;
	4354	+ log->level = BPF_LOG_KERNEL;
	4355	+
	4356	+ btf = kzalloc(sizeof(*btf), GFP_KERNEL \| __GFP_NOWARN);
	4357	+ if (!btf) {
	4358	+ err = -ENOMEM;
	4359	+ goto errout;
	4360	+ }
	4361	+ env->btf = btf;
	4362	+
	4363	+ btf->data = __start_BTF;
	4364	+ btf->data_size = __stop_BTF - __start_BTF;
	4365	+
	4366	+ err = btf_parse_hdr(env);
	4367	+ if (err)
	4368	+ goto errout;
	4369	+
	4370	+ btf->nohdr_data = btf->data + btf->hdr.hdr_len;
	4371	+
	4372	+ err = btf_parse_str_sec(env);
	4373	+ if (err)
	4374	+ goto errout;
	4375	+
	4376	+ err = btf_check_all_metas(env);
	4377	+ if (err)
	4378	+ goto errout;
	4379	+
	4380	+ /* btf_parse_vmlinux() runs under bpf_verifier_lock */
	4381	+ bpf_ctx_convert.t = btf_type_by_id(btf, bpf_ctx_convert_btf_id[0]);
	4382	+
	4383	+ /* find bpf map structs for map_ptr access checking */
	4384	+ err = btf_vmlinux_map_ids_init(btf, log);
	4385	+ if (err < 0)
	4386	+ goto errout;
	4387	+
	4388	+ bpf_struct_ops_init(btf, log);
	4389	+
	4390	+ btf_verifier_env_free(env);
	4391	+ refcount_set(&btf->refcnt, 1);
	4392	+ return btf;
	4393	+
	4394	+errout:
	4395	+ btf_verifier_env_free(env);
	4396	+ if (btf) {
	4397	+ kvfree(btf->types);
	4398	+ kfree(btf);
	4399	+ }
	4400	+ return ERR_PTR(err);
	4401	+}
	4402	+
	4403	+struct btf bpf_prog_get_target_btf(const struct bpf_prog prog)
	4404	+{
	4405	+ struct bpf_prog *tgt_prog = prog->aux->dst_prog;
	4406	+
	4407	+ if (tgt_prog) {
	4408	+ return tgt_prog->aux->btf;
	4409	+ } else {
	4410	+ return btf_vmlinux;
	4411	+ }
	4412	+}
	4413	+
	4414	+static bool is_string_ptr(struct btf btf, const struct btf_type t)
	4415	+{
	4416	+ /* t comes in already as a pointer */
	4417	+ t = btf_type_by_id(btf, t->type);
	4418	+
	4419	+ /* allow const */
	4420	+ if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST)
	4421	+ t = btf_type_by_id(btf, t->type);
	4422	+
	4423	+ /* char, signed char, unsigned char */
	4424	+ return btf_type_is_int(t) && t->size == 1;
	4425	+}
	4426	+
	4427	+bool btf_ctx_access(int off, int size, enum bpf_access_type type,
	4428	+ const struct bpf_prog *prog,
	4429	+ struct bpf_insn_access_aux *info)
	4430	+{
	4431	+ const struct btf_type *t = prog->aux->attach_func_proto;
	4432	+ struct bpf_prog *tgt_prog = prog->aux->dst_prog;
	4433	+ struct btf *btf = bpf_prog_get_target_btf(prog);
	4434	+ const char *tname = prog->aux->attach_func_name;
	4435	+ struct bpf_verifier_log *log = info->log;
	4436	+ const struct btf_param *args;
	4437	+ u32 nr_args, arg;
	4438	+ int i, ret;
	4439	+
	4440	+ if (off % 8) {
	4441	+ bpf_log(log, "func '%s' offset %d is not multiple of 8\n",
	4442	+ tname, off);
	4443	+ return false;
	4444	+ }
	4445	+ arg = off / 8;
	4446	+ args = (const struct btf_param *)(t + 1);
	4447	+ /* if (t == NULL) Fall back to default BPF prog with 5 u64 arguments */
	4448	+ nr_args = t ? btf_type_vlen(t) : 5;
	4449	+ if (prog->aux->attach_btf_trace) {
	4450	+ /* skip first 'void __data' argument in btf_trace_##name typedef /
	4451	+ args++;
	4452	+ nr_args--;
	4453	+ }
	4454	+
	4455	+ if (arg > nr_args) {
	4456	+ bpf_log(log, "func '%s' doesn't have %d-th argument\n",
	4457	+ tname, arg + 1);
	4458	+ return false;
	4459	+ }
	4460	+
	4461	+ if (arg == nr_args) {
	4462	+ switch (prog->expected_attach_type) {
	4463	+ case BPF_LSM_MAC:
	4464	+ case BPF_TRACE_FEXIT:
	4465	+ /* When LSM programs are attached to void LSM hooks
	4466	+ * they use FEXIT trampolines and when attached to
	4467	+ * int LSM hooks, they use MODIFY_RETURN trampolines.
	4468	+ *
	4469	+ * While the LSM programs are BPF_MODIFY_RETURN-like
	4470	+ * the check:
	4471	+ *
	4472	+ * if (ret_type != 'int')
	4473	+ * return -EINVAL;
	4474	+ *
	4475	+ * is _not_ done here. This is still safe as LSM hooks
	4476	+ * have only void and int return types.
	4477	+ */
	4478	+ if (!t)
	4479	+ return true;
	4480	+ t = btf_type_by_id(btf, t->type);
	4481	+ break;
	4482	+ case BPF_MODIFY_RETURN:
	4483	+ /* For now the BPF_MODIFY_RETURN can only be attached to
	4484	+ * functions that return an int.
	4485	+ */
	4486	+ if (!t)
	4487	+ return false;
	4488	+
	4489	+ t = btf_type_skip_modifiers(btf, t->type, NULL);
	4490	+ if (!btf_type_is_small_int(t)) {
	4491	+ bpf_log(log,
	4492	+ "ret type %s not allowed for fmod_ret\n",
	4493	+ btf_kind_str[BTF_INFO_KIND(t->info)]);
	4494	+ return false;
	4495	+ }
	4496	+ break;
	4497	+ default:
	4498	+ bpf_log(log, "func '%s' doesn't have %d-th argument\n",
	4499	+ tname, arg + 1);
	4500	+ return false;
	4501	+ }
	4502	+ } else {
	4503	+ if (!t)
	4504	+ /* Default prog with 5 args */
	4505	+ return true;
	4506	+ t = btf_type_by_id(btf, args[arg].type);
	4507	+ }
	4508	+
	4509	+ /* skip modifiers */
	4510	+ while (btf_type_is_modifier(t))
	4511	+ t = btf_type_by_id(btf, t->type);
	4512	+ if (btf_type_is_small_int(t) \|\| btf_type_is_enum(t))
	4513	+ /* accessing a scalar */
	4514	+ return true;
	4515	+ if (!btf_type_is_ptr(t)) {
	4516	+ bpf_log(log,
	4517	+ "func '%s' arg%d '%s' has type %s. Only pointer access is allowed\n",
	4518	+ tname, arg,
	4519	+ __btf_name_by_offset(btf, t->name_off),
	4520	+ btf_kind_str[BTF_INFO_KIND(t->info)]);
	4521	+ return false;
	4522	+ }
	4523	+
	4524	+ /* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */
	4525	+ for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
	4526	+ const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
	4527	+
	4528	+ if (ctx_arg_info->offset == off &&
	4529	+ (ctx_arg_info->reg_type == PTR_TO_RDONLY_BUF_OR_NULL \|\|
	4530	+ ctx_arg_info->reg_type == PTR_TO_RDWR_BUF_OR_NULL)) {
	4531	+ info->reg_type = ctx_arg_info->reg_type;
	4532	+ return true;
	4533	+ }
	4534	+ }
	4535	+
	4536	+ if (t->type == 0)
	4537	+ /* This is a pointer to void.
	4538	+ * It is the same as scalar from the verifier safety pov.
	4539	+ * No further pointer walking is allowed.
	4540	+ */
	4541	+ return true;
	4542	+
	4543	+ if (is_string_ptr(btf, t))
	4544	+ return true;
	4545	+
	4546	+ /* this is a pointer to another type */
	4547	+ for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {
	4548	+ const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i];
	4549	+
	4550	+ if (ctx_arg_info->offset == off) {
	4551	+ info->reg_type = ctx_arg_info->reg_type;
	4552	+ info->btf_id = ctx_arg_info->btf_id;
	4553	+ return true;
	4554	+ }
	4555	+ }
	4556	+
	4557	+ info->reg_type = PTR_TO_BTF_ID;
	4558	+ if (tgt_prog) {
	4559	+ enum bpf_prog_type tgt_type;
	4560	+
	4561	+ if (tgt_prog->type == BPF_PROG_TYPE_EXT)
	4562	+ tgt_type = tgt_prog->aux->saved_dst_prog_type;
	4563	+ else
	4564	+ tgt_type = tgt_prog->type;
	4565	+
	4566	+ ret = btf_translate_to_vmlinux(log, btf, t, tgt_type, arg);
	4567	+ if (ret > 0) {
	4568	+ info->btf_id = ret;
	4569	+ return true;
	4570	+ } else {
	4571	+ return false;
	4572	+ }
	4573	+ }
	4574	+
	4575	+ info->btf_id = t->type;
	4576	+ t = btf_type_by_id(btf, t->type);
	4577	+ /* skip modifiers */
	4578	+ while (btf_type_is_modifier(t)) {
	4579	+ info->btf_id = t->type;
	4580	+ t = btf_type_by_id(btf, t->type);
	4581	+ }
	4582	+ if (!btf_type_is_struct(t)) {
	4583	+ bpf_log(log,
	4584	+ "func '%s' arg%d type %s is not a struct\n",
	4585	+ tname, arg, btf_kind_str[BTF_INFO_KIND(t->info)]);
	4586	+ return false;
	4587	+ }
	4588	+ bpf_log(log, "func '%s' arg%d has btf_id %d type %s '%s'\n",
	4589	+ tname, arg, info->btf_id, btf_kind_str[BTF_INFO_KIND(t->info)],
	4590	+ __btf_name_by_offset(btf, t->name_off));
	4591	+ return true;
	4592	+}
	4593	+
	4594	+enum bpf_struct_walk_result {
	4595	+ /* < 0 error */
	4596	+ WALK_SCALAR = 0,
	4597	+ WALK_PTR,
	4598	+ WALK_STRUCT,
	4599	+};
	4600	+
	4601	+static int btf_struct_walk(struct bpf_verifier_log *log,
	4602	+ const struct btf_type *t, int off, int size,
	4603	+ u32 *next_btf_id)
	4604	+{
	4605	+ u32 i, moff, mtrue_end, msize = 0, total_nelems = 0;
	4606	+ const struct btf_type mtype, elem_type = NULL;
	4607	+ const struct btf_member *member;
	4608	+ const char tname, mname;
	4609	+ u32 vlen, elem_id, mid;
	4610	+
	4611	+again:
	4612	+ tname = __btf_name_by_offset(btf_vmlinux, t->name_off);
	4613	+ if (!btf_type_is_struct(t)) {
	4614	+ bpf_log(log, "Type '%s' is not a struct\n", tname);
	4615	+ return -EINVAL;
	4616	+ }
	4617	+
	4618	+ vlen = btf_type_vlen(t);
	4619	+ if (off + size > t->size) {
	4620	+ /* If the last element is a variable size array, we may
	4621	+ * need to relax the rule.
	4622	+ */
	4623	+ struct btf_array *array_elem;
	4624	+
	4625	+ if (vlen == 0)
	4626	+ goto error;
	4627	+
	4628	+ member = btf_type_member(t) + vlen - 1;
	4629	+ mtype = btf_type_skip_modifiers(btf_vmlinux, member->type,
	4630	+ NULL);
	4631	+ if (!btf_type_is_array(mtype))
	4632	+ goto error;
	4633	+
	4634	+ array_elem = (struct btf_array *)(mtype + 1);
	4635	+ if (array_elem->nelems != 0)
	4636	+ goto error;
	4637	+
	4638	+ moff = btf_member_bit_offset(t, member) / 8;
	4639	+ if (off < moff)
	4640	+ goto error;
	4641	+
	4642	+ /* Only allow structure for now, can be relaxed for
	4643	+ * other types later.
	4644	+ */
	4645	+ t = btf_type_skip_modifiers(btf_vmlinux, array_elem->type,
	4646	+ NULL);
	4647	+ if (!btf_type_is_struct(t))
	4648	+ goto error;
	4649	+
	4650	+ off = (off - moff) % t->size;
	4651	+ goto again;
	4652	+
	4653	+error:
	4654	+ bpf_log(log, "access beyond struct %s at off %u size %u\n",
	4655	+ tname, off, size);
	4656	+ return -EACCES;
	4657	+ }
	4658	+
	4659	+ for_each_member(i, t, member) {
	4660	+ /* offset of the field in bytes */
	4661	+ moff = btf_member_bit_offset(t, member) / 8;
	4662	+ if (off + size <= moff)
	4663	+ /* won't find anything, field is already too far */
	4664	+ break;
	4665	+
	4666	+ if (btf_member_bitfield_size(t, member)) {
	4667	+ u32 end_bit = btf_member_bit_offset(t, member) +
	4668	+ btf_member_bitfield_size(t, member);
	4669	+
	4670	+ /* off <= moff instead of off == moff because clang
	4671	+ * does not generate a BTF member for anonymous
	4672	+ * bitfield like the ":16" here:
	4673	+ * struct {
	4674	+ * int :16;
	4675	+ * int x:8;
	4676	+ * };
	4677	+ */
	4678	+ if (off <= moff &&
	4679	+ BITS_ROUNDUP_BYTES(end_bit) <= off + size)
	4680	+ return WALK_SCALAR;
	4681	+
	4682	+ /* off may be accessing a following member
	4683	+ *
	4684	+ * or
	4685	+ *
	4686	+ * Doing partial access at either end of this
	4687	+ * bitfield. Continue on this case also to
	4688	+ * treat it as not accessing this bitfield
	4689	+ * and eventually error out as field not
	4690	+ * found to keep it simple.
	4691	+ * It could be relaxed if there was a legit
	4692	+ * partial access case later.
	4693	+ */
	4694	+ continue;
	4695	+ }
	4696	+
	4697	+ /* In case of "off" is pointing to holes of a struct */
	4698	+ if (off < moff)
	4699	+ break;
	4700	+
	4701	+ /* type of the field */
	4702	+ mid = member->type;
	4703	+ mtype = btf_type_by_id(btf_vmlinux, member->type);
	4704	+ mname = __btf_name_by_offset(btf_vmlinux, member->name_off);
	4705	+
	4706	+ mtype = __btf_resolve_size(btf_vmlinux, mtype, &msize,
	4707	+ &elem_type, &elem_id, &total_nelems,
	4708	+ &mid);
	4709	+ if (IS_ERR(mtype)) {
	4710	+ bpf_log(log, "field %s doesn't have size\n", mname);
	4711	+ return -EFAULT;
	4712	+ }
	4713	+
	4714	+ mtrue_end = moff + msize;
	4715	+ if (off >= mtrue_end)
	4716	+ /* no overlap with member, keep iterating */
	4717	+ continue;
	4718	+
	4719	+ if (btf_type_is_array(mtype)) {
	4720	+ u32 elem_idx;
	4721	+
	4722	+ /* __btf_resolve_size() above helps to
	4723	+ * linearize a multi-dimensional array.
	4724	+ *
	4725	+ * The logic here is treating an array
	4726	+ * in a struct as the following way:
	4727	+ *
	4728	+ * struct outer {
	4729	+ * struct inner array[2][2];
	4730	+ * };
	4731	+ *
	4732	+ * looks like:
	4733	+ *
	4734	+ * struct outer {
	4735	+ * struct inner array_elem0;
	4736	+ * struct inner array_elem1;
	4737	+ * struct inner array_elem2;
	4738	+ * struct inner array_elem3;
	4739	+ * };
	4740	+ *
	4741	+ * When accessing outer->array[1][0], it moves
	4742	+ * moff to "array_elem2", set mtype to
	4743	+ * "struct inner", and msize also becomes
	4744	+ * sizeof(struct inner). Then most of the
	4745	+ * remaining logic will fall through without
	4746	+ * caring the current member is an array or
	4747	+ * not.
	4748	+ *
	4749	+ * Unlike mtype/msize/moff, mtrue_end does not
	4750	+ * change. The naming difference ("_true") tells
	4751	+ * that it is not always corresponding to
	4752	+ * the current mtype/msize/moff.
	4753	+ * It is the true end of the current
	4754	+ * member (i.e. array in this case). That
	4755	+ * will allow an int array to be accessed like
	4756	+ * a scratch space,
	4757	+ * i.e. allow access beyond the size of
	4758	+ * the array's element as long as it is
	4759	+ * within the mtrue_end boundary.
	4760	+ */
	4761	+
	4762	+ /* skip empty array */
	4763	+ if (moff == mtrue_end)
	4764	+ continue;
	4765	+
	4766	+ msize /= total_nelems;
	4767	+ elem_idx = (off - moff) / msize;
	4768	+ moff += elem_idx * msize;
	4769	+ mtype = elem_type;
	4770	+ mid = elem_id;
	4771	+ }
	4772	+
	4773	+ /* the 'off' we're looking for is either equal to start
	4774	+ * of this field or inside of this struct
	4775	+ */
	4776	+ if (btf_type_is_struct(mtype)) {
	4777	+ /* our field must be inside that union or struct */
	4778	+ t = mtype;
	4779	+
	4780	+ /* return if the offset matches the member offset */
	4781	+ if (off == moff) {
	4782	+ *next_btf_id = mid;
	4783	+ return WALK_STRUCT;
	4784	+ }
	4785	+
	4786	+ /* adjust offset we're looking for */
	4787	+ off -= moff;
	4788	+ goto again;
	4789	+ }
	4790	+
	4791	+ if (btf_type_is_ptr(mtype)) {
	4792	+ const struct btf_type *stype;
	4793	+ u32 id;
	4794	+
	4795	+ if (msize != size \|\| off != moff) {
	4796	+ bpf_log(log,
	4797	+ "cannot access ptr member %s with moff %u in struct %s with off %u size %u\n",
	4798	+ mname, moff, tname, off, size);
	4799	+ return -EACCES;
	4800	+ }
	4801	+ stype = btf_type_skip_modifiers(btf_vmlinux, mtype->type, &id);
	4802	+ if (btf_type_is_struct(stype)) {
	4803	+ *next_btf_id = id;
	4804	+ return WALK_PTR;
	4805	+ }
	4806	+ }
	4807	+
	4808	+ /* Allow more flexible access within an int as long as
	4809	+ * it is within mtrue_end.
	4810	+ * Since mtrue_end could be the end of an array,
	4811	+ * that also allows using an array of int as a scratch
	4812	+ * space. e.g. skb->cb[].
	4813	+ */
	4814	+ if (off + size > mtrue_end) {
	4815	+ bpf_log(log,
	4816	+ "access beyond the end of member %s (mend:%u) in struct %s with off %u size %u\n",
	4817	+ mname, mtrue_end, tname, off, size);
	4818	+ return -EACCES;
	4819	+ }
	4820	+
	4821	+ return WALK_SCALAR;
	4822	+ }
	4823	+ bpf_log(log, "struct %s doesn't have field at offset %d\n", tname, off);
	4824	+ return -EINVAL;
	4825	+}
	4826	+
	4827	+int btf_struct_access(struct bpf_verifier_log *log,
	4828	+ const struct btf_type *t, int off, int size,
	4829	+ enum bpf_access_type atype __maybe_unused,
	4830	+ u32 *next_btf_id)
	4831	+{
	4832	+ int err;
	4833	+ u32 id;
	4834	+
	4835	+ do {
	4836	+ err = btf_struct_walk(log, t, off, size, &id);
	4837	+
	4838	+ switch (err) {
	4839	+ case WALK_PTR:
	4840	+ /* If we found the pointer or scalar on t+off,
	4841	+ * we're done.
	4842	+ */
	4843	+ *next_btf_id = id;
	4844	+ return PTR_TO_BTF_ID;
	4845	+ case WALK_SCALAR:
	4846	+ return SCALAR_VALUE;
	4847	+ case WALK_STRUCT:
	4848	+ /* We found nested struct, so continue the search
	4849	+ * by diving in it. At this point the offset is
	4850	+ * aligned with the new type, so set it to 0.
	4851	+ */
	4852	+ t = btf_type_by_id(btf_vmlinux, id);
	4853	+ off = 0;
	4854	+ break;
	4855	+ default:
	4856	+ /* It's either error or unknown return value..
	4857	+ * scream and leave.
	4858	+ */
	4859	+ if (WARN_ONCE(err > 0, "unknown btf_struct_walk return value"))
	4860	+ return -EINVAL;
	4861	+ return err;
	4862	+ }
	4863	+ } while (t);
	4864	+
	4865	+ return -EINVAL;
	4866	+}
	4867	+
	4868	+bool btf_struct_ids_match(struct bpf_verifier_log *log,
	4869	+ int off, u32 id, u32 need_type_id)
	4870	+{
	4871	+ const struct btf_type *type;
	4872	+ int err;
	4873	+
	4874	+ /* Are we already done? */
	4875	+ if (need_type_id == id && off == 0)
	4876	+ return true;
	4877	+
	4878	+again:
	4879	+ type = btf_type_by_id(btf_vmlinux, id);
	4880	+ if (!type)
	4881	+ return false;
	4882	+ err = btf_struct_walk(log, type, off, 1, &id);
	4883	+ if (err != WALK_STRUCT)
	4884	+ return false;
	4885	+
	4886	+ /* We found nested struct object. If it matches
	4887	+ * the requested ID, we're done. Otherwise let's
	4888	+ * continue the search with offset 0 in the new
	4889	+ * type.
	4890	+ */
	4891	+ if (need_type_id != id) {
	4892	+ off = 0;
	4893	+ goto again;
	4894	+ }
	4895	+
	4896	+ return true;
	4897	+}
	4898	+
	4899	+static int __get_type_size(struct btf *btf, u32 btf_id,
	4900	+ const struct btf_type **bad_type)
	4901	+{
	4902	+ const struct btf_type *t;
	4903	+
	4904	+ if (!btf_id)
	4905	+ /* void */
	4906	+ return 0;
	4907	+ t = btf_type_by_id(btf, btf_id);
	4908	+ while (t && btf_type_is_modifier(t))
	4909	+ t = btf_type_by_id(btf, t->type);
	4910	+ if (!t) {
	4911	+ *bad_type = btf->types[0];
	4912	+ return -EINVAL;
	4913	+ }
	4914	+ if (btf_type_is_ptr(t))
	4915	+ /* kernel size of pointer. Not BPF's size of pointer*/
	4916	+ return sizeof(void *);
	4917	+ if (btf_type_is_int(t) \|\| btf_type_is_enum(t))
	4918	+ return t->size;
	4919	+ *bad_type = t;
	4920	+ return -EINVAL;
	4921	+}
	4922	+
	4923	+int btf_distill_func_proto(struct bpf_verifier_log *log,
	4924	+ struct btf *btf,
	4925	+ const struct btf_type *func,
	4926	+ const char *tname,
	4927	+ struct btf_func_model *m)
	4928	+{
	4929	+ const struct btf_param *args;
	4930	+ const struct btf_type *t;
	4931	+ u32 i, nargs;
	4932	+ int ret;
	4933	+
	4934	+ if (!func) {
	4935	+ /* BTF function prototype doesn't match the verifier types.
	4936	+ * Fall back to 5 u64 args.
	4937	+ */
	4938	+ for (i = 0; i < 5; i++)
	4939	+ m->arg_size[i] = 8;
	4940	+ m->ret_size = 8;
	4941	+ m->nr_args = 5;
	4942	+ return 0;
	4943	+ }
	4944	+ args = (const struct btf_param *)(func + 1);
	4945	+ nargs = btf_type_vlen(func);
	4946	+ if (nargs >= MAX_BPF_FUNC_ARGS) {
	4947	+ bpf_log(log,
	4948	+ "The function %s has %d arguments. Too many.\n",
	4949	+ tname, nargs);
	4950	+ return -EINVAL;
	4951	+ }
	4952	+ ret = __get_type_size(btf, func->type, &t);
	4953	+ if (ret < 0) {
	4954	+ bpf_log(log,
	4955	+ "The function %s return type %s is unsupported.\n",
	4956	+ tname, btf_kind_str[BTF_INFO_KIND(t->info)]);
	4957	+ return -EINVAL;
	4958	+ }
	4959	+ m->ret_size = ret;
	4960	+
	4961	+ for (i = 0; i < nargs; i++) {
	4962	+ if (i == nargs - 1 && args[i].type == 0) {
	4963	+ bpf_log(log,
	4964	+ "The function %s with variable args is unsupported.\n",
	4965	+ tname);
	4966	+ return -EINVAL;
	4967	+ }
	4968	+ ret = __get_type_size(btf, args[i].type, &t);
	4969	+ if (ret < 0) {
	4970	+ bpf_log(log,
	4971	+ "The function %s arg%d type %s is unsupported.\n",
	4972	+ tname, i, btf_kind_str[BTF_INFO_KIND(t->info)]);
	4973	+ return -EINVAL;
	4974	+ }
	4975	+ if (ret == 0) {
	4976	+ bpf_log(log,
	4977	+ "The function %s has malformed void argument.\n",
	4978	+ tname);
	4979	+ return -EINVAL;
	4980	+ }
	4981	+ m->arg_size[i] = ret;
	4982	+ }
	4983	+ m->nr_args = nargs;
	4984	+ return 0;
	4985	+}
	4986	+
	4987	+/* Compare BTFs of two functions assuming only scalars and pointers to context.
	4988	+ * t1 points to BTF_KIND_FUNC in btf1
	4989	+ * t2 points to BTF_KIND_FUNC in btf2
	4990	+ * Returns:
	4991	+ * EINVAL - function prototype mismatch
	4992	+ * EFAULT - verifier bug
	4993	+ * 0 - 99% match. The last 1% is validated by the verifier.
	4994	+ */
	4995	+static int btf_check_func_type_match(struct bpf_verifier_log *log,
	4996	+ struct btf btf1, const struct btf_type t1,
	4997	+ struct btf btf2, const struct btf_type t2)
	4998	+{
	4999	+ const struct btf_param args1, args2;
	5000	+ const char fn1, fn2, s1, s2;
	5001	+ u32 nargs1, nargs2, i;
	5002	+
	5003	+ fn1 = btf_name_by_offset(btf1, t1->name_off);
	5004	+ fn2 = btf_name_by_offset(btf2, t2->name_off);
	5005	+
	5006	+ if (btf_func_linkage(t1) != BTF_FUNC_GLOBAL) {
	5007	+ bpf_log(log, "%s() is not a global function\n", fn1);
	5008	+ return -EINVAL;
	5009	+ }
	5010	+ if (btf_func_linkage(t2) != BTF_FUNC_GLOBAL) {
	5011	+ bpf_log(log, "%s() is not a global function\n", fn2);
	5012	+ return -EINVAL;
	5013	+ }
	5014	+
	5015	+ t1 = btf_type_by_id(btf1, t1->type);
	5016	+ if (!t1 \|\| !btf_type_is_func_proto(t1))
	5017	+ return -EFAULT;
	5018	+ t2 = btf_type_by_id(btf2, t2->type);
	5019	+ if (!t2 \|\| !btf_type_is_func_proto(t2))
	5020	+ return -EFAULT;
	5021	+
	5022	+ args1 = (const struct btf_param *)(t1 + 1);
	5023	+ nargs1 = btf_type_vlen(t1);
	5024	+ args2 = (const struct btf_param *)(t2 + 1);
	5025	+ nargs2 = btf_type_vlen(t2);
	5026	+
	5027	+ if (nargs1 != nargs2) {
	5028	+ bpf_log(log, "%s() has %d args while %s() has %d args\n",
	5029	+ fn1, nargs1, fn2, nargs2);
	5030	+ return -EINVAL;
	5031	+ }
	5032	+
	5033	+ t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
	5034	+ t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
	5035	+ if (t1->info != t2->info) {
	5036	+ bpf_log(log,
	5037	+ "Return type %s of %s() doesn't match type %s of %s()\n",
	5038	+ btf_type_str(t1), fn1,
	5039	+ btf_type_str(t2), fn2);
	5040	+ return -EINVAL;
	5041	+ }
	5042	+
	5043	+ for (i = 0; i < nargs1; i++) {
	5044	+ t1 = btf_type_skip_modifiers(btf1, args1[i].type, NULL);
	5045	+ t2 = btf_type_skip_modifiers(btf2, args2[i].type, NULL);
	5046	+
	5047	+ if (t1->info != t2->info) {
	5048	+ bpf_log(log, "arg%d in %s() is %s while %s() has %s\n",
	5049	+ i, fn1, btf_type_str(t1),
	5050	+ fn2, btf_type_str(t2));
	5051	+ return -EINVAL;
	5052	+ }
	5053	+ if (btf_type_has_size(t1) && t1->size != t2->size) {
	5054	+ bpf_log(log,
	5055	+ "arg%d in %s() has size %d while %s() has %d\n",
	5056	+ i, fn1, t1->size,
	5057	+ fn2, t2->size);
	5058	+ return -EINVAL;
	5059	+ }
	5060	+
	5061	+ /* global functions are validated with scalars and pointers
	5062	+ * to context only. And only global functions can be replaced.
	5063	+ * Hence type check only those types.
	5064	+ */
	5065	+ if (btf_type_is_int(t1) \|\| btf_type_is_enum(t1))
	5066	+ continue;
	5067	+ if (!btf_type_is_ptr(t1)) {
	5068	+ bpf_log(log,
	5069	+ "arg%d in %s() has unrecognized type\n",
	5070	+ i, fn1);
	5071	+ return -EINVAL;
	5072	+ }
	5073	+ t1 = btf_type_skip_modifiers(btf1, t1->type, NULL);
	5074	+ t2 = btf_type_skip_modifiers(btf2, t2->type, NULL);
	5075	+ if (!btf_type_is_struct(t1)) {
	5076	+ bpf_log(log,
	5077	+ "arg%d in %s() is not a pointer to context\n",
	5078	+ i, fn1);
	5079	+ return -EINVAL;
	5080	+ }
	5081	+ if (!btf_type_is_struct(t2)) {
	5082	+ bpf_log(log,
	5083	+ "arg%d in %s() is not a pointer to context\n",
	5084	+ i, fn2);
	5085	+ return -EINVAL;
	5086	+ }
	5087	+ /* This is an optional check to make program writing easier.
	5088	+ * Compare names of structs and report an error to the user.
	5089	+ * btf_prepare_func_args() already checked that t2 struct
	5090	+ * is a context type. btf_prepare_func_args() will check
	5091	+ * later that t1 struct is a context type as well.
	5092	+ */
	5093	+ s1 = btf_name_by_offset(btf1, t1->name_off);
	5094	+ s2 = btf_name_by_offset(btf2, t2->name_off);
	5095	+ if (strcmp(s1, s2)) {
	5096	+ bpf_log(log,
	5097	+ "arg%d %s(struct %s ) doesn't match %s(struct %s )\n",
	5098	+ i, fn1, s1, fn2, s2);
	5099	+ return -EINVAL;
	5100	+ }
	5101	+ }
	5102	+ return 0;
	5103	+}
	5104	+
	5105	+/* Compare BTFs of given program with BTF of target program */
	5106	+int btf_check_type_match(struct bpf_verifier_log log, const struct bpf_prog prog,
	5107	+ struct btf btf2, const struct btf_type t2)
	5108	+{
	5109	+ struct btf *btf1 = prog->aux->btf;
	5110	+ const struct btf_type *t1;
	5111	+ u32 btf_id = 0;
	5112	+
	5113	+ if (!prog->aux->func_info) {
	5114	+ bpf_log(log, "Program extension requires BTF\n");
	5115	+ return -EINVAL;
	5116	+ }
	5117	+
	5118	+ btf_id = prog->aux->func_info[0].type_id;
	5119	+ if (!btf_id)
	5120	+ return -EFAULT;
	5121	+
	5122	+ t1 = btf_type_by_id(btf1, btf_id);
	5123	+ if (!t1 \|\| !btf_type_is_func(t1))
	5124	+ return -EFAULT;
	5125	+
	5126	+ return btf_check_func_type_match(log, btf1, t1, btf2, t2);
	5127	+}
	5128	+
	5129	+/* Compare BTF of a function with given bpf_reg_state.
	5130	+ * Returns:
	5131	+ * EFAULT - there is a verifier bug. Abort verification.
	5132	+ * EINVAL - there is a type mismatch or BTF is not available.
	5133	+ * 0 - BTF matches with what bpf_reg_state expects.
	5134	+ * Only PTR_TO_CTX and SCALAR_VALUE states are recognized.
	5135	+ */
	5136	+int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog,
	5137	+ struct bpf_reg_state *reg)
	5138	+{
	5139	+ struct bpf_verifier_log *log = &env->log;
	5140	+ struct bpf_prog *prog = env->prog;
	5141	+ struct btf *btf = prog->aux->btf;
	5142	+ const struct btf_param *args;
	5143	+ const struct btf_type *t;
	5144	+ u32 i, nargs, btf_id;
	5145	+ const char *tname;
	5146	+
	5147	+ if (!prog->aux->func_info)
	5148	+ return -EINVAL;
	5149	+
	5150	+ btf_id = prog->aux->func_info[subprog].type_id;
	5151	+ if (!btf_id)
	5152	+ return -EFAULT;
	5153	+
	5154	+ if (prog->aux->func_info_aux[subprog].unreliable)
	5155	+ return -EINVAL;
	5156	+
	5157	+ t = btf_type_by_id(btf, btf_id);
	5158	+ if (!t \|\| !btf_type_is_func(t)) {
	5159	+ /* These checks were already done by the verifier while loading
	5160	+ * struct bpf_func_info
	5161	+ */
	5162	+ bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n",
	5163	+ subprog);
	5164	+ return -EFAULT;
	5165	+ }
	5166	+ tname = btf_name_by_offset(btf, t->name_off);
	5167	+
	5168	+ t = btf_type_by_id(btf, t->type);
	5169	+ if (!t \|\| !btf_type_is_func_proto(t)) {
	5170	+ bpf_log(log, "Invalid BTF of func %s\n", tname);
	5171	+ return -EFAULT;
	5172	+ }
	5173	+ args = (const struct btf_param *)(t + 1);
	5174	+ nargs = btf_type_vlen(t);
	5175	+ if (nargs > 5) {
	5176	+ bpf_log(log, "Function %s has %d > 5 args\n", tname, nargs);
	5177	+ goto out;
	5178	+ }
	5179	+ /* check that BTF function arguments match actual types that the
	5180	+ * verifier sees.
	5181	+ */
	5182	+ for (i = 0; i < nargs; i++) {
	5183	+ t = btf_type_by_id(btf, args[i].type);
	5184	+ while (btf_type_is_modifier(t))
	5185	+ t = btf_type_by_id(btf, t->type);
	5186	+ if (btf_type_is_int(t) \|\| btf_type_is_enum(t)) {
	5187	+ if (reg[i + 1].type == SCALAR_VALUE)
	5188	+ continue;
	5189	+ bpf_log(log, "R%d is not a scalar\n", i + 1);
	5190	+ goto out;
	5191	+ }
	5192	+ if (btf_type_is_ptr(t)) {
	5193	+ if (reg[i + 1].type == SCALAR_VALUE) {
	5194	+ bpf_log(log, "R%d is not a pointer\n", i + 1);
	5195	+ goto out;
	5196	+ }
	5197	+ /* If function expects ctx type in BTF check that caller
	5198	+ * is passing PTR_TO_CTX.
	5199	+ */
	5200	+ if (btf_get_prog_ctx_type(log, btf, t, prog->type, i)) {
	5201	+ if (reg[i + 1].type != PTR_TO_CTX) {
	5202	+ bpf_log(log,
	5203	+ "arg#%d expected pointer to ctx, but got %s\n",
	5204	+ i, btf_kind_str[BTF_INFO_KIND(t->info)]);
	5205	+ goto out;
	5206	+ }
	5207	+ if (check_ctx_reg(env, &reg[i + 1], i + 1))
	5208	+ goto out;
	5209	+ continue;
	5210	+ }
	5211	+ }
	5212	+ bpf_log(log, "Unrecognized arg#%d type %s\n",
	5213	+ i, btf_kind_str[BTF_INFO_KIND(t->info)]);
	5214	+ goto out;
	5215	+ }
	5216	+ return 0;
	5217	+out:
	5218	+ /* Compiler optimizations can remove arguments from static functions
	5219	+ * or mismatched type can be passed into a global function.
	5220	+ * In such cases mark the function as unreliable from BTF point of view.
	5221	+ */
	5222	+ prog->aux->func_info_aux[subprog].unreliable = true;
	5223	+ return -EINVAL;
	5224	+}
	5225	+
	5226	+/* Convert BTF of a function into bpf_reg_state if possible
	5227	+ * Returns:
	5228	+ * EFAULT - there is a verifier bug. Abort verification.
	5229	+ * EINVAL - cannot convert BTF.
	5230	+ * 0 - Successfully converted BTF into bpf_reg_state
	5231	+ * (either PTR_TO_CTX or SCALAR_VALUE).
	5232	+ */
	5233	+int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog,
	5234	+ struct bpf_reg_state *reg)
	5235	+{
	5236	+ struct bpf_verifier_log *log = &env->log;
	5237	+ struct bpf_prog *prog = env->prog;
	5238	+ enum bpf_prog_type prog_type = prog->type;
	5239	+ struct btf *btf = prog->aux->btf;
	5240	+ const struct btf_param *args;
	5241	+ const struct btf_type *t;
	5242	+ u32 i, nargs, btf_id;
	5243	+ const char *tname;
	5244	+
	5245	+ if (!prog->aux->func_info \|\|
	5246	+ prog->aux->func_info_aux[subprog].linkage != BTF_FUNC_GLOBAL) {
	5247	+ bpf_log(log, "Verifier bug\n");
	5248	+ return -EFAULT;
	5249	+ }
	5250	+
	5251	+ btf_id = prog->aux->func_info[subprog].type_id;
	5252	+ if (!btf_id) {
	5253	+ bpf_log(log, "Global functions need valid BTF\n");
	5254	+ return -EFAULT;
	5255	+ }
	5256	+
	5257	+ t = btf_type_by_id(btf, btf_id);
	5258	+ if (!t \|\| !btf_type_is_func(t)) {
	5259	+ /* These checks were already done by the verifier while loading
	5260	+ * struct bpf_func_info
	5261	+ */
	5262	+ bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n",
	5263	+ subprog);
	5264	+ return -EFAULT;
	5265	+ }
	5266	+ tname = btf_name_by_offset(btf, t->name_off);
	5267	+
	5268	+ if (log->level & BPF_LOG_LEVEL)
	5269	+ bpf_log(log, "Validating %s() func#%d...\n",
	5270	+ tname, subprog);
	5271	+
	5272	+ if (prog->aux->func_info_aux[subprog].unreliable) {
	5273	+ bpf_log(log, "Verifier bug in function %s()\n", tname);
	5274	+ return -EFAULT;
	5275	+ }
	5276	+ if (prog_type == BPF_PROG_TYPE_EXT)
	5277	+ prog_type = prog->aux->dst_prog->type;
	5278	+
	5279	+ t = btf_type_by_id(btf, t->type);
	5280	+ if (!t \|\| !btf_type_is_func_proto(t)) {
	5281	+ bpf_log(log, "Invalid type of function %s()\n", tname);
	5282	+ return -EFAULT;
	5283	+ }
	5284	+ args = (const struct btf_param *)(t + 1);
	5285	+ nargs = btf_type_vlen(t);
	5286	+ if (nargs > 5) {
	5287	+ bpf_log(log, "Global function %s() with %d > 5 args. Buggy compiler.\n",
	5288	+ tname, nargs);
	5289	+ return -EINVAL;
	5290	+ }
	5291	+ /* check that function returns int */
	5292	+ t = btf_type_by_id(btf, t->type);
	5293	+ while (btf_type_is_modifier(t))
	5294	+ t = btf_type_by_id(btf, t->type);
	5295	+ if (!btf_type_is_int(t) && !btf_type_is_enum(t)) {
	5296	+ bpf_log(log,
	5297	+ "Global function %s() doesn't return scalar. Only those are supported.\n",
	5298	+ tname);
	5299	+ return -EINVAL;
	5300	+ }
	5301	+ /* Convert BTF function arguments into verifier types.
	5302	+ * Only PTR_TO_CTX and SCALAR are supported atm.
	5303	+ */
	5304	+ for (i = 0; i < nargs; i++) {
	5305	+ t = btf_type_by_id(btf, args[i].type);
	5306	+ while (btf_type_is_modifier(t))
	5307	+ t = btf_type_by_id(btf, t->type);
	5308	+ if (btf_type_is_int(t) \|\| btf_type_is_enum(t)) {
	5309	+ reg[i + 1].type = SCALAR_VALUE;
	5310	+ continue;
	5311	+ }
	5312	+ if (btf_type_is_ptr(t) &&
	5313	+ btf_get_prog_ctx_type(log, btf, t, prog_type, i)) {
	5314	+ reg[i + 1].type = PTR_TO_CTX;
	5315	+ continue;
	5316	+ }
	5317	+ bpf_log(log, "Arg#%d type %s in %s() is not supported yet.\n",
	5318	+ i, btf_kind_str[BTF_INFO_KIND(t->info)], tname);
	5319	+ return -EINVAL;
	5320	+ }
	5321	+ return 0;
	5322	+}
	5323	+
	5324	+static void btf_type_show(const struct btf btf, u32 type_id, void obj,
	5325	+ struct btf_show *show)
2311	5326	{
2312	5327	const struct btf_type *t = btf_type_by_id(btf, type_id);
2313	5328
2314		- btf_type_ops(t)->seq_show(btf, t, type_id, obj, 0, m);
	5329	+ show->btf = btf;
	5330	+ memset(&show->state, 0, sizeof(show->state));
	5331	+ memset(&show->obj, 0, sizeof(show->obj));
	5332	+
	5333	+ btf_type_ops(t)->show(btf, t, type_id, obj, 0, show);
2315	5334	}
	5335	+
	5336	+static void btf_seq_show(struct btf_show show, const char fmt,
	5337	+ va_list args)
	5338	+{
	5339	+ seq_vprintf((struct seq_file *)show->target, fmt, args);
	5340	+}
	5341	+
	5342	+int btf_type_seq_show_flags(const struct btf *btf, u32 type_id,
	5343	+ void obj, struct seq_file m, u64 flags)
	5344	+{
	5345	+ struct btf_show sseq;
	5346	+
	5347	+ sseq.target = m;
	5348	+ sseq.showfn = btf_seq_show;
	5349	+ sseq.flags = flags;
	5350	+
	5351	+ btf_type_show(btf, type_id, obj, &sseq);
	5352	+
	5353	+ return sseq.state.status;
	5354	+}
	5355	+
	5356	+void btf_type_seq_show(const struct btf btf, u32 type_id, void obj,
	5357	+ struct seq_file *m)
	5358	+{
	5359	+ (void) btf_type_seq_show_flags(btf, type_id, obj, m,
	5360	+ BTF_SHOW_NONAME \| BTF_SHOW_COMPACT \|
	5361	+ BTF_SHOW_ZERO \| BTF_SHOW_UNSAFE);
	5362	+}
	5363	+
	5364	+struct btf_show_snprintf {
	5365	+ struct btf_show show;
	5366	+ int len_left; /* space left in string */
	5367	+ int len; /* length we would have written */
	5368	+};
	5369	+
	5370	+static void btf_snprintf_show(struct btf_show show, const char fmt,
	5371	+ va_list args)
	5372	+{
	5373	+ struct btf_show_snprintf ssnprintf = (struct btf_show_snprintf )show;
	5374	+ int len;
	5375	+
	5376	+ len = vsnprintf(show->target, ssnprintf->len_left, fmt, args);
	5377	+
	5378	+ if (len < 0) {
	5379	+ ssnprintf->len_left = 0;
	5380	+ ssnprintf->len = len;
	5381	+ } else if (len > ssnprintf->len_left) {
	5382	+ /* no space, drive on to get length we would have written */
	5383	+ ssnprintf->len_left = 0;
	5384	+ ssnprintf->len += len;
	5385	+ } else {
	5386	+ ssnprintf->len_left -= len;
	5387	+ ssnprintf->len += len;
	5388	+ show->target += len;
	5389	+ }
	5390	+}
	5391	+
	5392	+int btf_type_snprintf_show(const struct btf btf, u32 type_id, void obj,
	5393	+ char *buf, int len, u64 flags)
	5394	+{
	5395	+ struct btf_show_snprintf ssnprintf;
	5396	+
	5397	+ ssnprintf.show.target = buf;
	5398	+ ssnprintf.show.flags = flags;
	5399	+ ssnprintf.show.showfn = btf_snprintf_show;
	5400	+ ssnprintf.len_left = len;
	5401	+ ssnprintf.len = 0;
	5402	+
	5403	+ btf_type_show(btf, type_id, obj, (struct btf_show *)&ssnprintf);
	5404	+
	5405	+ /* If we encontered an error, return it. */
	5406	+ if (ssnprintf.show.state.status)
	5407	+ return ssnprintf.show.state.status;
	5408	+
	5409	+ /* Otherwise return length we would have written */
	5410	+ return ssnprintf.len;
	5411	+}
	5412	+
	5413	+#ifdef CONFIG_PROC_FS
	5414	+static void bpf_btf_show_fdinfo(struct seq_file m, struct file filp)
	5415	+{
	5416	+ const struct btf *btf = filp->private_data;
	5417	+
	5418	+ seq_printf(m, "btf_id:\t%u\n", btf->id);
	5419	+}
	5420	+#endif
2316	5421
2317	5422	static int btf_release(struct inode inode, struct file filp)
2318	5423	{
..	..	@@ -2321,6 +5426,9 @@
2321	5426	}
2322	5427
2323	5428	const struct file_operations btf_fops = {
	5429	+#ifdef CONFIG_PROC_FS
	5430	+ .show_fdinfo = bpf_btf_show_fdinfo,
	5431	+#endif
2324	5432	.release = btf_release,
2325	5433	};
2326	5434
..	..	@@ -2439,3 +5547,15 @@
2439	5547	{
2440	5548	return btf->id;
2441	5549	}
	5550	+
	5551	+static int btf_id_cmp_func(const void a, const void b)
	5552	+{
	5553	+ const int pa = a, pb = b;
	5554	+
	5555	+ return pa - pb;
	5556	+}
	5557	+
	5558	+bool btf_id_set_contains(const struct btf_id_set *set, u32 id)
	5559	+{
	5560	+ return bsearch(&id, set->ids, set->cnt, sizeof(u32), btf_id_cmp_func) != NULL;
	5561	+}