Gitiles
Code Review Sign In
192.168.1.100 / T800 / ae7cf9c1566c697c2ba616a120c7ff3e90d20dfd / . / src / kernel / linux / v4.19 / security / apparmor / match.c
blob: 55f2ee505a019411de885560a5e80f79a23d0e5b [file] [log] [blame]
xjb04a4022021-11-25 15:01:52 +0800[diff] [blame]1/*
2 * AppArmor security module
3 *
4 * This file contains AppArmor dfa based regular expression matching engine
5 *
6 * Copyright (C) 1998-2008 Novell/SUSE
7 * Copyright 2009-2012 Canonical Ltd.
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15#include <linux/errno.h>
16#include <linux/kernel.h>
17#include <linux/mm.h>
18#include <linux/slab.h>
19#include <linux/vmalloc.h>
20#include <linux/err.h>
21#include <linux/kref.h>
22
23#include "include/lib.h"
24#include "include/match.h"
25
26#define base_idx(X) ((X) & 0xffffff)
27
28static char nulldfa_src[] = {
29 #include "nulldfa.in"
30};
31struct aa_dfa *nulldfa;
32
33static char stacksplitdfa_src[] = {
34 #include "stacksplitdfa.in"
35};
36struct aa_dfa *stacksplitdfa;
37
38int aa_setup_dfa_engine(void)
39{
40 int error;
41
42 nulldfa = aa_dfa_unpack(nulldfa_src, sizeof(nulldfa_src),
43 TO_ACCEPT1_FLAG(YYTD_DATA32) |
44 TO_ACCEPT2_FLAG(YYTD_DATA32));
45 if (IS_ERR(nulldfa)) {
46 error = PTR_ERR(nulldfa);
47 nulldfa = NULL;
48 return error;
49 }
50
51 stacksplitdfa = aa_dfa_unpack(stacksplitdfa_src,
52 sizeof(stacksplitdfa_src),
53 TO_ACCEPT1_FLAG(YYTD_DATA32) |
54 TO_ACCEPT2_FLAG(YYTD_DATA32));
55 if (IS_ERR(stacksplitdfa)) {
56 aa_put_dfa(nulldfa);
57 nulldfa = NULL;
58 error = PTR_ERR(stacksplitdfa);
59 stacksplitdfa = NULL;
60 return error;
61 }
62
63 return 0;
64}
65
66void aa_teardown_dfa_engine(void)
67{
68 aa_put_dfa(stacksplitdfa);
69 aa_put_dfa(nulldfa);
70}
71
72/**
73 * unpack_table - unpack a dfa table (one of accept, default, base, next check)
74 * @blob: data to unpack (NOT NULL)
75 * @bsize: size of blob
76 *
77 * Returns: pointer to table else NULL on failure
78 *
79 * NOTE: must be freed by kvfree (not kfree)
80 */
81static struct table_header *unpack_table(char *blob, size_t bsize)
82{
83 struct table_header *table = NULL;
84 struct table_header th;
85 size_t tsize;
86
87 if (bsize < sizeof(struct table_header))
88 goto out;
89
90 /* loaded td_id's start at 1, subtract 1 now to avoid doing
91 * it every time we use td_id as an index
92 */
93 th.td_id = be16_to_cpu(*(__be16 *) (blob)) - 1;
94 if (th.td_id > YYTD_ID_MAX)
95 goto out;
96 th.td_flags = be16_to_cpu(*(__be16 *) (blob + 2));
97 th.td_lolen = be32_to_cpu(*(__be32 *) (blob + 8));
98 blob += sizeof(struct table_header);
99
100 if (!(th.td_flags == YYTD_DATA16 || th.td_flags == YYTD_DATA32 ||
101 th.td_flags == YYTD_DATA8))
102 goto out;
103
104 tsize = table_size(th.td_lolen, th.td_flags);
105 if (bsize < tsize)
106 goto out;
107
108 table = kvzalloc(tsize, GFP_KERNEL);
109 if (table) {
110 table->td_id = th.td_id;
111 table->td_flags = th.td_flags;
112 table->td_lolen = th.td_lolen;
113 if (th.td_flags == YYTD_DATA8)
114 UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
115 u8, u8, byte_to_byte);
116 else if (th.td_flags == YYTD_DATA16)
117 UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
118 u16, __be16, be16_to_cpu);
119 else if (th.td_flags == YYTD_DATA32)
120 UNPACK_ARRAY(table->td_data, blob, th.td_lolen,
121 u32, __be32, be32_to_cpu);
122 else
123 goto fail;
124 /* if table was vmalloced make sure the page tables are synced
125 * before it is used, as it goes live to all cpus.
126 */
127 if (is_vmalloc_addr(table))
128 vm_unmap_aliases();
129 }
130
131out:
132 return table;
133fail:
134 kvfree(table);
135 return NULL;
136}
137
138/**
139 * verify_table_headers - verify that the tables headers are as expected
140 * @tables - array of dfa tables to check (NOT NULL)
141 * @flags: flags controlling what type of accept table are acceptable
142 *
143 * Assumes dfa has gone through the first pass verification done by unpacking
144 * NOTE: this does not valid accept table values
145 *
146 * Returns: %0 else error code on failure to verify
147 */
148static int verify_table_headers(struct table_header **tables, int flags)
149{
150 size_t state_count, trans_count;
151 int error = -EPROTO;
152
153 /* check that required tables exist */
154 if (!(tables[YYTD_ID_DEF] && tables[YYTD_ID_BASE] &&
155 tables[YYTD_ID_NXT] && tables[YYTD_ID_CHK]))
156 goto out;
157
158 /* accept.size == default.size == base.size */
159 state_count = tables[YYTD_ID_BASE]->td_lolen;
160 if (ACCEPT1_FLAGS(flags)) {
161 if (!tables[YYTD_ID_ACCEPT])
162 goto out;
163 if (state_count != tables[YYTD_ID_ACCEPT]->td_lolen)
164 goto out;
165 }
166 if (ACCEPT2_FLAGS(flags)) {
167 if (!tables[YYTD_ID_ACCEPT2])
168 goto out;
169 if (state_count != tables[YYTD_ID_ACCEPT2]->td_lolen)
170 goto out;
171 }
172 if (state_count != tables[YYTD_ID_DEF]->td_lolen)
173 goto out;
174
175 /* next.size == chk.size */
176 trans_count = tables[YYTD_ID_NXT]->td_lolen;
177 if (trans_count != tables[YYTD_ID_CHK]->td_lolen)
178 goto out;
179
180 /* if equivalence classes then its table size must be 256 */
181 if (tables[YYTD_ID_EC] && tables[YYTD_ID_EC]->td_lolen != 256)
182 goto out;
183
184 error = 0;
185out:
186 return error;
187}
188
189/**
190 * verify_dfa - verify that transitions and states in the tables are in bounds.
191 * @dfa: dfa to test (NOT NULL)
192 *
193 * Assumes dfa has gone through the first pass verification done by unpacking
194 * NOTE: this does not valid accept table values
195 *
196 * Returns: %0 else error code on failure to verify
197 */
198static int verify_dfa(struct aa_dfa *dfa)
199{
200 size_t i, state_count, trans_count;
201 int error = -EPROTO;
202
203 state_count = dfa->tables[YYTD_ID_BASE]->td_lolen;
204 trans_count = dfa->tables[YYTD_ID_NXT]->td_lolen;
205 for (i = 0; i < state_count; i++) {
206 if (!(BASE_TABLE(dfa)[i] & MATCH_FLAG_DIFF_ENCODE) &&
207 (DEFAULT_TABLE(dfa)[i] >= state_count))
208 goto out;
209 if (base_idx(BASE_TABLE(dfa)[i]) + 255 >= trans_count) {
210 pr_err("AppArmor DFA next/check upper bounds error\n");
211 goto out;
212 }
213 }
214
215 for (i = 0; i < trans_count; i++) {
216 if (NEXT_TABLE(dfa)[i] >= state_count)
217 goto out;
218 if (CHECK_TABLE(dfa)[i] >= state_count)
219 goto out;
220 }
221
222 /* Now that all the other tables are verified, verify diffencoding */
223 for (i = 0; i < state_count; i++) {
224 size_t j, k;
225
226 for (j = i;
227 (BASE_TABLE(dfa)[j] & MATCH_FLAG_DIFF_ENCODE) &&
228 !(BASE_TABLE(dfa)[j] & MARK_DIFF_ENCODE);
229 j = k) {
230 k = DEFAULT_TABLE(dfa)[j];
231 if (j == k)
232 goto out;
233 if (k < j)
234 break; /* already verified */
235 BASE_TABLE(dfa)[j] |= MARK_DIFF_ENCODE;
236 }
237 }
238 error = 0;
239
240out:
241 return error;
242}
243
244/**
245 * dfa_free - free a dfa allocated by aa_dfa_unpack
246 * @dfa: the dfa to free (MAYBE NULL)
247 *
248 * Requires: reference count to dfa == 0
249 */
250static void dfa_free(struct aa_dfa *dfa)
251{
252 if (dfa) {
253 int i;
254
255 for (i = 0; i < ARRAY_SIZE(dfa->tables); i++) {
256 kvfree(dfa->tables[i]);
257 dfa->tables[i] = NULL;
258 }
259 kfree(dfa);
260 }
261}
262
263/**
264 * aa_dfa_free_kref - free aa_dfa by kref (called by aa_put_dfa)
265 * @kr: kref callback for freeing of a dfa (NOT NULL)
266 */
267void aa_dfa_free_kref(struct kref *kref)
268{
269 struct aa_dfa *dfa = container_of(kref, struct aa_dfa, count);
270 dfa_free(dfa);
271}
272
273/**
274 * aa_dfa_unpack - unpack the binary tables of a serialized dfa
275 * @blob: aligned serialized stream of data to unpack (NOT NULL)
276 * @size: size of data to unpack
277 * @flags: flags controlling what type of accept tables are acceptable
278 *
279 * Unpack a dfa that has been serialized. To find information on the dfa
280 * format look in Documentation/admin-guide/LSM/apparmor.rst
281 * Assumes the dfa @blob stream has been aligned on a 8 byte boundary
282 *
283 * Returns: an unpacked dfa ready for matching or ERR_PTR on failure
284 */
285struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags)
286{
287 int hsize;
288 int error = -ENOMEM;
289 char *data = blob;
290 struct table_header *table = NULL;
291 struct aa_dfa *dfa = kzalloc(sizeof(struct aa_dfa), GFP_KERNEL);
292 if (!dfa)
293 goto fail;
294
295 kref_init(&dfa->count);
296
297 error = -EPROTO;
298
299 /* get dfa table set header */
300 if (size < sizeof(struct table_set_header))
301 goto fail;
302
303 if (ntohl(*(__be32 *) data) != YYTH_MAGIC)
304 goto fail;
305
306 hsize = ntohl(*(__be32 *) (data + 4));
307 if (size < hsize)
308 goto fail;
309
310 dfa->flags = ntohs(*(__be16 *) (data + 12));
311 if (dfa->flags != 0 && dfa->flags != YYTH_FLAG_DIFF_ENCODE)
312 goto fail;
313
314 data += hsize;
315 size -= hsize;
316
317 while (size > 0) {
318 table = unpack_table(data, size);
319 if (!table)
320 goto fail;
321
322 switch (table->td_id) {
323 case YYTD_ID_ACCEPT:
324 if (!(table->td_flags & ACCEPT1_FLAGS(flags)))
325 goto fail;
326 break;
327 case YYTD_ID_ACCEPT2:
328 if (!(table->td_flags & ACCEPT2_FLAGS(flags)))
329 goto fail;
330 break;
331 case YYTD_ID_BASE:
332 if (table->td_flags != YYTD_DATA32)
333 goto fail;
334 break;
335 case YYTD_ID_DEF:
336 case YYTD_ID_NXT:
337 case YYTD_ID_CHK:
338 if (table->td_flags != YYTD_DATA16)
339 goto fail;
340 break;
341 case YYTD_ID_EC:
342 if (table->td_flags != YYTD_DATA8)
343 goto fail;
344 break;
345 default:
346 goto fail;
347 }
348 /* check for duplicate table entry */
349 if (dfa->tables[table->td_id])
350 goto fail;
351 dfa->tables[table->td_id] = table;
352 data += table_size(table->td_lolen, table->td_flags);
353 size -= table_size(table->td_lolen, table->td_flags);
354 table = NULL;
355 }
356 error = verify_table_headers(dfa->tables, flags);
357 if (error)
358 goto fail;
359
360 if (flags & DFA_FLAG_VERIFY_STATES) {
361 error = verify_dfa(dfa);
362 if (error)
363 goto fail;
364 }
365
366 return dfa;
367
368fail:
369 kvfree(table);
370 dfa_free(dfa);
371 return ERR_PTR(error);
372}
373
374#define match_char(state, def, base, next, check, C) \
375do { \
376 u32 b = (base)[(state)]; \
377 unsigned int pos = base_idx(b) + (C); \
378 if ((check)[pos] != (state)) { \
379 (state) = (def)[(state)]; \
380 if (b & MATCH_FLAG_DIFF_ENCODE) \
381 continue; \
382 break; \
383 } \
384 (state) = (next)[pos]; \
385 break; \
386} while (1)
387
388/**
389 * aa_dfa_match_len - traverse @dfa to find state @str stops at
390 * @dfa: the dfa to match @str against (NOT NULL)
391 * @start: the state of the dfa to start matching in
392 * @str: the string of bytes to match against the dfa (NOT NULL)
393 * @len: length of the string of bytes to match
394 *
395 * aa_dfa_match_len will match @str against the dfa and return the state it
396 * finished matching in. The final state can be used to look up the accepting
397 * label, or as the start state of a continuing match.
398 *
399 * This function will happily match again the 0 byte and only finishes
400 * when @len input is consumed.
401 *
402 * Returns: final state reached after input is consumed
403 */
404unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
405 const char *str, int len)
406{
407 u16 *def = DEFAULT_TABLE(dfa);
408 u32 *base = BASE_TABLE(dfa);
409 u16 *next = NEXT_TABLE(dfa);
410 u16 *check = CHECK_TABLE(dfa);
411 unsigned int state = start;
412
413 if (state == 0)
414 return 0;
415
416 /* current state is <state>, matching character *str */
417 if (dfa->tables[YYTD_ID_EC]) {
418 /* Equivalence class table defined */
419 u8 *equiv = EQUIV_TABLE(dfa);
420 for (; len; len--)
421 match_char(state, def, base, next, check,
422 equiv[(u8) *str++]);
423 } else {
424 /* default is direct to next state */
425 for (; len; len--)
426 match_char(state, def, base, next, check, (u8) *str++);
427 }
428
429 return state;
430}
431
432/**
433 * aa_dfa_match - traverse @dfa to find state @str stops at
434 * @dfa: the dfa to match @str against (NOT NULL)
435 * @start: the state of the dfa to start matching in
436 * @str: the null terminated string of bytes to match against the dfa (NOT NULL)
437 *
438 * aa_dfa_match will match @str against the dfa and return the state it
439 * finished matching in. The final state can be used to look up the accepting
440 * label, or as the start state of a continuing match.
441 *
442 * Returns: final state reached after input is consumed
443 */
444unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start,
445 const char *str)
446{
447 u16 *def = DEFAULT_TABLE(dfa);
448 u32 *base = BASE_TABLE(dfa);
449 u16 *next = NEXT_TABLE(dfa);
450 u16 *check = CHECK_TABLE(dfa);
451 unsigned int state = start;
452
453 if (state == 0)
454 return 0;
455
456 /* current state is <state>, matching character *str */
457 if (dfa->tables[YYTD_ID_EC]) {
458 /* Equivalence class table defined */
459 u8 *equiv = EQUIV_TABLE(dfa);
460 /* default is direct to next state */
461 while (*str)
462 match_char(state, def, base, next, check,
463 equiv[(u8) *str++]);
464 } else {
465 /* default is direct to next state */
466 while (*str)
467 match_char(state, def, base, next, check, (u8) *str++);
468 }
469
470 return state;
471}
472
473/**
474 * aa_dfa_next - step one character to the next state in the dfa
475 * @dfa: the dfa to traverse (NOT NULL)
476 * @state: the state to start in
477 * @c: the input character to transition on
478 *
479 * aa_dfa_match will step through the dfa by one input character @c
480 *
481 * Returns: state reach after input @c
482 */
483unsigned int aa_dfa_next(struct aa_dfa *dfa, unsigned int state,
484 const char c)
485{
486 u16 *def = DEFAULT_TABLE(dfa);
487 u32 *base = BASE_TABLE(dfa);
488 u16 *next = NEXT_TABLE(dfa);
489 u16 *check = CHECK_TABLE(dfa);
490
491 /* current state is <state>, matching character *str */
492 if (dfa->tables[YYTD_ID_EC]) {
493 /* Equivalence class table defined */
494 u8 *equiv = EQUIV_TABLE(dfa);
495 match_char(state, def, base, next, check, equiv[(u8) c]);
496 } else
497 match_char(state, def, base, next, check, (u8) c);
498
499 return state;
500}
501
502/**
503 * aa_dfa_match_until - traverse @dfa until accept state or end of input
504 * @dfa: the dfa to match @str against (NOT NULL)
505 * @start: the state of the dfa to start matching in
506 * @str: the null terminated string of bytes to match against the dfa (NOT NULL)
507 * @retpos: first character in str after match OR end of string
508 *
509 * aa_dfa_match will match @str against the dfa and return the state it
510 * finished matching in. The final state can be used to look up the accepting
511 * label, or as the start state of a continuing match.
512 *
513 * Returns: final state reached after input is consumed
514 */
515unsigned int aa_dfa_match_until(struct aa_dfa *dfa, unsigned int start,
516 const char *str, const char **retpos)
517{
518 u16 *def = DEFAULT_TABLE(dfa);
519 u32 *base = BASE_TABLE(dfa);
520 u16 *next = NEXT_TABLE(dfa);
521 u16 *check = CHECK_TABLE(dfa);
522 u32 *accept = ACCEPT_TABLE(dfa);
523 unsigned int state = start, pos;
524
525 if (state == 0)
526 return 0;
527
528 /* current state is <state>, matching character *str */
529 if (dfa->tables[YYTD_ID_EC]) {
530 /* Equivalence class table defined */
531 u8 *equiv = EQUIV_TABLE(dfa);
532 /* default is direct to next state */
533 while (*str) {
534 pos = base_idx(base[state]) + equiv[(u8) *str++];
535 if (check[pos] == state)
536 state = next[pos];
537 else
538 state = def[state];
539 if (accept[state])
540 break;
541 }
542 } else {
543 /* default is direct to next state */
544 while (*str) {
545 pos = base_idx(base[state]) + (u8) *str++;
546 if (check[pos] == state)
547 state = next[pos];
548 else
549 state = def[state];
550 if (accept[state])
551 break;
552 }
553 }
554
555 *retpos = str;
556 return state;
557}
558
559/**
560 * aa_dfa_matchn_until - traverse @dfa until accept or @n bytes consumed
561 * @dfa: the dfa to match @str against (NOT NULL)
562 * @start: the state of the dfa to start matching in
563 * @str: the string of bytes to match against the dfa (NOT NULL)
564 * @n: length of the string of bytes to match
565 * @retpos: first character in str after match OR str + n
566 *
567 * aa_dfa_match_len will match @str against the dfa and return the state it
568 * finished matching in. The final state can be used to look up the accepting
569 * label, or as the start state of a continuing match.
570 *
571 * This function will happily match again the 0 byte and only finishes
572 * when @n input is consumed.
573 *
574 * Returns: final state reached after input is consumed
575 */
576unsigned int aa_dfa_matchn_until(struct aa_dfa *dfa, unsigned int start,
577 const char *str, int n, const char **retpos)
578{
579 u16 *def = DEFAULT_TABLE(dfa);
580 u32 *base = BASE_TABLE(dfa);
581 u16 *next = NEXT_TABLE(dfa);
582 u16 *check = CHECK_TABLE(dfa);
583 u32 *accept = ACCEPT_TABLE(dfa);
584 unsigned int state = start, pos;
585
586 *retpos = NULL;
587 if (state == 0)
588 return 0;
589
590 /* current state is <state>, matching character *str */
591 if (dfa->tables[YYTD_ID_EC]) {
592 /* Equivalence class table defined */
593 u8 *equiv = EQUIV_TABLE(dfa);
594 /* default is direct to next state */
595 for (; n; n--) {
596 pos = base_idx(base[state]) + equiv[(u8) *str++];
597 if (check[pos] == state)
598 state = next[pos];
599 else
600 state = def[state];
601 if (accept[state])
602 break;
603 }
604 } else {
605 /* default is direct to next state */
606 for (; n; n--) {
607 pos = base_idx(base[state]) + (u8) *str++;
608 if (check[pos] == state)
609 state = next[pos];
610 else
611 state = def[state];
612 if (accept[state])
613 break;
614 }
615 }
616
617 *retpos = str;
618 return state;
619}
620
621#define inc_wb_pos(wb) \
622do { \
623 wb->pos = (wb->pos + 1) & (wb->size - 1); \
624 wb->len = (wb->len + 1) & (wb->size - 1); \
625} while (0)
626
627/* For DFAs that don't support extended tagging of states */
628static bool is_loop(struct match_workbuf *wb, unsigned int state,
629 unsigned int *adjust)
630{
631 unsigned int pos = wb->pos;
632 unsigned int i;
633
634 if (wb->history[pos] < state)
635 return false;
636
637 for (i = 0; i <= wb->len; i++) {
638 if (wb->history[pos] == state) {
639 *adjust = i;
640 return true;
641 }
642 if (pos == 0)
643 pos = wb->size;
644 pos--;
645 }
646
647 *adjust = i;
648 return true;
649}
650
651static unsigned int leftmatch_fb(struct aa_dfa *dfa, unsigned int start,
652 const char *str, struct match_workbuf *wb,
653 unsigned int *count)
654{
655 u16 *def = DEFAULT_TABLE(dfa);
656 u32 *base = BASE_TABLE(dfa);
657 u16 *next = NEXT_TABLE(dfa);
658 u16 *check = CHECK_TABLE(dfa);
659 unsigned int state = start, pos;
660
661 AA_BUG(!dfa);
662 AA_BUG(!str);
663 AA_BUG(!wb);
664 AA_BUG(!count);
665
666 *count = 0;
667 if (state == 0)
668 return 0;
669
670 /* current state is <state>, matching character *str */
671 if (dfa->tables[YYTD_ID_EC]) {
672 /* Equivalence class table defined */
673 u8 *equiv = EQUIV_TABLE(dfa);
674 /* default is direct to next state */
675 while (*str) {
676 unsigned int adjust;
677
678 wb->history[wb->pos] = state;
679 pos = base_idx(base[state]) + equiv[(u8) *str++];
680 if (check[pos] == state)
681 state = next[pos];
682 else
683 state = def[state];
684 if (is_loop(wb, state, &adjust)) {
685 state = aa_dfa_match(dfa, state, str);
686 *count -= adjust;
687 goto out;
688 }
689 inc_wb_pos(wb);
690 (*count)++;
691 }
692 } else {
693 /* default is direct to next state */
694 while (*str) {
695 unsigned int adjust;
696
697 wb->history[wb->pos] = state;
698 pos = base_idx(base[state]) + (u8) *str++;
699 if (check[pos] == state)
700 state = next[pos];
701 else
702 state = def[state];
703 if (is_loop(wb, state, &adjust)) {
704 state = aa_dfa_match(dfa, state, str);
705 *count -= adjust;
706 goto out;
707 }
708 inc_wb_pos(wb);
709 (*count)++;
710 }
711 }
712
713out:
714 if (!state)
715 *count = 0;
716 return state;
717}
718
719/**
720 * aa_dfa_leftmatch - traverse @dfa to find state @str stops at
721 * @dfa: the dfa to match @str against (NOT NULL)
722 * @start: the state of the dfa to start matching in
723 * @str: the null terminated string of bytes to match against the dfa (NOT NULL)
724 * @count: current count of longest left.
725 *
726 * aa_dfa_match will match @str against the dfa and return the state it
727 * finished matching in. The final state can be used to look up the accepting
728 * label, or as the start state of a continuing match.
729 *
730 * Returns: final state reached after input is consumed
731 */
732unsigned int aa_dfa_leftmatch(struct aa_dfa *dfa, unsigned int start,
733 const char *str, unsigned int *count)
734{
735 DEFINE_MATCH_WB(wb);
736
737 /* TODO: match for extended state dfas */
738
739 return leftmatch_fb(dfa, start, str, &wb, count);
740}