xref: /device/soc/rockchip/common/sdk_linux/kernel/bpf/verifier.c

63  * R10 - frame pointer read-only

552     return cur->frame[reg->frameno];

567         verbose(env, " frame%d:", state->frameno);

830         free_func_state(state->frame[i]);

831         state->frame[i] = NULL;

874     /* if dst has more stack frames then src frame, free them */

876         free_func_state(dst_state->frame[i]);

877         dst_state->frame[i] = NULL;

887         dst = dst_state->frame[i];

893             dst_state->frame[i] = dst;

895         err = copy_func_state(dst, src->frame[i]);

1389     /* frame pointer */

1714     struct bpf_func_state *state = vstate->frame[vstate->curframe];

1745             verbose(env, "frame pointer is read only\n");

1987  * to track above reg_mask/stack_mask needs to be independent for each frame.

1989  * Also if parent's curframe > frame where backtracking started,

2007             func = st->frame[i];

2046     func = st->frame[st->curframe];

2135         func = st->frame[st->curframe];

2287                                        /* stack frame we're writing to */

2307     cur = env->cur_state->frame[env->cur_state->curframe];

2348             verbose(env, "cannot spill pointers to stack into stack frame of the caller\n");

2428     cur = env->cur_state->frame[env->cur_state->curframe];

2511     struct bpf_func_state *state = vstate->frame[vstate->curframe];

2562     struct bpf_func_state *state = vstate->frame[vstate->curframe];

2814     struct bpf_func_state *state = vstate->frame[vstate->curframe];

2865     struct bpf_func_state *state = vstate->frame[vstate->curframe];

3219     int depth = 0, frame = 0, idx = 0, i = 0, subprog_end;

3247              * tailcall will unwind the current stack frame but it will not get rid

3260                 verbose(env, "combined stack size of %d calls is %d. Too large\n", frame + 1, depth);

3275                 ret_insn[frame] = i + 1;

3276                 ret_prog[frame] = idx;

3290                 frame++;

3291                 if (frame >= MAX_CALL_FRAMES) {

3292                     verbose(env, "the call stack of %d frames is too deep !\n", frame);

3312             for (j = 0; j < frame; j++) {

3323         if (frame == 0) {

3327         frame--;

3328         i = ret_insn[frame];

3329         idx = ret_prog[frame];

5004         __clear_all_pkt_pointers(env, vstate->frame[i]);

5045         release_reg_references(env, vstate->frame[i], ref_obj_id);

5082     caller = state->frame[state->curframe];

5083     if (state->frame[state->curframe + 1]) {

5119     state->frame[state->curframe + 1] = callee;

5167     callee = state->frame[state->curframe];

5181     caller = state->frame[state->curframe];

5200     state->frame[state->curframe + 1] = NULL;

5719         regs = branch->frame[branch->curframe]->regs;

5946     struct bpf_func_state *state = vstate->frame[vstate->curframe];

6877     struct bpf_func_state *state = vstate->frame[vstate->curframe];

7213         __find_good_pkt_pointers(vstate->frame[i], dst_reg, type, new_range);

7703     struct bpf_func_state *state = vstate->frame[vstate->curframe];

7718         __mark_ptr_or_null_regs(vstate->frame[i], id, is_null);

7802         state = vstate->frame[i];

7826     struct bpf_reg_state *regs = this_branch->frame[this_branch->curframe]->regs;

7920     other_branch_regs = other_branch->frame[other_branch->curframe]->regs;

7976         print_verifier_state(env, this_branch->frame[this_branch->curframe]);

8168     const bool is_subprog = env->cur_state->frame[0]->subprogno;

8331     struct bpf_func_state *state = cur->frame[cur->curframe];

8916     if (st->frame[0]->regs[0].live & REG_LIVE_DONE) {

8922         clean_func_state(env, st->frame[i]);

8971             if (sl->state.frame[i]->callsite != cur->frame[i]->callsite) {

8996          * the same stack frame, since fp-8 in foo != fp-8 in bar

9253      * and all frame states need to be equivalent

9256         if (old->frame[i]->callsite != cur->frame[i]->callsite) {

9259         if (!func_states_equal(env, old->frame[i], cur->frame[i])) {

9308     int i, frame, err = 0;

9311         WARN(1, "propagate_live: parent frame %d current frame %d\n", vparent->curframe, vstate->curframe);

9316     for (frame = 0; frame <= vstate->curframe; frame++) {

9317         parent = vparent->frame[frame];

9318         state = vstate->frame[frame];

9322         for (i = frame < vstate->curframe ? BPF_REG_6 : 0; i < BPF_REG_FP; i++) {

9354     state = old->frame[old->curframe];

9397     fold = old->frame[fr];

9398     fcur = cur->frame[fr];

9515             if (sl->state.frame[0]->regs[0].live & REG_LIVE_DONE) {

9554      * seeing this tuple (frame[0].callsite, frame[1].callsite, .. insn_idx)

9584     /* connect new state to parentage chain. Current frame needs all

9599             cur->frame[j]->regs[i].parent = &new->frame[j]->regs[i];

9602             cur->frame[j]->regs[i].live = REG_LIVE_NONE;

9608         struct bpf_func_state *frame = cur->frame[j];

9609         struct bpf_func_state *newframe = new->frame[j];

9611         for (i = 0; i < frame->allocated_stack / BPF_REG_SIZE; i++) {

9612             frame->stack[i].spilled_ptr.live = REG_LIVE_NONE;

9613             frame->stack[i].spilled_ptr.parent = &newframe->stack[i].spilled_ptr;

9713             print_verifier_state(env, state->frame[state->curframe]);

11603     state->frame[0] = kzalloc(sizeof(struct bpf_func_state), GFP_KERNEL);

11604     if (!state->frame[0]) {

11609     init_func_state(env, state->frame[0], BPF_MAIN_FUNC /* callsite */, 0 /* frameno */, subprog);

11611     regs = state->frame[state->curframe]->regs;

Indexes created Thu Nov 07 10:32:03 CST 2024