Lines Matching refs:regs
51 * insn is less then 4K, but there are too many branches that change stack/regs.
570 reg = &state->regs[i];
1055 static void mark_reg_known_zero(struct bpf_verifier_env *env, struct bpf_reg_state *regs, u32 regno)
1058 verbose(env, "mark_reg_known_zero(regs, %u)\n", regno);
1059 /* Something bad happened, let's kill all regs */
1061 verifier_mark_reg_not_init(env, regs + regno);
1065 verifier_mark_reg_known_zero(regs + regno);
1332 static void mark_reg_unknown(struct bpf_verifier_env *env, struct bpf_reg_state *regs, u32 regno)
1335 verbose(env, "mark_reg_unknown(regs, %u)\n", regno);
1336 /* Something bad happened, let's kill all regs except FP */
1338 verifier_mark_reg_not_init(env, regs + regno);
1342 __mark_reg_unknown(env, regs + regno);
1351 static void mark_reg_not_init(struct bpf_verifier_env *env, struct bpf_reg_state *regs, u32 regno)
1354 verbose(env, "mark_reg_not_init(regs, %u)\n", regno);
1355 /* Something bad happened, let's kill all regs except FP */
1357 verifier_mark_reg_not_init(env, regs + regno);
1361 verifier_mark_reg_not_init(env, regs + regno);
1364 static void mark_btf_ld_reg(struct bpf_verifier_env *env, struct bpf_reg_state *regs, u32 regno,
1368 mark_reg_unknown(env, regs, regno);
1371 mark_reg_known_zero(env, regs, regno);
1372 regs[regno].type = PTR_TO_BTF_ID;
1373 regs[regno].btf_id = btf_id;
1379 struct bpf_reg_state *regs = state->regs;
1383 mark_reg_not_init(env, regs, i);
1384 regs[i].live = REG_LIVE_NONE;
1385 regs[i].parent = NULL;
1386 regs[i].subreg_def = DEF_NOT_SUBREG;
1390 regs[BPF_REG_FP].type = PTR_TO_STACK;
1391 mark_reg_known_zero(env, regs, BPF_REG_FP);
1392 regs[BPF_REG_FP].frameno = state->frameno;
1716 struct bpf_reg_state *reg, *regs = state->regs;
1724 reg = ®s[regno];
1751 mark_reg_unknown(env, regs, regno);
1813 verbose(env, "regs=%x stack=%llx before ", *reg_mask, *stack_mask);
1920 verbose(env, "BUG regs %x\n", *reg_mask);
2009 reg = &func->regs[j];
2048 reg = &func->regs[regno];
2139 reg = &func->regs[i];
2187 verbose(env, "parent %s regs=%x stack=%llx marks\n", new_marks ? "didn't have" : "already had", reg_mask,
2309 reg = &cur->regs[value_regno];
2429 ptr_reg = &cur->regs[ptr_regno];
2433 value_reg = &cur->regs[value_regno];
2529 verifier_mark_reg_const_zero(&state->regs[dst_regno]);
2540 state->regs[dst_regno].precise = true;
2543 mark_reg_unknown(env, state->regs, dst_regno);
2545 state->regs[dst_regno].live |= REG_LIVE_WRITTEN;
2578 mark_reg_unknown(env, state->regs, dst_regno);
2579 state->regs[dst_regno].live |= REG_LIVE_WRITTEN;
2593 state->regs[dst_regno] = *reg;
2598 state->regs[dst_regno].live |= REG_LIVE_WRITTEN;
2764 struct bpf_reg_state *regs = cur_regs(env);
2765 struct bpf_map *map = regs[regno].map_ptr;
2815 struct bpf_reg_state *reg = &state->regs[regno];
2866 struct bpf_reg_state *reg = &state->regs[regno];
2944 struct bpf_reg_state *regs = cur_regs(env);
2945 struct bpf_reg_state *reg = ®s[regno];
3024 struct bpf_reg_state *regs = cur_regs(env);
3025 struct bpf_reg_state *reg = ®s[regno];
3505 static int check_ptr_to_btf_access(struct bpf_verifier_env *env, struct bpf_reg_state *regs, int regno, int off,
3508 struct bpf_reg_state *reg = regs + regno;
3542 mark_btf_ld_reg(env, regs, value_regno, ret, btf_id);
3548 static int check_ptr_to_map_access(struct bpf_verifier_env *env, struct bpf_reg_state *regs, int regno, int off,
3551 struct bpf_reg_state *reg = regs + regno;
3592 mark_btf_ld_reg(env, regs, value_regno, ret, btf_id);
3628 struct bpf_reg_state *regs = cur_regs(env);
3629 struct bpf_reg_state *reg = regs + regno;
3692 struct bpf_reg_state *regs = cur_regs(env);
3693 struct bpf_reg_state *reg = regs + regno;
3734 regs[value_regno].type = SCALAR_VALUE;
3735 verifier_mark_reg_known(®s[value_regno], val);
3737 mark_reg_unknown(env, regs, value_regno);
3760 mark_reg_unknown(env, regs, value_regno);
3786 mark_reg_unknown(env, regs, value_regno);
3788 mark_reg_known_zero(env, regs, value_regno);
3790 regs[value_regno].id = ++env->id_gen;
3797 regs[value_regno].subreg_def = DEF_NOT_SUBREG;
3799 regs[value_regno].btf_id = btf_id;
3802 regs[value_regno].type = reg_type;
3832 mark_reg_unknown(env, regs, value_regno);
3842 mark_reg_unknown(env, regs, value_regno);
3851 mark_reg_unknown(env, regs, value_regno);
3856 mark_reg_unknown(env, regs, value_regno);
3859 err = check_ptr_to_btf_access(env, regs, regno, off, size, t, value_regno);
3861 err = check_ptr_to_map_access(env, regs, regno, off, size, t, value_regno);
3881 mark_reg_unknown(env, regs, value_regno);
3888 if (!err && size < BPF_REG_SIZE && value_regno >= 0 && t == BPF_READ && regs[value_regno].type == SCALAR_VALUE) {
3890 coerce_reg_to_size(®s[value_regno], size);
4076 struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
4141 struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
4343 struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
4413 struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
4978 struct bpf_reg_state *regs = state->regs, *reg;
4982 if (reg_is_pkt_pointer_any(®s[i])) {
4983 mark_reg_unknown(env, regs, i);
5010 struct bpf_reg_state *regs = state->regs, *reg;
5014 if (regs[i].ref_obj_id == ref_obj_id) {
5015 mark_reg_unknown(env, regs, i);
5051 static void clear_caller_saved_regs(struct bpf_verifier_env *env, struct bpf_reg_state *regs)
5057 mark_reg_not_init(env, regs, caller_saved[i]);
5092 err = btf_check_func_arg_match(env, subprog, caller->regs);
5104 clear_caller_saved_regs(env, caller->regs);
5107 mark_reg_unknown(env, caller->regs, BPF_REG_0);
5108 caller->regs[BPF_REG_0].subreg_def = DEF_NOT_SUBREG;
5140 callee->regs[i] = caller->regs[i];
5143 clear_caller_saved_regs(env, caller->regs);
5168 r0 = &callee->regs[BPF_REG_0];
5183 caller->regs[BPF_REG_0] = *r0;
5204 static void do_refine_retval_range(struct bpf_reg_state *regs, int ret_type, int func_id,
5207 struct bpf_reg_state *ret_reg = ®s[BPF_REG_0];
5260 struct bpf_reg_state *regs = cur_regs(env), *reg;
5273 reg = ®s[BPF_REG_3];
5311 struct bpf_reg_state *regs;
5400 regs = cur_regs(env);
5404 if (func_id == BPF_FUNC_get_local_storage && !register_is_null(®s[BPF_REG_2])) {
5409 /* reset caller saved regs */
5411 mark_reg_not_init(env, regs, caller_saved[i]);
5416 regs[BPF_REG_0].subreg_def = DEF_NOT_SUBREG;
5423 mark_reg_unknown(env, regs, BPF_REG_0);
5425 regs[BPF_REG_0].type = NOT_INIT;
5428 mark_reg_known_zero(env, regs, BPF_REG_0);
5437 regs[BPF_REG_0].map_ptr = meta.map_ptr;
5438 regs[BPF_REG_0].type = PTR_TO_MAP_VALUE | ret_flag;
5440 regs[BPF_REG_0].id = ++env->id_gen;
5443 mark_reg_known_zero(env, regs, BPF_REG_0);
5444 regs[BPF_REG_0].type = PTR_TO_SOCKET | ret_flag;
5446 mark_reg_known_zero(env, regs, BPF_REG_0);
5447 regs[BPF_REG_0].type = PTR_TO_SOCK_COMMON | ret_flag;
5449 mark_reg_known_zero(env, regs, BPF_REG_0);
5450 regs[BPF_REG_0].type = PTR_TO_TCP_SOCK | ret_flag;
5452 mark_reg_known_zero(env, regs, BPF_REG_0);
5453 regs[BPF_REG_0].type = PTR_TO_MEM | ret_flag;
5454 regs[BPF_REG_0].mem_size = meta.mem_size;
5458 mark_reg_known_zero(env, regs, BPF_REG_0);
5472 regs[BPF_REG_0].type = PTR_TO_MEM | ret_flag;
5473 regs[BPF_REG_0].mem_size = tsize;
5482 regs[BPF_REG_0].type = PTR_TO_BTF_ID | ret_flag;
5483 regs[BPF_REG_0].btf_id = meta.ret_btf_id;
5488 mark_reg_known_zero(env, regs, BPF_REG_0);
5489 regs[BPF_REG_0].type = PTR_TO_BTF_ID | ret_flag;
5495 regs[BPF_REG_0].btf_id = ret_btf_id;
5501 if (type_may_be_null(regs[BPF_REG_0].type)) {
5502 regs[BPF_REG_0].id = ++env->id_gen;
5507 regs[BPF_REG_0].ref_obj_id = meta.ref_obj_id;
5514 regs[BPF_REG_0].id = id;
5516 regs[BPF_REG_0].ref_obj_id = id;
5519 do_refine_retval_range(regs, fn->ret_type, func_id, &meta);
5715 struct bpf_reg_state *regs;
5719 regs = branch->frame[branch->curframe]->regs;
5721 mark_reg_unknown(env, regs, insn->dst_reg);
5723 mark_reg_unknown(env, regs, insn->dst_reg);
5724 mark_reg_unknown(env, regs, insn->src_reg);
5947 struct bpf_reg_state *regs = state->regs, *dst_reg;
5958 dst_reg = ®s[dst];
6715 struct bpf_reg_state *regs = cur_regs(env);
6820 mark_reg_unknown(env, regs, insn->dst_reg);
6834 mark_reg_unknown(env, regs, insn->dst_reg);
6848 mark_reg_unknown(env, regs, insn->dst_reg);
6858 mark_reg_unknown(env, regs, insn->dst_reg);
6878 struct bpf_reg_state *regs = state->regs, *dst_reg, *src_reg;
6883 dst_reg = ®s[insn->dst_reg];
6894 src_reg = ®s[insn->src_reg];
6902 mark_reg_unknown(env, regs, insn->dst_reg);
6956 struct bpf_reg_state *regs = cur_regs(env);
7016 struct bpf_reg_state *src_reg = regs + insn->src_reg;
7017 struct bpf_reg_state *dst_reg = regs + insn->dst_reg;
7048 mark_reg_unknown(env, regs, insn->dst_reg);
7059 mark_reg_unknown(env, regs, insn->dst_reg);
7060 regs[insn->dst_reg].type = SCALAR_VALUE;
7062 verifier_mark_reg_known(regs + insn->dst_reg, insn->imm);
7064 verifier_mark_reg_known(regs + insn->dst_reg, (u32)insn->imm);
7124 reg = &state->regs[i];
7686 mark_ptr_or_null_reg(state, &state->regs[i], id, is_null);
7704 struct bpf_reg_state *regs = state->regs;
7705 u32 ref_obj_id = regs[regno].ref_obj_id;
7706 u32 id = regs[regno].id;
7710 /* regs[regno] is in the " == NULL" branch.
7804 reg = &state->regs[j];
7826 struct bpf_reg_state *regs = this_branch->frame[this_branch->curframe]->regs;
7855 src_reg = ®s[insn->src_reg];
7869 dst_reg = ®s[insn->dst_reg];
7920 other_branch_regs = other_branch->frame[other_branch->curframe]->regs;
7930 struct bpf_reg_state *src_reg_in = ®s[insn->src_reg];
7970 } else if (!try_match_pkt_pointers(insn, dst_reg, ®s[insn->src_reg], this_branch, other_branch) &&
7985 struct bpf_reg_state *regs = cur_regs(env);
8004 dst_reg = ®s[insn->dst_reg];
8009 verifier_mark_reg_known(®s[insn->dst_reg], imm);
8017 mark_reg_known_zero(env, regs, insn->dst_reg);
8084 struct bpf_reg_state *regs = cur_regs(env);
8126 if (regs[ctx_reg].type != PTR_TO_CTX) {
8139 err = check_ptr_off_reg(env, ®s[ctx_reg], ctx_reg);
8144 /* reset caller saved regs to unreadable */
8146 mark_reg_not_init(env, regs, caller_saved[i]);
8154 mark_reg_unknown(env, regs, BPF_REG_0);
8156 regs[BPF_REG_0].subreg_def = env->insn_idx + 1;
8856 * regs with old id 5 must also have new id 9 for the new state to be safe. But
8857 * regs with a different old id could still have new id 9, we don't care about
8888 live = st->regs[i].live;
8890 st->regs[i].live |= REG_LIVE_DONE;
8895 verifier_mark_reg_not_init(env, &st->regs[i]);
8916 if (st->frame[0]->regs[0].live & REG_LIVE_DONE) {
8917 /* all regs in this state in all frames were already marked */
9048 /* Check our ids match any regs they're supposed to */
9217 if (!regsafe(env, &old->regs[i], &cur->regs[i], env->idmap_scratch)) {
9319 parent_reg = parent->regs;
9320 state_reg = state->regs;
9355 state_reg = state->regs;
9400 if (memcmp(&fold->regs[i], &fcur->regs[i], offsetof(struct bpf_reg_state, parent))) {
9515 if (sl->state.frame[0]->regs[0].live & REG_LIVE_DONE) {
9599 cur->frame[j]->regs[i].parent = &new->frame[j]->regs[i];
9602 cur->frame[j]->regs[i].live = REG_LIVE_NONE;
9657 struct bpf_reg_state *regs;
9735 regs = cur_regs(env);
9760 src_reg_type = regs[insn->src_reg].type;
9812 dst_reg_type = regs[insn->dst_reg].type;
11590 struct bpf_reg_state *regs;
11611 regs = state->frame[state->curframe]->regs;
11613 ret = btf_prepare_func_args(env, subprog, regs);
11618 if (regs[i].type == PTR_TO_CTX) {
11619 mark_reg_known_zero(env, regs, i);
11620 } else if (regs[i].type == SCALAR_VALUE) {
11621 mark_reg_unknown(env, regs, i);
11626 regs[BPF_REG_1].type = PTR_TO_CTX;
11627 mark_reg_known_zero(env, regs, BPF_REG_1);
11628 ret = btf_check_func_arg_match(env, subprog, regs);