Lines Matching refs:dst_reg
3542 return insn->dst_reg; in insn_def_regno()
3549 int dst_reg = insn_def_regno(insn); in insn_has_def32() local
3551 if (dst_reg == -1) in insn_has_def32()
3554 return !is_reg64(env, insn, dst_reg, NULL, DST_OP); in insn_has_def32()
4040 u32 dreg = insn->dst_reg; in backtrack_insn()
7554 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_atomic()
7577 if (is_ctx_reg(env, insn->dst_reg) || in check_atomic()
7578 is_pkt_reg(env, insn->dst_reg) || in check_atomic()
7579 is_flow_key_reg(env, insn->dst_reg) || in check_atomic()
7580 is_sk_reg(env, insn->dst_reg) || in check_atomic()
7581 (is_arena_reg(env, insn->dst_reg) && !bpf_jit_supports_insn(insn, true))) { in check_atomic()
7583 insn->dst_reg, in check_atomic()
7584 reg_type_str(env, reg_state(env, insn->dst_reg)->type)); in check_atomic()
7608 err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off, in check_atomic()
7611 err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off, in check_atomic()
7617 if (is_arena_reg(env, insn->dst_reg)) { in check_atomic()
7623 err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off, in check_atomic()
13647 mark_reg_unknown(env, regs, insn->dst_reg); in sanitize_speculative_path()
13649 mark_reg_unknown(env, regs, insn->dst_reg); in sanitize_speculative_path()
13660 struct bpf_reg_state *dst_reg, in sanitize_ptr_alu() argument
13668 bool ptr_is_dst_reg = ptr_reg == dst_reg; in sanitize_ptr_alu()
13742 tmp = *dst_reg; in sanitize_ptr_alu()
13743 copy_register_state(dst_reg, ptr_reg); in sanitize_ptr_alu()
13748 *dst_reg = tmp; in sanitize_ptr_alu()
13768 const struct bpf_reg_state *dst_reg) in sanitize_err() argument
13772 u32 dst = insn->dst_reg, src = insn->src_reg; in sanitize_err()
13777 off_reg == dst_reg ? dst : src, err); in sanitize_err()
13781 off_reg == dst_reg ? src : dst, err); in sanitize_err()
13840 const struct bpf_reg_state *dst_reg) in sanitize_check_bounds() argument
13842 u32 dst = insn->dst_reg; in sanitize_check_bounds()
13850 switch (dst_reg->type) { in sanitize_check_bounds()
13852 if (check_stack_access_for_ptr_arithmetic(env, dst, dst_reg, in sanitize_check_bounds()
13853 dst_reg->off + dst_reg->var_off.value)) in sanitize_check_bounds()
13857 if (check_map_access(env, dst, dst_reg->off, 1, false, ACCESS_HELPER)) { in sanitize_check_bounds()
13882 struct bpf_reg_state *regs = state->regs, *dst_reg; in adjust_ptr_min_max_vals() local
13890 u32 dst = insn->dst_reg; in adjust_ptr_min_max_vals()
13893 dst_reg = ®s[dst]; in adjust_ptr_min_max_vals()
13900 __mark_reg_unknown(env, dst_reg); in adjust_ptr_min_max_vals()
13907 __mark_reg_unknown(env, dst_reg); in adjust_ptr_min_max_vals()
13955 dst_reg->type = ptr_reg->type; in adjust_ptr_min_max_vals()
13956 dst_reg->id = ptr_reg->id; in adjust_ptr_min_max_vals()
13963 __mark_reg32_unbounded(dst_reg); in adjust_ptr_min_max_vals()
13966 ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg, in adjust_ptr_min_max_vals()
13969 return sanitize_err(env, insn, ret, off_reg, dst_reg); in adjust_ptr_min_max_vals()
13980 dst_reg->smin_value = smin_ptr; in adjust_ptr_min_max_vals()
13981 dst_reg->smax_value = smax_ptr; in adjust_ptr_min_max_vals()
13982 dst_reg->umin_value = umin_ptr; in adjust_ptr_min_max_vals()
13983 dst_reg->umax_value = umax_ptr; in adjust_ptr_min_max_vals()
13984 dst_reg->var_off = ptr_reg->var_off; in adjust_ptr_min_max_vals()
13985 dst_reg->off = ptr_reg->off + smin_val; in adjust_ptr_min_max_vals()
13986 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
13998 if (check_add_overflow(smin_ptr, smin_val, &dst_reg->smin_value) || in adjust_ptr_min_max_vals()
13999 check_add_overflow(smax_ptr, smax_val, &dst_reg->smax_value)) { in adjust_ptr_min_max_vals()
14000 dst_reg->smin_value = S64_MIN; in adjust_ptr_min_max_vals()
14001 dst_reg->smax_value = S64_MAX; in adjust_ptr_min_max_vals()
14003 if (check_add_overflow(umin_ptr, umin_val, &dst_reg->umin_value) || in adjust_ptr_min_max_vals()
14004 check_add_overflow(umax_ptr, umax_val, &dst_reg->umax_value)) { in adjust_ptr_min_max_vals()
14005 dst_reg->umin_value = 0; in adjust_ptr_min_max_vals()
14006 dst_reg->umax_value = U64_MAX; in adjust_ptr_min_max_vals()
14008 dst_reg->var_off = tnum_add(ptr_reg->var_off, off_reg->var_off); in adjust_ptr_min_max_vals()
14009 dst_reg->off = ptr_reg->off; in adjust_ptr_min_max_vals()
14010 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
14012 dst_reg->id = ++env->id_gen; in adjust_ptr_min_max_vals()
14014 memset(&dst_reg->raw, 0, sizeof(dst_reg->raw)); in adjust_ptr_min_max_vals()
14018 if (dst_reg == off_reg) { in adjust_ptr_min_max_vals()
14036 dst_reg->smin_value = smin_ptr; in adjust_ptr_min_max_vals()
14037 dst_reg->smax_value = smax_ptr; in adjust_ptr_min_max_vals()
14038 dst_reg->umin_value = umin_ptr; in adjust_ptr_min_max_vals()
14039 dst_reg->umax_value = umax_ptr; in adjust_ptr_min_max_vals()
14040 dst_reg->var_off = ptr_reg->var_off; in adjust_ptr_min_max_vals()
14041 dst_reg->id = ptr_reg->id; in adjust_ptr_min_max_vals()
14042 dst_reg->off = ptr_reg->off - smin_val; in adjust_ptr_min_max_vals()
14043 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
14049 if (check_sub_overflow(smin_ptr, smax_val, &dst_reg->smin_value) || in adjust_ptr_min_max_vals()
14050 check_sub_overflow(smax_ptr, smin_val, &dst_reg->smax_value)) { in adjust_ptr_min_max_vals()
14052 dst_reg->smin_value = S64_MIN; in adjust_ptr_min_max_vals()
14053 dst_reg->smax_value = S64_MAX; in adjust_ptr_min_max_vals()
14057 dst_reg->umin_value = 0; in adjust_ptr_min_max_vals()
14058 dst_reg->umax_value = U64_MAX; in adjust_ptr_min_max_vals()
14061 dst_reg->umin_value = umin_ptr - umax_val; in adjust_ptr_min_max_vals()
14062 dst_reg->umax_value = umax_ptr - umin_val; in adjust_ptr_min_max_vals()
14064 dst_reg->var_off = tnum_sub(ptr_reg->var_off, off_reg->var_off); in adjust_ptr_min_max_vals()
14065 dst_reg->off = ptr_reg->off; in adjust_ptr_min_max_vals()
14066 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
14068 dst_reg->id = ++env->id_gen; in adjust_ptr_min_max_vals()
14071 memset(&dst_reg->raw, 0, sizeof(dst_reg->raw)); in adjust_ptr_min_max_vals()
14088 if (!check_reg_sane_offset(env, dst_reg, ptr_reg->type)) in adjust_ptr_min_max_vals()
14090 reg_bounds_sync(dst_reg); in adjust_ptr_min_max_vals()
14091 if (sanitize_check_bounds(env, insn, dst_reg) < 0) in adjust_ptr_min_max_vals()
14094 ret = sanitize_ptr_alu(env, insn, dst_reg, off_reg, dst_reg, in adjust_ptr_min_max_vals()
14097 return sanitize_err(env, insn, ret, off_reg, dst_reg); in adjust_ptr_min_max_vals()
14103 static void scalar32_min_max_add(struct bpf_reg_state *dst_reg, in scalar32_min_max_add() argument
14106 s32 *dst_smin = &dst_reg->s32_min_value; in scalar32_min_max_add()
14107 s32 *dst_smax = &dst_reg->s32_max_value; in scalar32_min_max_add()
14108 u32 *dst_umin = &dst_reg->u32_min_value; in scalar32_min_max_add()
14109 u32 *dst_umax = &dst_reg->u32_max_value; in scalar32_min_max_add()
14123 static void scalar_min_max_add(struct bpf_reg_state *dst_reg, in scalar_min_max_add() argument
14126 s64 *dst_smin = &dst_reg->smin_value; in scalar_min_max_add()
14127 s64 *dst_smax = &dst_reg->smax_value; in scalar_min_max_add()
14128 u64 *dst_umin = &dst_reg->umin_value; in scalar_min_max_add()
14129 u64 *dst_umax = &dst_reg->umax_value; in scalar_min_max_add()
14143 static void scalar32_min_max_sub(struct bpf_reg_state *dst_reg, in scalar32_min_max_sub() argument
14146 s32 *dst_smin = &dst_reg->s32_min_value; in scalar32_min_max_sub()
14147 s32 *dst_smax = &dst_reg->s32_max_value; in scalar32_min_max_sub()
14157 if (dst_reg->u32_min_value < umax_val) { in scalar32_min_max_sub()
14159 dst_reg->u32_min_value = 0; in scalar32_min_max_sub()
14160 dst_reg->u32_max_value = U32_MAX; in scalar32_min_max_sub()
14163 dst_reg->u32_min_value -= umax_val; in scalar32_min_max_sub()
14164 dst_reg->u32_max_value -= umin_val; in scalar32_min_max_sub()
14168 static void scalar_min_max_sub(struct bpf_reg_state *dst_reg, in scalar_min_max_sub() argument
14171 s64 *dst_smin = &dst_reg->smin_value; in scalar_min_max_sub()
14172 s64 *dst_smax = &dst_reg->smax_value; in scalar_min_max_sub()
14182 if (dst_reg->umin_value < umax_val) { in scalar_min_max_sub()
14184 dst_reg->umin_value = 0; in scalar_min_max_sub()
14185 dst_reg->umax_value = U64_MAX; in scalar_min_max_sub()
14188 dst_reg->umin_value -= umax_val; in scalar_min_max_sub()
14189 dst_reg->umax_value -= umin_val; in scalar_min_max_sub()
14193 static void scalar32_min_max_mul(struct bpf_reg_state *dst_reg, in scalar32_min_max_mul() argument
14196 s32 *dst_smin = &dst_reg->s32_min_value; in scalar32_min_max_mul()
14197 s32 *dst_smax = &dst_reg->s32_max_value; in scalar32_min_max_mul()
14198 u32 *dst_umin = &dst_reg->u32_min_value; in scalar32_min_max_mul()
14199 u32 *dst_umax = &dst_reg->u32_max_value; in scalar32_min_max_mul()
14221 static void scalar_min_max_mul(struct bpf_reg_state *dst_reg, in scalar_min_max_mul() argument
14224 s64 *dst_smin = &dst_reg->smin_value; in scalar_min_max_mul()
14225 s64 *dst_smax = &dst_reg->smax_value; in scalar_min_max_mul()
14226 u64 *dst_umin = &dst_reg->umin_value; in scalar_min_max_mul()
14227 u64 *dst_umax = &dst_reg->umax_value; in scalar_min_max_mul()
14249 static void scalar32_min_max_and(struct bpf_reg_state *dst_reg, in scalar32_min_max_and() argument
14253 bool dst_known = tnum_subreg_is_const(dst_reg->var_off); in scalar32_min_max_and()
14254 struct tnum var32_off = tnum_subreg(dst_reg->var_off); in scalar32_min_max_and()
14258 __mark_reg32_known(dst_reg, var32_off.value); in scalar32_min_max_and()
14265 dst_reg->u32_min_value = var32_off.value; in scalar32_min_max_and()
14266 dst_reg->u32_max_value = min(dst_reg->u32_max_value, umax_val); in scalar32_min_max_and()
14271 if ((s32)dst_reg->u32_min_value <= (s32)dst_reg->u32_max_value) { in scalar32_min_max_and()
14272 dst_reg->s32_min_value = dst_reg->u32_min_value; in scalar32_min_max_and()
14273 dst_reg->s32_max_value = dst_reg->u32_max_value; in scalar32_min_max_and()
14275 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_and()
14276 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_and()
14280 static void scalar_min_max_and(struct bpf_reg_state *dst_reg, in scalar_min_max_and() argument
14284 bool dst_known = tnum_is_const(dst_reg->var_off); in scalar_min_max_and()
14288 __mark_reg_known(dst_reg, dst_reg->var_off.value); in scalar_min_max_and()
14295 dst_reg->umin_value = dst_reg->var_off.value; in scalar_min_max_and()
14296 dst_reg->umax_value = min(dst_reg->umax_value, umax_val); in scalar_min_max_and()
14301 if ((s64)dst_reg->umin_value <= (s64)dst_reg->umax_value) { in scalar_min_max_and()
14302 dst_reg->smin_value = dst_reg->umin_value; in scalar_min_max_and()
14303 dst_reg->smax_value = dst_reg->umax_value; in scalar_min_max_and()
14305 dst_reg->smin_value = S64_MIN; in scalar_min_max_and()
14306 dst_reg->smax_value = S64_MAX; in scalar_min_max_and()
14309 __update_reg_bounds(dst_reg); in scalar_min_max_and()
14312 static void scalar32_min_max_or(struct bpf_reg_state *dst_reg, in scalar32_min_max_or() argument
14316 bool dst_known = tnum_subreg_is_const(dst_reg->var_off); in scalar32_min_max_or()
14317 struct tnum var32_off = tnum_subreg(dst_reg->var_off); in scalar32_min_max_or()
14321 __mark_reg32_known(dst_reg, var32_off.value); in scalar32_min_max_or()
14328 dst_reg->u32_min_value = max(dst_reg->u32_min_value, umin_val); in scalar32_min_max_or()
14329 dst_reg->u32_max_value = var32_off.value | var32_off.mask; in scalar32_min_max_or()
14334 if ((s32)dst_reg->u32_min_value <= (s32)dst_reg->u32_max_value) { in scalar32_min_max_or()
14335 dst_reg->s32_min_value = dst_reg->u32_min_value; in scalar32_min_max_or()
14336 dst_reg->s32_max_value = dst_reg->u32_max_value; in scalar32_min_max_or()
14338 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_or()
14339 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_or()
14343 static void scalar_min_max_or(struct bpf_reg_state *dst_reg, in scalar_min_max_or() argument
14347 bool dst_known = tnum_is_const(dst_reg->var_off); in scalar_min_max_or()
14351 __mark_reg_known(dst_reg, dst_reg->var_off.value); in scalar_min_max_or()
14358 dst_reg->umin_value = max(dst_reg->umin_value, umin_val); in scalar_min_max_or()
14359 dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; in scalar_min_max_or()
14364 if ((s64)dst_reg->umin_value <= (s64)dst_reg->umax_value) { in scalar_min_max_or()
14365 dst_reg->smin_value = dst_reg->umin_value; in scalar_min_max_or()
14366 dst_reg->smax_value = dst_reg->umax_value; in scalar_min_max_or()
14368 dst_reg->smin_value = S64_MIN; in scalar_min_max_or()
14369 dst_reg->smax_value = S64_MAX; in scalar_min_max_or()
14372 __update_reg_bounds(dst_reg); in scalar_min_max_or()
14375 static void scalar32_min_max_xor(struct bpf_reg_state *dst_reg, in scalar32_min_max_xor() argument
14379 bool dst_known = tnum_subreg_is_const(dst_reg->var_off); in scalar32_min_max_xor()
14380 struct tnum var32_off = tnum_subreg(dst_reg->var_off); in scalar32_min_max_xor()
14383 __mark_reg32_known(dst_reg, var32_off.value); in scalar32_min_max_xor()
14388 dst_reg->u32_min_value = var32_off.value; in scalar32_min_max_xor()
14389 dst_reg->u32_max_value = var32_off.value | var32_off.mask; in scalar32_min_max_xor()
14394 if ((s32)dst_reg->u32_min_value <= (s32)dst_reg->u32_max_value) { in scalar32_min_max_xor()
14395 dst_reg->s32_min_value = dst_reg->u32_min_value; in scalar32_min_max_xor()
14396 dst_reg->s32_max_value = dst_reg->u32_max_value; in scalar32_min_max_xor()
14398 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_xor()
14399 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_xor()
14403 static void scalar_min_max_xor(struct bpf_reg_state *dst_reg, in scalar_min_max_xor() argument
14407 bool dst_known = tnum_is_const(dst_reg->var_off); in scalar_min_max_xor()
14411 __mark_reg_known(dst_reg, dst_reg->var_off.value); in scalar_min_max_xor()
14416 dst_reg->umin_value = dst_reg->var_off.value; in scalar_min_max_xor()
14417 dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; in scalar_min_max_xor()
14422 if ((s64)dst_reg->umin_value <= (s64)dst_reg->umax_value) { in scalar_min_max_xor()
14423 dst_reg->smin_value = dst_reg->umin_value; in scalar_min_max_xor()
14424 dst_reg->smax_value = dst_reg->umax_value; in scalar_min_max_xor()
14426 dst_reg->smin_value = S64_MIN; in scalar_min_max_xor()
14427 dst_reg->smax_value = S64_MAX; in scalar_min_max_xor()
14430 __update_reg_bounds(dst_reg); in scalar_min_max_xor()
14433 static void __scalar32_min_max_lsh(struct bpf_reg_state *dst_reg, in __scalar32_min_max_lsh() argument
14439 dst_reg->s32_min_value = S32_MIN; in __scalar32_min_max_lsh()
14440 dst_reg->s32_max_value = S32_MAX; in __scalar32_min_max_lsh()
14442 if (umax_val > 31 || dst_reg->u32_max_value > 1ULL << (31 - umax_val)) { in __scalar32_min_max_lsh()
14443 dst_reg->u32_min_value = 0; in __scalar32_min_max_lsh()
14444 dst_reg->u32_max_value = U32_MAX; in __scalar32_min_max_lsh()
14446 dst_reg->u32_min_value <<= umin_val; in __scalar32_min_max_lsh()
14447 dst_reg->u32_max_value <<= umax_val; in __scalar32_min_max_lsh()
14451 static void scalar32_min_max_lsh(struct bpf_reg_state *dst_reg, in scalar32_min_max_lsh() argument
14457 struct tnum subreg = tnum_subreg(dst_reg->var_off); in scalar32_min_max_lsh()
14459 __scalar32_min_max_lsh(dst_reg, umin_val, umax_val); in scalar32_min_max_lsh()
14460 dst_reg->var_off = tnum_subreg(tnum_lshift(subreg, umin_val)); in scalar32_min_max_lsh()
14465 __mark_reg64_unbounded(dst_reg); in scalar32_min_max_lsh()
14466 __update_reg32_bounds(dst_reg); in scalar32_min_max_lsh()
14469 static void __scalar64_min_max_lsh(struct bpf_reg_state *dst_reg, in __scalar64_min_max_lsh() argument
14479 if (umin_val == 32 && umax_val == 32 && dst_reg->s32_max_value >= 0) in __scalar64_min_max_lsh()
14480 dst_reg->smax_value = (s64)dst_reg->s32_max_value << 32; in __scalar64_min_max_lsh()
14482 dst_reg->smax_value = S64_MAX; in __scalar64_min_max_lsh()
14484 if (umin_val == 32 && umax_val == 32 && dst_reg->s32_min_value >= 0) in __scalar64_min_max_lsh()
14485 dst_reg->smin_value = (s64)dst_reg->s32_min_value << 32; in __scalar64_min_max_lsh()
14487 dst_reg->smin_value = S64_MIN; in __scalar64_min_max_lsh()
14490 if (dst_reg->umax_value > 1ULL << (63 - umax_val)) { in __scalar64_min_max_lsh()
14491 dst_reg->umin_value = 0; in __scalar64_min_max_lsh()
14492 dst_reg->umax_value = U64_MAX; in __scalar64_min_max_lsh()
14494 dst_reg->umin_value <<= umin_val; in __scalar64_min_max_lsh()
14495 dst_reg->umax_value <<= umax_val; in __scalar64_min_max_lsh()
14499 static void scalar_min_max_lsh(struct bpf_reg_state *dst_reg, in scalar_min_max_lsh() argument
14506 __scalar64_min_max_lsh(dst_reg, umin_val, umax_val); in scalar_min_max_lsh()
14507 __scalar32_min_max_lsh(dst_reg, umin_val, umax_val); in scalar_min_max_lsh()
14509 dst_reg->var_off = tnum_lshift(dst_reg->var_off, umin_val); in scalar_min_max_lsh()
14511 __update_reg_bounds(dst_reg); in scalar_min_max_lsh()
14514 static void scalar32_min_max_rsh(struct bpf_reg_state *dst_reg, in scalar32_min_max_rsh() argument
14517 struct tnum subreg = tnum_subreg(dst_reg->var_off); in scalar32_min_max_rsh()
14535 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_rsh()
14536 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_rsh()
14538 dst_reg->var_off = tnum_rshift(subreg, umin_val); in scalar32_min_max_rsh()
14539 dst_reg->u32_min_value >>= umax_val; in scalar32_min_max_rsh()
14540 dst_reg->u32_max_value >>= umin_val; in scalar32_min_max_rsh()
14542 __mark_reg64_unbounded(dst_reg); in scalar32_min_max_rsh()
14543 __update_reg32_bounds(dst_reg); in scalar32_min_max_rsh()
14546 static void scalar_min_max_rsh(struct bpf_reg_state *dst_reg, in scalar_min_max_rsh() argument
14566 dst_reg->smin_value = S64_MIN; in scalar_min_max_rsh()
14567 dst_reg->smax_value = S64_MAX; in scalar_min_max_rsh()
14568 dst_reg->var_off = tnum_rshift(dst_reg->var_off, umin_val); in scalar_min_max_rsh()
14569 dst_reg->umin_value >>= umax_val; in scalar_min_max_rsh()
14570 dst_reg->umax_value >>= umin_val; in scalar_min_max_rsh()
14576 __mark_reg32_unbounded(dst_reg); in scalar_min_max_rsh()
14577 __update_reg_bounds(dst_reg); in scalar_min_max_rsh()
14580 static void scalar32_min_max_arsh(struct bpf_reg_state *dst_reg, in scalar32_min_max_arsh() argument
14588 dst_reg->s32_min_value = (u32)(((s32)dst_reg->s32_min_value) >> umin_val); in scalar32_min_max_arsh()
14589 dst_reg->s32_max_value = (u32)(((s32)dst_reg->s32_max_value) >> umin_val); in scalar32_min_max_arsh()
14591 dst_reg->var_off = tnum_arshift(tnum_subreg(dst_reg->var_off), umin_val, 32); in scalar32_min_max_arsh()
14596 dst_reg->u32_min_value = 0; in scalar32_min_max_arsh()
14597 dst_reg->u32_max_value = U32_MAX; in scalar32_min_max_arsh()
14599 __mark_reg64_unbounded(dst_reg); in scalar32_min_max_arsh()
14600 __update_reg32_bounds(dst_reg); in scalar32_min_max_arsh()
14603 static void scalar_min_max_arsh(struct bpf_reg_state *dst_reg, in scalar_min_max_arsh() argument
14611 dst_reg->smin_value >>= umin_val; in scalar_min_max_arsh()
14612 dst_reg->smax_value >>= umin_val; in scalar_min_max_arsh()
14614 dst_reg->var_off = tnum_arshift(dst_reg->var_off, umin_val, 64); in scalar_min_max_arsh()
14619 dst_reg->umin_value = 0; in scalar_min_max_arsh()
14620 dst_reg->umax_value = U64_MAX; in scalar_min_max_arsh()
14626 __mark_reg32_unbounded(dst_reg); in scalar_min_max_arsh()
14627 __update_reg_bounds(dst_reg); in scalar_min_max_arsh()
14676 struct bpf_reg_state *dst_reg, in adjust_scalar_min_max_vals() argument
14684 __mark_reg_unknown(env, dst_reg); in adjust_scalar_min_max_vals()
14710 scalar32_min_max_add(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14711 scalar_min_max_add(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14712 dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
14715 scalar32_min_max_sub(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14716 scalar_min_max_sub(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14717 dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
14720 dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
14721 scalar32_min_max_mul(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14722 scalar_min_max_mul(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14725 dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
14726 scalar32_min_max_and(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14727 scalar_min_max_and(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14730 dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
14731 scalar32_min_max_or(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14732 scalar_min_max_or(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14735 dst_reg->var_off = tnum_xor(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
14736 scalar32_min_max_xor(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14737 scalar_min_max_xor(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14741 scalar32_min_max_lsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14743 scalar_min_max_lsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14747 scalar32_min_max_rsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14749 scalar_min_max_rsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14753 scalar32_min_max_arsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14755 scalar_min_max_arsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
14763 zext_32_to_64(dst_reg); in adjust_scalar_min_max_vals()
14764 reg_bounds_sync(dst_reg); in adjust_scalar_min_max_vals()
14776 struct bpf_reg_state *regs = state->regs, *dst_reg, *src_reg; in adjust_reg_min_max_vals() local
14782 dst_reg = ®s[insn->dst_reg]; in adjust_reg_min_max_vals()
14785 if (dst_reg->type == PTR_TO_ARENA) { in adjust_reg_min_max_vals()
14799 if (dst_reg->type != SCALAR_VALUE) in adjust_reg_min_max_vals()
14800 ptr_reg = dst_reg; in adjust_reg_min_max_vals()
14805 if (dst_reg->type != SCALAR_VALUE) { in adjust_reg_min_max_vals()
14811 mark_reg_unknown(env, regs, insn->dst_reg); in adjust_reg_min_max_vals()
14815 insn->dst_reg, in adjust_reg_min_max_vals()
14823 err = mark_chain_precision(env, insn->dst_reg); in adjust_reg_min_max_vals()
14827 src_reg, dst_reg); in adjust_reg_min_max_vals()
14835 dst_reg, src_reg); in adjust_reg_min_max_vals()
14836 } else if (dst_reg->precise) { in adjust_reg_min_max_vals()
14865 err = adjust_scalar_min_max_vals(env, insn, dst_reg, *src_reg); in adjust_reg_min_max_vals()
14879 dst_reg->id && is_reg_const(src_reg, false)) { in adjust_reg_min_max_vals()
14882 if ((dst_reg->id & BPF_ADD_CONST) || in adjust_reg_min_max_vals()
14889 dst_reg->off = 0; in adjust_reg_min_max_vals()
14890 dst_reg->id = 0; in adjust_reg_min_max_vals()
14892 dst_reg->id |= BPF_ADD_CONST; in adjust_reg_min_max_vals()
14893 dst_reg->off = val; in adjust_reg_min_max_vals()
14900 dst_reg->id = 0; in adjust_reg_min_max_vals()
14931 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_alu_op()
14935 if (is_pointer_value(env, insn->dst_reg)) { in check_alu_op()
14937 insn->dst_reg); in check_alu_op()
14942 err = check_reg_arg(env, insn->dst_reg, DST_OP); in check_alu_op()
14984 err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); in check_alu_op()
14990 struct bpf_reg_state *dst_reg = regs + insn->dst_reg; in check_alu_op() local
14995 mark_reg_unknown(env, regs, insn->dst_reg); in check_alu_op()
14997 dst_reg->type = PTR_TO_ARENA; in check_alu_op()
14999 dst_reg->subreg_def = env->insn_idx + 1; in check_alu_op()
15006 copy_register_state(dst_reg, src_reg); in check_alu_op()
15007 dst_reg->live |= REG_LIVE_WRITTEN; in check_alu_op()
15008 dst_reg->subreg_def = DEF_NOT_SUBREG; in check_alu_op()
15022 copy_register_state(dst_reg, src_reg); in check_alu_op()
15024 dst_reg->id = 0; in check_alu_op()
15025 coerce_reg_to_size_sx(dst_reg, insn->off >> 3); in check_alu_op()
15026 dst_reg->live |= REG_LIVE_WRITTEN; in check_alu_op()
15027 dst_reg->subreg_def = DEF_NOT_SUBREG; in check_alu_op()
15029 mark_reg_unknown(env, regs, insn->dst_reg); in check_alu_op()
15045 copy_register_state(dst_reg, src_reg); in check_alu_op()
15051 dst_reg->id = 0; in check_alu_op()
15052 dst_reg->live |= REG_LIVE_WRITTEN; in check_alu_op()
15053 dst_reg->subreg_def = env->insn_idx + 1; in check_alu_op()
15060 copy_register_state(dst_reg, src_reg); in check_alu_op()
15062 dst_reg->id = 0; in check_alu_op()
15063 dst_reg->live |= REG_LIVE_WRITTEN; in check_alu_op()
15064 dst_reg->subreg_def = env->insn_idx + 1; in check_alu_op()
15065 coerce_subreg_to_size_sx(dst_reg, insn->off >> 3); in check_alu_op()
15069 insn->dst_reg); in check_alu_op()
15071 zext_32_to_64(dst_reg); in check_alu_op()
15072 reg_bounds_sync(dst_reg); in check_alu_op()
15079 mark_reg_unknown(env, regs, insn->dst_reg); in check_alu_op()
15080 regs[insn->dst_reg].type = SCALAR_VALUE; in check_alu_op()
15082 __mark_reg_known(regs + insn->dst_reg, in check_alu_op()
15085 __mark_reg_known(regs + insn->dst_reg, in check_alu_op()
15115 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_alu_op()
15136 err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); in check_alu_op()
15142 return reg_bounds_sanity_check(env, ®s[insn->dst_reg], "alu"); in check_alu_op()
15146 struct bpf_reg_state *dst_reg, in find_good_pkt_pointers() argument
15154 if (dst_reg->off < 0 || in find_good_pkt_pointers()
15155 (dst_reg->off == 0 && range_right_open)) in find_good_pkt_pointers()
15159 if (dst_reg->umax_value > MAX_PACKET_OFF || in find_good_pkt_pointers()
15160 dst_reg->umax_value + dst_reg->off > MAX_PACKET_OFF) in find_good_pkt_pointers()
15166 new_range = dst_reg->off; in find_good_pkt_pointers()
15218 if (reg->type == type && reg->id == dst_reg->id) in find_good_pkt_pointers()
15376 static int is_pkt_ptr_branch_taken(struct bpf_reg_state *dst_reg, in is_pkt_ptr_branch_taken() argument
15383 pkt = dst_reg; in is_pkt_ptr_branch_taken()
15384 } else if (dst_reg->type == PTR_TO_PACKET_END) { in is_pkt_ptr_branch_taken()
15767 struct bpf_reg_state *dst_reg, in try_match_pkt_pointers() argument
15781 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
15783 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
15786 find_good_pkt_pointers(this_branch, dst_reg, in try_match_pkt_pointers()
15787 dst_reg->type, false); in try_match_pkt_pointers()
15788 mark_pkt_end(other_branch, insn->dst_reg, true); in try_match_pkt_pointers()
15789 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
15791 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
15802 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
15804 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
15807 find_good_pkt_pointers(other_branch, dst_reg, in try_match_pkt_pointers()
15808 dst_reg->type, true); in try_match_pkt_pointers()
15809 mark_pkt_end(this_branch, insn->dst_reg, false); in try_match_pkt_pointers()
15810 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
15812 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
15823 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
15825 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
15828 find_good_pkt_pointers(this_branch, dst_reg, in try_match_pkt_pointers()
15829 dst_reg->type, true); in try_match_pkt_pointers()
15830 mark_pkt_end(other_branch, insn->dst_reg, false); in try_match_pkt_pointers()
15831 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
15833 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
15844 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
15846 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
15849 find_good_pkt_pointers(other_branch, dst_reg, in try_match_pkt_pointers()
15850 dst_reg->type, false); in try_match_pkt_pointers()
15851 mark_pkt_end(this_branch, insn->dst_reg, true); in try_match_pkt_pointers()
15852 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
15854 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
15970 struct bpf_reg_state *dst_reg, *other_branch_regs, *src_reg = NULL; in check_cond_jmp_op() local
15990 insn->dst_reg || insn->imm) { in check_cond_jmp_op()
16009 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_cond_jmp_op()
16013 dst_reg = ®s[insn->dst_reg]; in check_cond_jmp_op()
16026 if (!(reg_is_pkt_pointer_any(dst_reg) && reg_is_pkt_pointer_any(src_reg)) && in check_cond_jmp_op()
16044 pred = is_branch_taken(dst_reg, src_reg, opcode, is_jmp32); in check_cond_jmp_op()
16049 if (!__is_pointer_value(false, dst_reg)) in check_cond_jmp_op()
16050 err = mark_chain_precision(env, insn->dst_reg); in check_cond_jmp_op()
16093 if (dst_reg->type == SCALAR_VALUE && dst_reg->id) in check_cond_jmp_op()
16094 collect_linked_regs(this_branch, dst_reg->id, &linked_regs); in check_cond_jmp_op()
16109 &other_branch_regs[insn->dst_reg], in check_cond_jmp_op()
16111 dst_reg, src_reg, opcode, is_jmp32); in check_cond_jmp_op()
16120 &other_branch_regs[insn->dst_reg], in check_cond_jmp_op()
16122 dst_reg, &env->fake_reg[1], in check_cond_jmp_op()
16134 if (dst_reg->type == SCALAR_VALUE && dst_reg->id && in check_cond_jmp_op()
16135 !WARN_ON_ONCE(dst_reg->id != other_branch_regs[insn->dst_reg].id)) { in check_cond_jmp_op()
16136 sync_linked_regs(this_branch, dst_reg, &linked_regs); in check_cond_jmp_op()
16137 sync_linked_regs(other_branch, &other_branch_regs[insn->dst_reg], &linked_regs); in check_cond_jmp_op()
16153 __is_pointer_value(false, src_reg) && __is_pointer_value(false, dst_reg) && in check_cond_jmp_op()
16154 type_may_be_null(src_reg->type) != type_may_be_null(dst_reg->type) && in check_cond_jmp_op()
16156 base_type(dst_reg->type) != PTR_TO_BTF_ID) { in check_cond_jmp_op()
16173 mark_ptr_not_null_reg(&eq_branch_regs[insn->dst_reg]); in check_cond_jmp_op()
16183 type_may_be_null(dst_reg->type)) { in check_cond_jmp_op()
16187 mark_ptr_or_null_regs(this_branch, insn->dst_reg, in check_cond_jmp_op()
16189 mark_ptr_or_null_regs(other_branch, insn->dst_reg, in check_cond_jmp_op()
16191 } else if (!try_match_pkt_pointers(insn, dst_reg, ®s[insn->src_reg], in check_cond_jmp_op()
16193 is_pointer_value(env, insn->dst_reg)) { in check_cond_jmp_op()
16195 insn->dst_reg); in check_cond_jmp_op()
16208 struct bpf_reg_state *dst_reg; in check_ld_imm() local
16221 err = check_reg_arg(env, insn->dst_reg, DST_OP); in check_ld_imm()
16225 dst_reg = ®s[insn->dst_reg]; in check_ld_imm()
16229 dst_reg->type = SCALAR_VALUE; in check_ld_imm()
16230 __mark_reg_known(®s[insn->dst_reg], imm); in check_ld_imm()
16238 mark_reg_known_zero(env, regs, insn->dst_reg); in check_ld_imm()
16241 dst_reg->type = aux->btf_var.reg_type; in check_ld_imm()
16242 switch (base_type(dst_reg->type)) { in check_ld_imm()
16244 dst_reg->mem_size = aux->btf_var.mem_size; in check_ld_imm()
16247 dst_reg->btf = aux->btf_var.btf; in check_ld_imm()
16248 dst_reg->btf_id = aux->btf_var.btf_id; in check_ld_imm()
16271 dst_reg->type = PTR_TO_FUNC; in check_ld_imm()
16272 dst_reg->subprogno = subprogno; in check_ld_imm()
16277 dst_reg->map_ptr = map; in check_ld_imm()
16282 __mark_reg_unknown(env, dst_reg); in check_ld_imm()
16285 dst_reg->type = PTR_TO_MAP_VALUE; in check_ld_imm()
16286 dst_reg->off = aux->map_off; in check_ld_imm()
16291 dst_reg->type = CONST_PTR_TO_MAP; in check_ld_imm()
16344 if (insn->dst_reg != BPF_REG_0 || insn->off != 0 || in check_ld_abs()
16945 stx->dst_reg != BPF_REG_10 || in mark_fastcall_pattern_for_call()
16949 if (stx->src_reg != ldx->dst_reg) in mark_fastcall_pattern_for_call()
17003 insn->dst_reg != BPF_REG_10) in mark_fastcall_patterns()
19057 err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); in do_check()
19068 BPF_READ, insn->dst_reg, false, in do_check()
19071 err = err ?: reg_bounds_sanity_check(env, ®s[insn->dst_reg], "ldx"); in do_check()
19095 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in do_check()
19099 dst_reg_type = regs[insn->dst_reg].type; in do_check()
19102 err = check_mem_access(env, env->insn_idx, insn->dst_reg, in do_check()
19120 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in do_check()
19124 dst_reg_type = regs[insn->dst_reg].type; in do_check()
19127 err = check_mem_access(env, env->insn_idx, insn->dst_reg, in do_check()
19147 insn->dst_reg != BPF_REG_0 || in do_check()
19179 insn->dst_reg != BPF_REG_0 || in do_check()
19196 insn->dst_reg != BPF_REG_0 || in do_check()
19688 insn[1].dst_reg != 0 || insn[1].src_reg != 0 || in resolve_pseudo_ldimm64()
20282 rnd_hi32_patch[3].dst_reg = load_reg; in opt_subreg_zext_lo32_rnd_hi32()
20311 zext_patch[1].dst_reg = load_reg; in opt_subreg_zext_lo32_rnd_hi32()
20561 insn->dst_reg, in convert_ctx_accesses()
20563 insn_buf[cnt++] = BPF_ALU32_IMM(BPF_AND, insn->dst_reg, in convert_ctx_accesses()
20568 insn->dst_reg, in convert_ctx_accesses()
20570 insn_buf[cnt++] = BPF_ALU32_IMM(BPF_AND, insn->dst_reg, in convert_ctx_accesses()
20576 insn->dst_reg, insn->dst_reg, in convert_ctx_accesses()
21158 BPF_NEG | BPF_K, insn->dst_reg, in do_misc_fixups()
21162 BPF_MOV32_IMM(insn->dst_reg, 0), in do_misc_fixups()
21193 BPF_ALU32_REG(BPF_XOR, insn->dst_reg, insn->dst_reg), in do_misc_fixups()
21204 BPF_MOV32_REG(insn->dst_reg, insn->dst_reg), in do_misc_fixups()
21222 BPF_MOV | BPF_K, insn->dst_reg, in do_misc_fixups()
21226 BPF_NEG | BPF_K, insn->dst_reg, in do_misc_fixups()
21244 BPF_MOV32_IMM(insn->dst_reg, 0), in do_misc_fixups()
21248 BPF_MOV32_REG(insn->dst_reg, insn->dst_reg), in do_misc_fixups()
21290 *patch++ = BPF_MOV64_IMM(insn->dst_reg, 0); in do_misc_fixups()
21342 off_reg = issrc ? insn->src_reg : insn->dst_reg; in do_misc_fixups()
21356 *patch++ = BPF_MOV64_REG(insn->dst_reg, insn->src_reg); in do_misc_fixups()