Lines Matching +full:only +full:- +full:1 +full:- +full:8 +full:v
1 // SPDX-License-Identifier: GPL-2.0
34 int *v, i = zero; /* obscure initial value of i */ in iter_err_unsafe_c_loop() local
39 while ((v = bpf_iter_num_next(&it))) { in iter_err_unsafe_c_loop()
62 "r4 = 1;" in iter_err_unsafe_asm_loop()
68 "r6 += 1;" in iter_err_unsafe_asm_loop()
96 int *v; in iter_while_loop() local
101 while ((v = bpf_iter_num_next(&it))) { in iter_while_loop()
102 bpf_printk("ITER_BASIC: E1 VAL: v=%d", *v); in iter_while_loop()
114 int *v; in iter_while_loop_auto_cleanup() local
119 while ((v = bpf_iter_num_next(&it))) { in iter_while_loop_auto_cleanup()
120 bpf_printk("ITER_BASIC: E1 VAL: v=%d", *v); in iter_while_loop_auto_cleanup()
132 int *v; in iter_for_loop() local
137 for (v = bpf_iter_num_next(&it); v; v = bpf_iter_num_next(&it)) { in iter_for_loop()
138 bpf_printk("ITER_BASIC: E2 VAL: v=%d", *v); in iter_for_loop()
149 int *v; in iter_bpf_for_each_macro() local
153 bpf_for_each(num, v, 5, 10) { in iter_bpf_for_each_macro()
154 bpf_printk("ITER_BASIC: E2 VAL: v=%d", *v); in iter_bpf_for_each_macro()
169 bpf_printk("ITER_BASIC: E2 VAL: v=%d", i); in iter_bpf_for_macro()
180 int *v, i; in iter_pragma_unroll_loop() local
187 v = bpf_iter_num_next(&it); in iter_pragma_unroll_loop()
188 bpf_printk("ITER_BASIC: E3 VAL: i=%d v=%d", i, v ? *v : -1); in iter_pragma_unroll_loop()
200 int *v; in iter_manual_unroll_loop() local
205 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
206 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_manual_unroll_loop()
207 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
208 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_manual_unroll_loop()
209 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
210 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_manual_unroll_loop()
211 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
212 bpf_printk("ITER_BASIC: E4 VAL: v=%d\n", v ? *v : -1); in iter_manual_unroll_loop()
223 int *v, i; in iter_multiple_sequential_loops() local
228 while ((v = bpf_iter_num_next(&it))) { in iter_multiple_sequential_loops()
229 bpf_printk("ITER_BASIC: E1 VAL: v=%d", *v); in iter_multiple_sequential_loops()
234 for (v = bpf_iter_num_next(&it); v; v = bpf_iter_num_next(&it)) { in iter_multiple_sequential_loops()
235 bpf_printk("ITER_BASIC: E2 VAL: v=%d", *v); in iter_multiple_sequential_loops()
242 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
243 bpf_printk("ITER_BASIC: E3 VAL: i=%d v=%d", i, v ? *v : -1); in iter_multiple_sequential_loops()
248 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
249 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_multiple_sequential_loops()
250 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
251 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_multiple_sequential_loops()
252 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
253 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_multiple_sequential_loops()
254 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
255 bpf_printk("ITER_BASIC: E4 VAL: v=%d\n", v ? *v : -1); in iter_multiple_sequential_loops()
266 int *v, i = 0, sum = 0; in iter_limit_cond_break_loop() local
271 while ((v = bpf_iter_num_next(&it))) { in iter_limit_cond_break_loop()
272 bpf_printk("ITER_SIMPLE: i=%d v=%d", i, *v); in iter_limit_cond_break_loop()
273 sum += *v; in iter_limit_cond_break_loop()
291 int *v, sum = 0; in iter_obfuscate_counter() local
300 while ((v = bpf_iter_num_next(&it))) { in iter_obfuscate_counter()
303 i += 1; in iter_obfuscate_counter()
306 * track that i becomes 1 on first iteration after increment in iter_obfuscate_counter()
308 * and mark i as precise, ruining open-coded iterator logic in iter_obfuscate_counter()
314 if (i == 1) in iter_obfuscate_counter()
317 x = i * 3 + 1; in iter_obfuscate_counter()
319 bpf_printk("ITER_OBFUSCATE_COUNTER: i=%d v=%d x=%d", i, *v, x); in iter_obfuscate_counter()
335 int *v, *elem = NULL; in iter_search_loop() local
342 while ((v = bpf_iter_num_next(&it))) { in iter_search_loop()
343 bpf_printk("ITER_SEARCH_LOOP: v=%d", *v); in iter_search_loop()
345 if (*v == 2) { in iter_search_loop()
347 elem = v; in iter_search_loop()
408 /* zero-initialize sums */ in iter_nested_iters()
433 col == ARRAY_SIZE(arr2d[0]) - 1 ? "\n" : ""); in iter_nested_iters()
452 sum += 1; in iter_nested_deeply_iters()
498 /* zero-initialize sums */ in iter_subprog_iters()
520 col == ARRAY_SIZE(arr2d[0]) - 1 ? "\n" : ""); in iter_subprog_iters()
633 /* zero-init arr1 and arr2 in such a way that verifier doesn't know in iter_stack_array_loop()
635 * all combination of zero/non-zero stack slots for arr1/arr2, which in iter_stack_array_loop()
644 if (i & 1) { in iter_stack_array_loop()
731 * The call to bpf_iter_num_next() is reachable with r7 values &fp[-16] and 0xdead. in delayed_read_mark()
732 * State with r7=&fp[-16] is visited first and follows r6 != 42 ... continue branch. in delayed_read_mark()
734 * Loop body with r7=0xdead would only be visited if verifier would decide to continue in delayed_read_mark()
738 * r7 = &fp[-16] in delayed_read_mark()
739 * fp[-16] = 0 in delayed_read_mark()
741 * bpf_iter_num_new(&fp[-8], 0, 10) in delayed_read_mark()
742 * while (bpf_iter_num_next(&fp[-8])) { in delayed_read_mark()
748 * bpf_probe_read_user(r7, 8, 0xdeadbeef); // this is not safe in delayed_read_mark()
750 * bpf_iter_num_destroy(&fp[-8]) in delayed_read_mark()
755 "r7 += -16;" in delayed_read_mark()
761 "r1 += -8;" in delayed_read_mark()
765 "1:" in delayed_read_mark()
767 "r1 += -8;" in delayed_read_mark()
770 "r6 += 1;" in delayed_read_mark()
773 "goto 1b;" in delayed_read_mark()
776 "r2 = 8;" in delayed_read_mark()
779 "goto 1b;" in delayed_read_mark()
782 "r1 += -8;" in delayed_read_mark()
804 * The call to bpf_iter_num_next() is reachable with r7 values -16 and -32. in delayed_precision_mark()
805 * State with r7=-16 is visited first and follows r6 != 42 ... continue branch. in delayed_precision_mark()
808 * Loop body with r7=-32 would only be visited if verifier would decide to continue in delayed_precision_mark()
813 * fp[-16] = 0 in delayed_precision_mark()
814 * r7 = -16 in delayed_precision_mark()
816 * bpf_iter_num_new(&fp[-8], 0, 10) in delayed_precision_mark()
817 * while (bpf_iter_num_next(&fp[-8])) { in delayed_precision_mark()
819 * r7 = -32 in delayed_precision_mark()
828 * bpf_iter_num_destroy(&fp[-8]) in delayed_precision_mark()
833 "*(u64 *)(r10 - 16) = r8;" in delayed_precision_mark()
834 "r7 = -16;" in delayed_precision_mark()
838 "r1 += -8;" in delayed_precision_mark()
842 "1:" in delayed_precision_mark()
844 "r1 += -8;\n" in delayed_precision_mark()
848 "r7 = -33;" in delayed_precision_mark()
851 "goto 1b;\n" in delayed_precision_mark()
858 "goto 1b;\n" in delayed_precision_mark()
861 "r1 += -8;" in delayed_precision_mark()
884 * - states with c=-25 are explored only on a second iteration in __flag()
886 * - states with read+precise mark on c are explored only on in __flag()
892 * unsafe c=-25 memory access. in __flag()
894 * j = iter_new(); // fp[-16] in __flag()
897 * c = -24; // r8 in __flag()
899 * i = iter_new(); // fp[-8] in __flag()
903 * if (a == 1) { in __flag()
905 * b = 1; in __flag()
907 * a = 1; in __flag()
910 * if (b == 1) { in __flag()
921 * c = -25; in __flag()
928 "r1 += -16;" in __flag()
934 "r8 = -24;" in __flag()
937 "r1 += -16;" in __flag()
941 "r1 += -8;" in __flag()
949 "r1 += -8;" in __flag()
953 "if r6 != 1 goto check_zero_r6_%=;" in __flag()
955 "r7 = 1;" in __flag()
959 "r6 = 1;" in __flag()
964 "if r7 != 1 goto i_loop_%=;" in __flag()
970 "r1 += -8;" in __flag()
973 "r1 += -16;" in __flag()
979 "r1 += -8;" in __flag()
983 "r8 = -25;" in __flag()
987 "r1 += -16;" in __flag()
1009 * - states with read+precise mark on c are explored only on a second in __flag()
1012 * - states with c=-25 are explored only on a second iteration of the in __flag()
1018 * unsafe c=-25 memory access. in __flag()
1020 * j = iter_new(); // fp[-16] in __flag()
1023 * c = -24; // r8 in __flag()
1025 * i = iter_new(); // fp[-8] in __flag()
1029 * if (a == 1) { in __flag()
1031 * b = 1; in __flag()
1033 * a = 1; in __flag()
1036 * if (b == 1) { in __flag()
1045 * i = iter_new(); // fp[-8] in __flag()
1049 * if (a == 1) { in __flag()
1051 * b = 1; in __flag()
1053 * a = 1; in __flag()
1056 * if (b == 1) { in __flag()
1058 * c = -25; in __flag()
1069 "r1 += -16;" in __flag()
1075 "r8 = -24;" in __flag()
1078 "r1 += -16;" in __flag()
1084 "r1 += -8;" in __flag()
1092 "r1 += -8;" in __flag()
1096 "if r6 != 1 goto check_zero_r6_%=;" in __flag()
1098 "r7 = 1;" in __flag()
1102 "r6 = 1;" in __flag()
1107 "if r7 != 1 goto i_loop_%=;" in __flag()
1113 "r1 += -8;" in __flag()
1116 "r1 += -16;" in __flag()
1122 "r1 += -8;" in __flag()
1127 "r1 += -8;" in __flag()
1135 "r1 += -8;" in __flag()
1139 "if r6 != 1 goto check2_zero_r6_%=;" in __flag()
1141 "r7 = 1;" in __flag()
1145 "r6 = 1;" in __flag()
1150 "if r7 != 1 goto i2_loop_%=;" in __flag()
1152 "r8 = -25;" in __flag()
1156 "r1 += -8;" in __flag()
1164 "r1 += -16;" in __flag()
1186 * i = iter_new(); // fp[-8] in __flag()
1192 * for (i = 10; i > 0; i--); // increase dfs_depth for child states in __flag()
1194 * i = iter_new(); // fp[-8] in __flag()
1195 * b = -24; // r8 in __flag()
1200 * *(u64 *)(r10 + b) = 7; // this is not safe when b == -25 in __flag()
1205 * b = -25; in __flag()
1211 * env->cur_state->loop_entry with a state having 0 branches in __flag()
1215 * - branch with '*(u64 *)(r10 + b) = 7' is not explored yet; in __flag()
1216 * - checkpoint (L) is first reached in state {b=-24}; in __flag()
1217 * - traversal is pruned at checkpoint (N) setting checkpoint's (L) in __flag()
1219 * - checkpoint (L) is next reached in state {b=-25}, in __flag()
1220 * this would cause NOT_EXACT comparison with a state {b=-24} in __flag()
1227 "r1 += -8;" in __flag()
1231 "1:" in __flag()
1233 "r1 += -8;" in __flag()
1235 "if r0 != 0 goto 1b;" in __flag()
1237 "r1 += -8;" in __flag()
1245 "r0 -= 1;" in __flag()
1249 "r1 += -8;" in __flag()
1253 "r8 = -24;" in __flag()
1256 "r1 += -8;" in __flag()
1269 "r1 += -8;" in __flag()
1282 "r8 = -25;" in __flag()
1303 * bpf_iter_num_new(&fp[-8], 0, 10) in triple_continue()
1304 * while (bpf_iter_num_next(&fp[-8])) { in triple_continue()
1313 * bpf_iter_num_destroy(&fp[-8]) in triple_continue()
1318 "r1 += -8;" in triple_continue()
1324 "r1 += -8;" in triple_continue()
1337 "r1 += -8;" in triple_continue()
1355 * The counter is stored in fp[-16], if this counter is not widened in widen_spill()
1358 * fp[-16] = 0 in widen_spill()
1359 * bpf_iter_num_new(&fp[-8], 0, 10) in widen_spill()
1360 * while (bpf_iter_num_next(&fp[-8])) { in widen_spill()
1361 * r0 = fp[-16]; in widen_spill()
1362 * r0 += 1; in widen_spill()
1363 * fp[-16] = r0; in widen_spill()
1365 * bpf_iter_num_destroy(&fp[-8]) in widen_spill()
1370 "*(u64 *)(r10 - 16) = r0;" in widen_spill()
1372 "r1 += -8;" in widen_spill()
1378 "r1 += -8;" in widen_spill()
1381 "r0 = *(u64 *)(r10 - 16);" in widen_spill()
1382 "r0 += 1;" in widen_spill()
1383 "*(u64 *)(r10 - 16) = r0;" in widen_spill()
1387 "r1 += -8;" in widen_spill()
1414 * if (a) sum += 1; in checkpoint_states_deletion()
1415 * if (b) sum += 1; in checkpoint_states_deletion()
1416 * if (c) sum += 1; in checkpoint_states_deletion()
1417 * if (d) sum += 1; in checkpoint_states_deletion()
1418 * if (e) sum += 1; in checkpoint_states_deletion()
1419 * if (f) sum += 1; in checkpoint_states_deletion()
1424 * with different combination of NULL/non-NULL information for a/b/c/d/e/f. in checkpoint_states_deletion()
1429 * exploration would be finished (at-least for a specific path). in checkpoint_states_deletion()
1435 * sl->miss_cnt > sl->hit_cnt * N + N // if true sl->state is evicted in checkpoint_states_deletion()
1443 "*(u64 *)(r10 - 24) = r6;" /* d */ in checkpoint_states_deletion()
1444 "*(u64 *)(r10 - 32) = r6;" /* e */ in checkpoint_states_deletion()
1445 "*(u64 *)(r10 - 40) = r6;" /* f */ in checkpoint_states_deletion()
1448 "r1 += -8;" in checkpoint_states_deletion()
1454 "r1 += -8;" in checkpoint_states_deletion()
1458 "*(u64 *)(r10 - 16) = r0;" in checkpoint_states_deletion()
1462 "r2 += -16;" in checkpoint_states_deletion()
1468 "r2 += -16;" in checkpoint_states_deletion()
1474 "r2 += -16;" in checkpoint_states_deletion()
1480 "r2 += -16;" in checkpoint_states_deletion()
1482 "*(u64 *)(r10 - 24) = r0;" in checkpoint_states_deletion()
1486 "r2 += -16;" in checkpoint_states_deletion()
1488 "*(u64 *)(r10 - 32) = r0;" in checkpoint_states_deletion()
1492 "r2 += -16;" in checkpoint_states_deletion()
1494 "*(u64 *)(r10 - 40) = r0;" in checkpoint_states_deletion()
1496 "if r6 == 0 goto +1;" in checkpoint_states_deletion()
1497 "r9 += 1;" in checkpoint_states_deletion()
1498 "if r7 == 0 goto +1;" in checkpoint_states_deletion()
1499 "r9 += 1;" in checkpoint_states_deletion()
1500 "if r8 == 0 goto +1;" in checkpoint_states_deletion()
1501 "r9 += 1;" in checkpoint_states_deletion()
1502 "r0 = *(u64 *)(r10 - 24);" in checkpoint_states_deletion()
1503 "if r0 == 0 goto +1;" in checkpoint_states_deletion()
1504 "r9 += 1;" in checkpoint_states_deletion()
1505 "r0 = *(u64 *)(r10 - 32);" in checkpoint_states_deletion()
1506 "if r0 == 0 goto +1;" in checkpoint_states_deletion()
1507 "r9 += 1;" in checkpoint_states_deletion()
1508 "r0 = *(u64 *)(r10 - 40);" in checkpoint_states_deletion()
1509 "if r0 == 0 goto +1;" in checkpoint_states_deletion()
1510 "r9 += 1;" in checkpoint_states_deletion()
1515 "r1 += -8;" in checkpoint_states_deletion()
1561 if (str[1] == 'e') in nest_2()
1572 /* case 0: allocate stack, case 1: no allocate stack */ in nest_1()
1581 case 1: in nest_1()
1596 result = 1; in iter_subprog_check_stacksafe()
1611 bpf_iter_num_new(&global_it, 0, 1); in iter_new_bad_arg()
1635 char buf[1]; in clean_live_states()
1654 __failure __msg("misaligned stack access off 0+-31+0 size 8") in __flag()
1660 * r6 = -32; in __flag()
1661 * bpf_iter_num_new(&fp[-8], 0, 10); in __flag()
1663 * r6 = -31; in __flag()
1664 * while (bpf_iter_num_next(&fp[-8])) { in __flag()
1668 * bpf_iter_num_destroy(&fp[-8]) in __flag()
1675 "r6 = -32;" in __flag()
1677 "*(u64 *)(r10 - 16) = r0;" in __flag()
1679 "r1 += -8;" in __flag()
1688 "r1 += -8;" in __flag()
1696 "r1 += -8;" in __flag()
1707 "r6 = -31;" in __flag()
1729 __failure __msg("misaligned stack access off 0+-31+0 size 8") in __flag()
1735 * r6 = -32; in __flag()
1736 * bpf_iter_num_new(&fp[-8], 0, 10); in __flag()
1738 * r6 = -31; in __flag()
1746 * while (bpf_iter_num_next(&fp[-8])) { in __flag()
1750 * bpf_iter_num_destroy(&fp[-8]) in __flag()
1757 "r6 = -32;" in __flag()
1759 "*(u64 *)(r10 - 16) = r0;" in __flag()
1761 "r1 += -8;" in __flag()
1771 "r1 += -8;" in __flag()
1779 "r1 += -8;" in __flag()
1790 "r6 = -31;" in __flag()
1805 __failure __msg("misaligned stack access off 0+-31+0 size 8") in __flag()
1809 * bpf_iter_num_new(&fp[-8], 0, 10) in __flag()
1810 * loop1(-32, &fp[-8]) in __flag()
1811 * loop1_wrapper(&fp[-8]) in __flag()
1812 * bpf_iter_num_destroy(&fp[-8]) in __flag()
1816 "r1 += -8;" in __flag()
1820 /* call #1 */ in __flag()
1821 "r1 = -32;" in __flag()
1823 "r2 += -8;" in __flag()
1826 "r1 += -8;" in __flag()
1830 "r1 += -8;" in __flag()
1835 "r1 += -8;" in __flag()
1839 "r1 += -8;" in __flag()
1898 * r6 = -32; in loop1_wrapper()
1901 * r6 = -31; in loop1_wrapper()
1907 "r6 = -32;" in loop1_wrapper()
1920 "r6 = -31;" in loop1_wrapper()