Lines Matching refs:dst_reg
1701 return !is_reg64(env, insn, insn->dst_reg, NULL, DST_OP); in insn_has_def32()
1812 u32 dreg = 1u << insn->dst_reg; in backtrack_insn()
1890 if (insn->dst_reg != BPF_REG_FP) in backtrack_insn()
2278 u32 dst_reg = env->prog->insnsi[insn_idx].dst_reg; in check_stack_write() local
2301 if (dst_reg != BPF_REG_FP) { in check_stack_write()
3613 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_xadd()
3622 if (is_ctx_reg(env, insn->dst_reg) || in check_xadd()
3623 is_pkt_reg(env, insn->dst_reg) || in check_xadd()
3624 is_flow_key_reg(env, insn->dst_reg) || in check_xadd()
3625 is_sk_reg(env, insn->dst_reg)) { in check_xadd()
3627 insn->dst_reg, in check_xadd()
3628 reg_type_str[reg_state(env, insn->dst_reg)->type]); in check_xadd()
3633 err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off, in check_xadd()
3639 return check_mem_access(env, insn_idx, insn->dst_reg, insn->off, in check_xadd()
5396 struct bpf_reg_state *dst_reg, in sanitize_ptr_alu() argument
5401 bool ptr_is_dst_reg = ptr_reg == dst_reg; in sanitize_ptr_alu()
5436 tmp = *dst_reg; in sanitize_ptr_alu()
5437 *dst_reg = *ptr_reg; in sanitize_ptr_alu()
5441 *dst_reg = tmp; in sanitize_ptr_alu()
5457 struct bpf_reg_state *regs = state->regs, *dst_reg; in adjust_ptr_min_max_vals() local
5463 u32 dst = insn->dst_reg, src = insn->src_reg; in adjust_ptr_min_max_vals()
5467 dst_reg = ®s[dst]; in adjust_ptr_min_max_vals()
5474 __mark_reg_unknown(env, dst_reg); in adjust_ptr_min_max_vals()
5481 __mark_reg_unknown(env, dst_reg); in adjust_ptr_min_max_vals()
5515 off_reg == dst_reg ? dst : src); in adjust_ptr_min_max_vals()
5526 dst_reg->type = ptr_reg->type; in adjust_ptr_min_max_vals()
5527 dst_reg->id = ptr_reg->id; in adjust_ptr_min_max_vals()
5534 __mark_reg32_unbounded(dst_reg); in adjust_ptr_min_max_vals()
5538 ret = sanitize_ptr_alu(env, insn, ptr_reg, dst_reg, smin_val < 0); in adjust_ptr_min_max_vals()
5549 dst_reg->smin_value = smin_ptr; in adjust_ptr_min_max_vals()
5550 dst_reg->smax_value = smax_ptr; in adjust_ptr_min_max_vals()
5551 dst_reg->umin_value = umin_ptr; in adjust_ptr_min_max_vals()
5552 dst_reg->umax_value = umax_ptr; in adjust_ptr_min_max_vals()
5553 dst_reg->var_off = ptr_reg->var_off; in adjust_ptr_min_max_vals()
5554 dst_reg->off = ptr_reg->off + smin_val; in adjust_ptr_min_max_vals()
5555 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
5569 dst_reg->smin_value = S64_MIN; in adjust_ptr_min_max_vals()
5570 dst_reg->smax_value = S64_MAX; in adjust_ptr_min_max_vals()
5572 dst_reg->smin_value = smin_ptr + smin_val; in adjust_ptr_min_max_vals()
5573 dst_reg->smax_value = smax_ptr + smax_val; in adjust_ptr_min_max_vals()
5577 dst_reg->umin_value = 0; in adjust_ptr_min_max_vals()
5578 dst_reg->umax_value = U64_MAX; in adjust_ptr_min_max_vals()
5580 dst_reg->umin_value = umin_ptr + umin_val; in adjust_ptr_min_max_vals()
5581 dst_reg->umax_value = umax_ptr + umax_val; in adjust_ptr_min_max_vals()
5583 dst_reg->var_off = tnum_add(ptr_reg->var_off, off_reg->var_off); in adjust_ptr_min_max_vals()
5584 dst_reg->off = ptr_reg->off; in adjust_ptr_min_max_vals()
5585 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
5587 dst_reg->id = ++env->id_gen; in adjust_ptr_min_max_vals()
5589 dst_reg->raw = 0; in adjust_ptr_min_max_vals()
5593 ret = sanitize_ptr_alu(env, insn, ptr_reg, dst_reg, smin_val < 0); in adjust_ptr_min_max_vals()
5598 if (dst_reg == off_reg) { in adjust_ptr_min_max_vals()
5616 dst_reg->smin_value = smin_ptr; in adjust_ptr_min_max_vals()
5617 dst_reg->smax_value = smax_ptr; in adjust_ptr_min_max_vals()
5618 dst_reg->umin_value = umin_ptr; in adjust_ptr_min_max_vals()
5619 dst_reg->umax_value = umax_ptr; in adjust_ptr_min_max_vals()
5620 dst_reg->var_off = ptr_reg->var_off; in adjust_ptr_min_max_vals()
5621 dst_reg->id = ptr_reg->id; in adjust_ptr_min_max_vals()
5622 dst_reg->off = ptr_reg->off - smin_val; in adjust_ptr_min_max_vals()
5623 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
5632 dst_reg->smin_value = S64_MIN; in adjust_ptr_min_max_vals()
5633 dst_reg->smax_value = S64_MAX; in adjust_ptr_min_max_vals()
5635 dst_reg->smin_value = smin_ptr - smax_val; in adjust_ptr_min_max_vals()
5636 dst_reg->smax_value = smax_ptr - smin_val; in adjust_ptr_min_max_vals()
5640 dst_reg->umin_value = 0; in adjust_ptr_min_max_vals()
5641 dst_reg->umax_value = U64_MAX; in adjust_ptr_min_max_vals()
5644 dst_reg->umin_value = umin_ptr - umax_val; in adjust_ptr_min_max_vals()
5645 dst_reg->umax_value = umax_ptr - umin_val; in adjust_ptr_min_max_vals()
5647 dst_reg->var_off = tnum_sub(ptr_reg->var_off, off_reg->var_off); in adjust_ptr_min_max_vals()
5648 dst_reg->off = ptr_reg->off; in adjust_ptr_min_max_vals()
5649 dst_reg->raw = ptr_reg->raw; in adjust_ptr_min_max_vals()
5651 dst_reg->id = ++env->id_gen; in adjust_ptr_min_max_vals()
5654 dst_reg->raw = 0; in adjust_ptr_min_max_vals()
5671 if (!check_reg_sane_offset(env, dst_reg, ptr_reg->type)) in adjust_ptr_min_max_vals()
5674 __update_reg_bounds(dst_reg); in adjust_ptr_min_max_vals()
5675 __reg_deduce_bounds(dst_reg); in adjust_ptr_min_max_vals()
5676 __reg_bound_offset(dst_reg); in adjust_ptr_min_max_vals()
5682 if (dst_reg->type == PTR_TO_MAP_VALUE && in adjust_ptr_min_max_vals()
5683 check_map_access(env, dst, dst_reg->off, 1, false)) { in adjust_ptr_min_max_vals()
5687 } else if (dst_reg->type == PTR_TO_STACK && in adjust_ptr_min_max_vals()
5688 check_stack_access(env, dst_reg, dst_reg->off + in adjust_ptr_min_max_vals()
5689 dst_reg->var_off.value, 1)) { in adjust_ptr_min_max_vals()
5699 static void scalar32_min_max_add(struct bpf_reg_state *dst_reg, in scalar32_min_max_add() argument
5707 if (signed_add32_overflows(dst_reg->s32_min_value, smin_val) || in scalar32_min_max_add()
5708 signed_add32_overflows(dst_reg->s32_max_value, smax_val)) { in scalar32_min_max_add()
5709 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_add()
5710 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_add()
5712 dst_reg->s32_min_value += smin_val; in scalar32_min_max_add()
5713 dst_reg->s32_max_value += smax_val; in scalar32_min_max_add()
5715 if (dst_reg->u32_min_value + umin_val < umin_val || in scalar32_min_max_add()
5716 dst_reg->u32_max_value + umax_val < umax_val) { in scalar32_min_max_add()
5717 dst_reg->u32_min_value = 0; in scalar32_min_max_add()
5718 dst_reg->u32_max_value = U32_MAX; in scalar32_min_max_add()
5720 dst_reg->u32_min_value += umin_val; in scalar32_min_max_add()
5721 dst_reg->u32_max_value += umax_val; in scalar32_min_max_add()
5725 static void scalar_min_max_add(struct bpf_reg_state *dst_reg, in scalar_min_max_add() argument
5733 if (signed_add_overflows(dst_reg->smin_value, smin_val) || in scalar_min_max_add()
5734 signed_add_overflows(dst_reg->smax_value, smax_val)) { in scalar_min_max_add()
5735 dst_reg->smin_value = S64_MIN; in scalar_min_max_add()
5736 dst_reg->smax_value = S64_MAX; in scalar_min_max_add()
5738 dst_reg->smin_value += smin_val; in scalar_min_max_add()
5739 dst_reg->smax_value += smax_val; in scalar_min_max_add()
5741 if (dst_reg->umin_value + umin_val < umin_val || in scalar_min_max_add()
5742 dst_reg->umax_value + umax_val < umax_val) { in scalar_min_max_add()
5743 dst_reg->umin_value = 0; in scalar_min_max_add()
5744 dst_reg->umax_value = U64_MAX; in scalar_min_max_add()
5746 dst_reg->umin_value += umin_val; in scalar_min_max_add()
5747 dst_reg->umax_value += umax_val; in scalar_min_max_add()
5751 static void scalar32_min_max_sub(struct bpf_reg_state *dst_reg, in scalar32_min_max_sub() argument
5759 if (signed_sub32_overflows(dst_reg->s32_min_value, smax_val) || in scalar32_min_max_sub()
5760 signed_sub32_overflows(dst_reg->s32_max_value, smin_val)) { in scalar32_min_max_sub()
5762 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_sub()
5763 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_sub()
5765 dst_reg->s32_min_value -= smax_val; in scalar32_min_max_sub()
5766 dst_reg->s32_max_value -= smin_val; in scalar32_min_max_sub()
5768 if (dst_reg->u32_min_value < umax_val) { in scalar32_min_max_sub()
5770 dst_reg->u32_min_value = 0; in scalar32_min_max_sub()
5771 dst_reg->u32_max_value = U32_MAX; in scalar32_min_max_sub()
5774 dst_reg->u32_min_value -= umax_val; in scalar32_min_max_sub()
5775 dst_reg->u32_max_value -= umin_val; in scalar32_min_max_sub()
5779 static void scalar_min_max_sub(struct bpf_reg_state *dst_reg, in scalar_min_max_sub() argument
5787 if (signed_sub_overflows(dst_reg->smin_value, smax_val) || in scalar_min_max_sub()
5788 signed_sub_overflows(dst_reg->smax_value, smin_val)) { in scalar_min_max_sub()
5790 dst_reg->smin_value = S64_MIN; in scalar_min_max_sub()
5791 dst_reg->smax_value = S64_MAX; in scalar_min_max_sub()
5793 dst_reg->smin_value -= smax_val; in scalar_min_max_sub()
5794 dst_reg->smax_value -= smin_val; in scalar_min_max_sub()
5796 if (dst_reg->umin_value < umax_val) { in scalar_min_max_sub()
5798 dst_reg->umin_value = 0; in scalar_min_max_sub()
5799 dst_reg->umax_value = U64_MAX; in scalar_min_max_sub()
5802 dst_reg->umin_value -= umax_val; in scalar_min_max_sub()
5803 dst_reg->umax_value -= umin_val; in scalar_min_max_sub()
5807 static void scalar32_min_max_mul(struct bpf_reg_state *dst_reg, in scalar32_min_max_mul() argument
5814 if (smin_val < 0 || dst_reg->s32_min_value < 0) { in scalar32_min_max_mul()
5816 __mark_reg32_unbounded(dst_reg); in scalar32_min_max_mul()
5822 if (umax_val > U16_MAX || dst_reg->u32_max_value > U16_MAX) { in scalar32_min_max_mul()
5824 __mark_reg32_unbounded(dst_reg); in scalar32_min_max_mul()
5827 dst_reg->u32_min_value *= umin_val; in scalar32_min_max_mul()
5828 dst_reg->u32_max_value *= umax_val; in scalar32_min_max_mul()
5829 if (dst_reg->u32_max_value > S32_MAX) { in scalar32_min_max_mul()
5831 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_mul()
5832 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_mul()
5834 dst_reg->s32_min_value = dst_reg->u32_min_value; in scalar32_min_max_mul()
5835 dst_reg->s32_max_value = dst_reg->u32_max_value; in scalar32_min_max_mul()
5839 static void scalar_min_max_mul(struct bpf_reg_state *dst_reg, in scalar_min_max_mul() argument
5846 if (smin_val < 0 || dst_reg->smin_value < 0) { in scalar_min_max_mul()
5848 __mark_reg64_unbounded(dst_reg); in scalar_min_max_mul()
5854 if (umax_val > U32_MAX || dst_reg->umax_value > U32_MAX) { in scalar_min_max_mul()
5856 __mark_reg64_unbounded(dst_reg); in scalar_min_max_mul()
5859 dst_reg->umin_value *= umin_val; in scalar_min_max_mul()
5860 dst_reg->umax_value *= umax_val; in scalar_min_max_mul()
5861 if (dst_reg->umax_value > S64_MAX) { in scalar_min_max_mul()
5863 dst_reg->smin_value = S64_MIN; in scalar_min_max_mul()
5864 dst_reg->smax_value = S64_MAX; in scalar_min_max_mul()
5866 dst_reg->smin_value = dst_reg->umin_value; in scalar_min_max_mul()
5867 dst_reg->smax_value = dst_reg->umax_value; in scalar_min_max_mul()
5871 static void scalar32_min_max_and(struct bpf_reg_state *dst_reg, in scalar32_min_max_and() argument
5875 bool dst_known = tnum_subreg_is_const(dst_reg->var_off); in scalar32_min_max_and()
5876 struct tnum var32_off = tnum_subreg(dst_reg->var_off); in scalar32_min_max_and()
5889 dst_reg->u32_min_value = var32_off.value; in scalar32_min_max_and()
5890 dst_reg->u32_max_value = min(dst_reg->u32_max_value, umax_val); in scalar32_min_max_and()
5891 if (dst_reg->s32_min_value < 0 || smin_val < 0) { in scalar32_min_max_and()
5895 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_and()
5896 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_and()
5901 dst_reg->s32_min_value = dst_reg->u32_min_value; in scalar32_min_max_and()
5902 dst_reg->s32_max_value = dst_reg->u32_max_value; in scalar32_min_max_and()
5907 static void scalar_min_max_and(struct bpf_reg_state *dst_reg, in scalar_min_max_and() argument
5911 bool dst_known = tnum_is_const(dst_reg->var_off); in scalar_min_max_and()
5916 __mark_reg_known(dst_reg, dst_reg->var_off.value); in scalar_min_max_and()
5923 dst_reg->umin_value = dst_reg->var_off.value; in scalar_min_max_and()
5924 dst_reg->umax_value = min(dst_reg->umax_value, umax_val); in scalar_min_max_and()
5925 if (dst_reg->smin_value < 0 || smin_val < 0) { in scalar_min_max_and()
5929 dst_reg->smin_value = S64_MIN; in scalar_min_max_and()
5930 dst_reg->smax_value = S64_MAX; in scalar_min_max_and()
5935 dst_reg->smin_value = dst_reg->umin_value; in scalar_min_max_and()
5936 dst_reg->smax_value = dst_reg->umax_value; in scalar_min_max_and()
5939 __update_reg_bounds(dst_reg); in scalar_min_max_and()
5942 static void scalar32_min_max_or(struct bpf_reg_state *dst_reg, in scalar32_min_max_or() argument
5946 bool dst_known = tnum_subreg_is_const(dst_reg->var_off); in scalar32_min_max_or()
5947 struct tnum var32_off = tnum_subreg(dst_reg->var_off); in scalar32_min_max_or()
5960 dst_reg->u32_min_value = max(dst_reg->u32_min_value, umin_val); in scalar32_min_max_or()
5961 dst_reg->u32_max_value = var32_off.value | var32_off.mask; in scalar32_min_max_or()
5962 if (dst_reg->s32_min_value < 0 || smin_val < 0) { in scalar32_min_max_or()
5966 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_or()
5967 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_or()
5972 dst_reg->s32_min_value = dst_reg->u32_min_value; in scalar32_min_max_or()
5973 dst_reg->s32_max_value = dst_reg->u32_max_value; in scalar32_min_max_or()
5977 static void scalar_min_max_or(struct bpf_reg_state *dst_reg, in scalar_min_max_or() argument
5981 bool dst_known = tnum_is_const(dst_reg->var_off); in scalar_min_max_or()
5986 __mark_reg_known(dst_reg, dst_reg->var_off.value); in scalar_min_max_or()
5993 dst_reg->umin_value = max(dst_reg->umin_value, umin_val); in scalar_min_max_or()
5994 dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; in scalar_min_max_or()
5995 if (dst_reg->smin_value < 0 || smin_val < 0) { in scalar_min_max_or()
5999 dst_reg->smin_value = S64_MIN; in scalar_min_max_or()
6000 dst_reg->smax_value = S64_MAX; in scalar_min_max_or()
6005 dst_reg->smin_value = dst_reg->umin_value; in scalar_min_max_or()
6006 dst_reg->smax_value = dst_reg->umax_value; in scalar_min_max_or()
6009 __update_reg_bounds(dst_reg); in scalar_min_max_or()
6012 static void scalar32_min_max_xor(struct bpf_reg_state *dst_reg, in scalar32_min_max_xor() argument
6016 bool dst_known = tnum_subreg_is_const(dst_reg->var_off); in scalar32_min_max_xor()
6017 struct tnum var32_off = tnum_subreg(dst_reg->var_off); in scalar32_min_max_xor()
6027 dst_reg->u32_min_value = var32_off.value; in scalar32_min_max_xor()
6028 dst_reg->u32_max_value = var32_off.value | var32_off.mask; in scalar32_min_max_xor()
6030 if (dst_reg->s32_min_value >= 0 && smin_val >= 0) { in scalar32_min_max_xor()
6034 dst_reg->s32_min_value = dst_reg->u32_min_value; in scalar32_min_max_xor()
6035 dst_reg->s32_max_value = dst_reg->u32_max_value; in scalar32_min_max_xor()
6037 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_xor()
6038 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_xor()
6042 static void scalar_min_max_xor(struct bpf_reg_state *dst_reg, in scalar_min_max_xor() argument
6046 bool dst_known = tnum_is_const(dst_reg->var_off); in scalar_min_max_xor()
6051 __mark_reg_known(dst_reg, dst_reg->var_off.value); in scalar_min_max_xor()
6056 dst_reg->umin_value = dst_reg->var_off.value; in scalar_min_max_xor()
6057 dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask; in scalar_min_max_xor()
6059 if (dst_reg->smin_value >= 0 && smin_val >= 0) { in scalar_min_max_xor()
6063 dst_reg->smin_value = dst_reg->umin_value; in scalar_min_max_xor()
6064 dst_reg->smax_value = dst_reg->umax_value; in scalar_min_max_xor()
6066 dst_reg->smin_value = S64_MIN; in scalar_min_max_xor()
6067 dst_reg->smax_value = S64_MAX; in scalar_min_max_xor()
6070 __update_reg_bounds(dst_reg); in scalar_min_max_xor()
6073 static void __scalar32_min_max_lsh(struct bpf_reg_state *dst_reg, in __scalar32_min_max_lsh() argument
6079 dst_reg->s32_min_value = S32_MIN; in __scalar32_min_max_lsh()
6080 dst_reg->s32_max_value = S32_MAX; in __scalar32_min_max_lsh()
6082 if (umax_val > 31 || dst_reg->u32_max_value > 1ULL << (31 - umax_val)) { in __scalar32_min_max_lsh()
6083 dst_reg->u32_min_value = 0; in __scalar32_min_max_lsh()
6084 dst_reg->u32_max_value = U32_MAX; in __scalar32_min_max_lsh()
6086 dst_reg->u32_min_value <<= umin_val; in __scalar32_min_max_lsh()
6087 dst_reg->u32_max_value <<= umax_val; in __scalar32_min_max_lsh()
6091 static void scalar32_min_max_lsh(struct bpf_reg_state *dst_reg, in scalar32_min_max_lsh() argument
6097 struct tnum subreg = tnum_subreg(dst_reg->var_off); in scalar32_min_max_lsh()
6099 __scalar32_min_max_lsh(dst_reg, umin_val, umax_val); in scalar32_min_max_lsh()
6100 dst_reg->var_off = tnum_subreg(tnum_lshift(subreg, umin_val)); in scalar32_min_max_lsh()
6105 __mark_reg64_unbounded(dst_reg); in scalar32_min_max_lsh()
6106 __update_reg32_bounds(dst_reg); in scalar32_min_max_lsh()
6109 static void __scalar64_min_max_lsh(struct bpf_reg_state *dst_reg, in __scalar64_min_max_lsh() argument
6119 if (umin_val == 32 && umax_val == 32 && dst_reg->s32_max_value >= 0) in __scalar64_min_max_lsh()
6120 dst_reg->smax_value = (s64)dst_reg->s32_max_value << 32; in __scalar64_min_max_lsh()
6122 dst_reg->smax_value = S64_MAX; in __scalar64_min_max_lsh()
6124 if (umin_val == 32 && umax_val == 32 && dst_reg->s32_min_value >= 0) in __scalar64_min_max_lsh()
6125 dst_reg->smin_value = (s64)dst_reg->s32_min_value << 32; in __scalar64_min_max_lsh()
6127 dst_reg->smin_value = S64_MIN; in __scalar64_min_max_lsh()
6130 if (dst_reg->umax_value > 1ULL << (63 - umax_val)) { in __scalar64_min_max_lsh()
6131 dst_reg->umin_value = 0; in __scalar64_min_max_lsh()
6132 dst_reg->umax_value = U64_MAX; in __scalar64_min_max_lsh()
6134 dst_reg->umin_value <<= umin_val; in __scalar64_min_max_lsh()
6135 dst_reg->umax_value <<= umax_val; in __scalar64_min_max_lsh()
6139 static void scalar_min_max_lsh(struct bpf_reg_state *dst_reg, in scalar_min_max_lsh() argument
6146 __scalar64_min_max_lsh(dst_reg, umin_val, umax_val); in scalar_min_max_lsh()
6147 __scalar32_min_max_lsh(dst_reg, umin_val, umax_val); in scalar_min_max_lsh()
6149 dst_reg->var_off = tnum_lshift(dst_reg->var_off, umin_val); in scalar_min_max_lsh()
6151 __update_reg_bounds(dst_reg); in scalar_min_max_lsh()
6154 static void scalar32_min_max_rsh(struct bpf_reg_state *dst_reg, in scalar32_min_max_rsh() argument
6157 struct tnum subreg = tnum_subreg(dst_reg->var_off); in scalar32_min_max_rsh()
6175 dst_reg->s32_min_value = S32_MIN; in scalar32_min_max_rsh()
6176 dst_reg->s32_max_value = S32_MAX; in scalar32_min_max_rsh()
6178 dst_reg->var_off = tnum_rshift(subreg, umin_val); in scalar32_min_max_rsh()
6179 dst_reg->u32_min_value >>= umax_val; in scalar32_min_max_rsh()
6180 dst_reg->u32_max_value >>= umin_val; in scalar32_min_max_rsh()
6182 __mark_reg64_unbounded(dst_reg); in scalar32_min_max_rsh()
6183 __update_reg32_bounds(dst_reg); in scalar32_min_max_rsh()
6186 static void scalar_min_max_rsh(struct bpf_reg_state *dst_reg, in scalar_min_max_rsh() argument
6206 dst_reg->smin_value = S64_MIN; in scalar_min_max_rsh()
6207 dst_reg->smax_value = S64_MAX; in scalar_min_max_rsh()
6208 dst_reg->var_off = tnum_rshift(dst_reg->var_off, umin_val); in scalar_min_max_rsh()
6209 dst_reg->umin_value >>= umax_val; in scalar_min_max_rsh()
6210 dst_reg->umax_value >>= umin_val; in scalar_min_max_rsh()
6216 __mark_reg32_unbounded(dst_reg); in scalar_min_max_rsh()
6217 __update_reg_bounds(dst_reg); in scalar_min_max_rsh()
6220 static void scalar32_min_max_arsh(struct bpf_reg_state *dst_reg, in scalar32_min_max_arsh() argument
6228 dst_reg->s32_min_value = (u32)(((s32)dst_reg->s32_min_value) >> umin_val); in scalar32_min_max_arsh()
6229 dst_reg->s32_max_value = (u32)(((s32)dst_reg->s32_max_value) >> umin_val); in scalar32_min_max_arsh()
6231 dst_reg->var_off = tnum_arshift(tnum_subreg(dst_reg->var_off), umin_val, 32); in scalar32_min_max_arsh()
6236 dst_reg->u32_min_value = 0; in scalar32_min_max_arsh()
6237 dst_reg->u32_max_value = U32_MAX; in scalar32_min_max_arsh()
6239 __mark_reg64_unbounded(dst_reg); in scalar32_min_max_arsh()
6240 __update_reg32_bounds(dst_reg); in scalar32_min_max_arsh()
6243 static void scalar_min_max_arsh(struct bpf_reg_state *dst_reg, in scalar_min_max_arsh() argument
6251 dst_reg->smin_value >>= umin_val; in scalar_min_max_arsh()
6252 dst_reg->smax_value >>= umin_val; in scalar_min_max_arsh()
6254 dst_reg->var_off = tnum_arshift(dst_reg->var_off, umin_val, 64); in scalar_min_max_arsh()
6259 dst_reg->umin_value = 0; in scalar_min_max_arsh()
6260 dst_reg->umax_value = U64_MAX; in scalar_min_max_arsh()
6266 __mark_reg32_unbounded(dst_reg); in scalar_min_max_arsh()
6267 __update_reg_bounds(dst_reg); in scalar_min_max_arsh()
6276 struct bpf_reg_state *dst_reg, in adjust_scalar_min_max_vals() argument
6287 u32 dst = insn->dst_reg; in adjust_scalar_min_max_vals()
6309 __mark_reg_unknown(env, dst_reg); in adjust_scalar_min_max_vals()
6320 __mark_reg_unknown(env, dst_reg); in adjust_scalar_min_max_vals()
6327 __mark_reg_unknown(env, dst_reg); in adjust_scalar_min_max_vals()
6352 scalar32_min_max_add(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6353 scalar_min_max_add(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6354 dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
6362 scalar32_min_max_sub(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6363 scalar_min_max_sub(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6364 dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
6367 dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
6368 scalar32_min_max_mul(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6369 scalar_min_max_mul(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6372 dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
6373 scalar32_min_max_and(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6374 scalar_min_max_and(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6377 dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
6378 scalar32_min_max_or(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6379 scalar_min_max_or(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6382 dst_reg->var_off = tnum_xor(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
6383 scalar32_min_max_xor(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6384 scalar_min_max_xor(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6391 mark_reg_unknown(env, regs, insn->dst_reg); in adjust_scalar_min_max_vals()
6395 scalar32_min_max_lsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6397 scalar_min_max_lsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6404 mark_reg_unknown(env, regs, insn->dst_reg); in adjust_scalar_min_max_vals()
6408 scalar32_min_max_rsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6410 scalar_min_max_rsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6417 mark_reg_unknown(env, regs, insn->dst_reg); in adjust_scalar_min_max_vals()
6421 scalar32_min_max_arsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6423 scalar_min_max_arsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
6426 mark_reg_unknown(env, regs, insn->dst_reg); in adjust_scalar_min_max_vals()
6432 zext_32_to_64(dst_reg); in adjust_scalar_min_max_vals()
6434 __update_reg_bounds(dst_reg); in adjust_scalar_min_max_vals()
6435 __reg_deduce_bounds(dst_reg); in adjust_scalar_min_max_vals()
6436 __reg_bound_offset(dst_reg); in adjust_scalar_min_max_vals()
6448 struct bpf_reg_state *regs = state->regs, *dst_reg, *src_reg; in adjust_reg_min_max_vals() local
6453 dst_reg = ®s[insn->dst_reg]; in adjust_reg_min_max_vals()
6455 if (dst_reg->type != SCALAR_VALUE) in adjust_reg_min_max_vals()
6456 ptr_reg = dst_reg; in adjust_reg_min_max_vals()
6461 dst_reg->id = 0; in adjust_reg_min_max_vals()
6465 if (dst_reg->type != SCALAR_VALUE) { in adjust_reg_min_max_vals()
6471 mark_reg_unknown(env, regs, insn->dst_reg); in adjust_reg_min_max_vals()
6475 insn->dst_reg, in adjust_reg_min_max_vals()
6483 err = mark_chain_precision(env, insn->dst_reg); in adjust_reg_min_max_vals()
6487 src_reg, dst_reg); in adjust_reg_min_max_vals()
6495 dst_reg, src_reg); in adjust_reg_min_max_vals()
6520 return adjust_scalar_min_max_vals(env, insn, dst_reg, *src_reg); in adjust_reg_min_max_vals()
6548 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_alu_op()
6552 if (is_pointer_value(env, insn->dst_reg)) { in check_alu_op()
6554 insn->dst_reg); in check_alu_op()
6559 err = check_reg_arg(env, insn->dst_reg, DST_OP); in check_alu_op()
6583 err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); in check_alu_op()
6589 struct bpf_reg_state *dst_reg = regs + insn->dst_reg; in check_alu_op() local
6601 *dst_reg = *src_reg; in check_alu_op()
6602 dst_reg->live |= REG_LIVE_WRITTEN; in check_alu_op()
6603 dst_reg->subreg_def = DEF_NOT_SUBREG; in check_alu_op()
6612 *dst_reg = *src_reg; in check_alu_op()
6617 dst_reg->id = 0; in check_alu_op()
6618 dst_reg->live |= REG_LIVE_WRITTEN; in check_alu_op()
6619 dst_reg->subreg_def = env->insn_idx + 1; in check_alu_op()
6622 insn->dst_reg); in check_alu_op()
6624 zext_32_to_64(dst_reg); in check_alu_op()
6631 mark_reg_unknown(env, regs, insn->dst_reg); in check_alu_op()
6632 regs[insn->dst_reg].type = SCALAR_VALUE; in check_alu_op()
6634 __mark_reg_known(regs + insn->dst_reg, in check_alu_op()
6637 __mark_reg_known(regs + insn->dst_reg, in check_alu_op()
6665 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_alu_op()
6686 err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); in check_alu_op()
6697 struct bpf_reg_state *dst_reg, in __find_good_pkt_pointers() argument
6705 if (reg->type == type && reg->id == dst_reg->id) in __find_good_pkt_pointers()
6713 if (reg->type == type && reg->id == dst_reg->id) in __find_good_pkt_pointers()
6719 struct bpf_reg_state *dst_reg, in find_good_pkt_pointers() argument
6726 if (dst_reg->off < 0 || in find_good_pkt_pointers()
6727 (dst_reg->off == 0 && range_right_open)) in find_good_pkt_pointers()
6731 if (dst_reg->umax_value > MAX_PACKET_OFF || in find_good_pkt_pointers()
6732 dst_reg->umax_value + dst_reg->off > MAX_PACKET_OFF) in find_good_pkt_pointers()
6738 new_range = dst_reg->off; in find_good_pkt_pointers()
6790 __find_good_pkt_pointers(vstate->frame[i], dst_reg, type, in find_good_pkt_pointers()
7164 struct bpf_reg_state *dst_reg) in __reg_combine_min_max() argument
7166 src_reg->umin_value = dst_reg->umin_value = max(src_reg->umin_value, in __reg_combine_min_max()
7167 dst_reg->umin_value); in __reg_combine_min_max()
7168 src_reg->umax_value = dst_reg->umax_value = min(src_reg->umax_value, in __reg_combine_min_max()
7169 dst_reg->umax_value); in __reg_combine_min_max()
7170 src_reg->smin_value = dst_reg->smin_value = max(src_reg->smin_value, in __reg_combine_min_max()
7171 dst_reg->smin_value); in __reg_combine_min_max()
7172 src_reg->smax_value = dst_reg->smax_value = min(src_reg->smax_value, in __reg_combine_min_max()
7173 dst_reg->smax_value); in __reg_combine_min_max()
7174 src_reg->var_off = dst_reg->var_off = tnum_intersect(src_reg->var_off, in __reg_combine_min_max()
7175 dst_reg->var_off); in __reg_combine_min_max()
7178 __update_reg_bounds(dst_reg); in __reg_combine_min_max()
7181 __reg_deduce_bounds(dst_reg); in __reg_combine_min_max()
7184 __reg_bound_offset(dst_reg); in __reg_combine_min_max()
7190 __update_reg_bounds(dst_reg); in __reg_combine_min_max()
7315 struct bpf_reg_state *dst_reg, in try_match_pkt_pointers() argument
7329 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
7331 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
7334 find_good_pkt_pointers(this_branch, dst_reg, in try_match_pkt_pointers()
7335 dst_reg->type, false); in try_match_pkt_pointers()
7336 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
7338 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
7348 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
7350 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
7353 find_good_pkt_pointers(other_branch, dst_reg, in try_match_pkt_pointers()
7354 dst_reg->type, true); in try_match_pkt_pointers()
7355 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
7357 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
7367 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
7369 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
7372 find_good_pkt_pointers(this_branch, dst_reg, in try_match_pkt_pointers()
7373 dst_reg->type, true); in try_match_pkt_pointers()
7374 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
7376 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
7386 if ((dst_reg->type == PTR_TO_PACKET && in try_match_pkt_pointers()
7388 (dst_reg->type == PTR_TO_PACKET_META && in try_match_pkt_pointers()
7391 find_good_pkt_pointers(other_branch, dst_reg, in try_match_pkt_pointers()
7392 dst_reg->type, false); in try_match_pkt_pointers()
7393 } else if ((dst_reg->type == PTR_TO_PACKET_END && in try_match_pkt_pointers()
7395 (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) && in try_match_pkt_pointers()
7441 struct bpf_reg_state *dst_reg, *other_branch_regs, *src_reg = NULL; in check_cond_jmp_op() local
7478 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in check_cond_jmp_op()
7482 dst_reg = ®s[insn->dst_reg]; in check_cond_jmp_op()
7486 pred = is_branch_taken(dst_reg, insn->imm, opcode, is_jmp32); in check_cond_jmp_op()
7489 pred = is_branch_taken(dst_reg, in check_cond_jmp_op()
7495 pred = is_branch_taken(dst_reg, in check_cond_jmp_op()
7505 if (!__is_pointer_value(false, dst_reg)) in check_cond_jmp_op()
7506 err = mark_chain_precision(env, insn->dst_reg); in check_cond_jmp_op()
7539 if (dst_reg->type == SCALAR_VALUE && in check_cond_jmp_op()
7544 reg_set_min_max(&other_branch_regs[insn->dst_reg], in check_cond_jmp_op()
7545 dst_reg, in check_cond_jmp_op()
7549 else if (tnum_is_const(dst_reg->var_off) || in check_cond_jmp_op()
7551 tnum_is_const(tnum_subreg(dst_reg->var_off)))) in check_cond_jmp_op()
7554 dst_reg->var_off.value, in check_cond_jmp_op()
7555 tnum_subreg(dst_reg->var_off).value, in check_cond_jmp_op()
7561 &other_branch_regs[insn->dst_reg], in check_cond_jmp_op()
7562 src_reg, dst_reg, opcode); in check_cond_jmp_op()
7570 } else if (dst_reg->type == SCALAR_VALUE) { in check_cond_jmp_op()
7571 reg_set_min_max(&other_branch_regs[insn->dst_reg], in check_cond_jmp_op()
7572 dst_reg, insn->imm, (u32)insn->imm, in check_cond_jmp_op()
7576 if (dst_reg->type == SCALAR_VALUE && dst_reg->id && in check_cond_jmp_op()
7577 !WARN_ON_ONCE(dst_reg->id != other_branch_regs[insn->dst_reg].id)) { in check_cond_jmp_op()
7578 find_equal_scalars(this_branch, dst_reg); in check_cond_jmp_op()
7579 find_equal_scalars(other_branch, &other_branch_regs[insn->dst_reg]); in check_cond_jmp_op()
7588 reg_type_may_be_null(dst_reg->type)) { in check_cond_jmp_op()
7592 mark_ptr_or_null_regs(this_branch, insn->dst_reg, in check_cond_jmp_op()
7594 mark_ptr_or_null_regs(other_branch, insn->dst_reg, in check_cond_jmp_op()
7596 } else if (!try_match_pkt_pointers(insn, dst_reg, ®s[insn->src_reg], in check_cond_jmp_op()
7598 is_pointer_value(env, insn->dst_reg)) { in check_cond_jmp_op()
7600 insn->dst_reg); in check_cond_jmp_op()
7613 struct bpf_reg_state *dst_reg; in check_ld_imm() local
7626 err = check_reg_arg(env, insn->dst_reg, DST_OP); in check_ld_imm()
7630 dst_reg = ®s[insn->dst_reg]; in check_ld_imm()
7634 dst_reg->type = SCALAR_VALUE; in check_ld_imm()
7635 __mark_reg_known(®s[insn->dst_reg], imm); in check_ld_imm()
7640 mark_reg_known_zero(env, regs, insn->dst_reg); in check_ld_imm()
7642 dst_reg->type = aux->btf_var.reg_type; in check_ld_imm()
7643 switch (dst_reg->type) { in check_ld_imm()
7645 dst_reg->mem_size = aux->btf_var.mem_size; in check_ld_imm()
7649 dst_reg->btf_id = aux->btf_var.btf_id; in check_ld_imm()
7659 mark_reg_known_zero(env, regs, insn->dst_reg); in check_ld_imm()
7660 dst_reg->map_ptr = map; in check_ld_imm()
7663 dst_reg->type = PTR_TO_MAP_VALUE; in check_ld_imm()
7664 dst_reg->off = aux->map_off; in check_ld_imm()
7666 dst_reg->id = ++env->id_gen; in check_ld_imm()
7668 dst_reg->type = CONST_PTR_TO_MAP; in check_ld_imm()
7721 if (insn->dst_reg != BPF_REG_0 || insn->off != 0 || in check_ld_abs()
9363 err = check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); in do_check()
9374 BPF_READ, insn->dst_reg, false); in do_check()
9415 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in do_check()
9419 dst_reg_type = regs[insn->dst_reg].type; in do_check()
9422 err = check_mem_access(env, env->insn_idx, insn->dst_reg, in do_check()
9444 err = check_reg_arg(env, insn->dst_reg, SRC_OP); in do_check()
9448 if (is_ctx_reg(env, insn->dst_reg)) { in do_check()
9450 insn->dst_reg, in do_check()
9451 reg_type_str[reg_state(env, insn->dst_reg)->type]); in do_check()
9456 err = check_mem_access(env, env->insn_idx, insn->dst_reg, in do_check()
9471 insn->dst_reg != BPF_REG_0 || in do_check()
9494 insn->dst_reg != BPF_REG_0 || in do_check()
9507 insn->dst_reg != BPF_REG_0 || in do_check()
9816 insn[1].dst_reg != 0 || insn[1].src_reg != 0 || in resolve_pseudo_ldimm64()
10341 if (is_reg64(env, &insn, insn.dst_reg, NULL, DST_OP)) { in opt_subreg_zext_lo32_rnd_hi32()
10356 rnd_hi32_patch[3].dst_reg = insn.dst_reg; in opt_subreg_zext_lo32_rnd_hi32()
10366 zext_patch[1].dst_reg = insn.dst_reg; in opt_subreg_zext_lo32_rnd_hi32()
10367 zext_patch[1].src_reg = insn.dst_reg; in opt_subreg_zext_lo32_rnd_hi32()
10542 insn->dst_reg, in convert_ctx_accesses()
10544 insn_buf[cnt++] = BPF_ALU32_IMM(BPF_AND, insn->dst_reg, in convert_ctx_accesses()
10549 insn->dst_reg, in convert_ctx_accesses()
10551 insn_buf[cnt++] = BPF_ALU64_IMM(BPF_AND, insn->dst_reg, in convert_ctx_accesses()
10867 BPF_ALU32_REG(BPF_XOR, insn->dst_reg, insn->dst_reg), in fixup_bpf_calls()
10935 off_reg = issrc ? insn->src_reg : insn->dst_reg; in fixup_bpf_calls()