Lines Matching defs:src_reg
249 insn->src_reg == 0;
255 insn->src_reg == BPF_PSEUDO_CALL;
261 insn->src_reg == BPF_PSEUDO_KFUNC_CALL;
3064 insn[i].src_reg == 0 &&
3223 if (insn->src_reg == BPF_PSEUDO_CALL)
3303 return insn->src_reg;
3462 if (insn->src_reg != BPF_PSEUDO_KFUNC_CALL)
3652 u32 sreg = insn->src_reg;
3714 if (insn->src_reg != BPF_REG_FP)
3831 if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL && insn->imm == 0)
6928 err = check_reg_arg(env, insn->src_reg, SRC_OP);
6951 if (is_pointer_value(env, insn->src_reg)) {
6952 verbose(env, "R%d leaks addr into mem\n", insn->src_reg);
6970 load_reg = insn->src_reg;
9270 insn->src_reg == 0 &&
12222 mark_reg_unknown(env, regs, insn->src_reg);
12344 u32 dst = insn->dst_reg, src = insn->src_reg;
12678 struct bpf_reg_state *src_reg)
12680 s32 smin_val = src_reg->s32_min_value;
12681 s32 smax_val = src_reg->s32_max_value;
12682 u32 umin_val = src_reg->u32_min_value;
12683 u32 umax_val = src_reg->u32_max_value;
12704 struct bpf_reg_state *src_reg)
12706 s64 smin_val = src_reg->smin_value;
12707 s64 smax_val = src_reg->smax_value;
12708 u64 umin_val = src_reg->umin_value;
12709 u64 umax_val = src_reg->umax_value;
12730 struct bpf_reg_state *src_reg)
12732 s32 smin_val = src_reg->s32_min_value;
12733 s32 smax_val = src_reg->s32_max_value;
12734 u32 umin_val = src_reg->u32_min_value;
12735 u32 umax_val = src_reg->u32_max_value;
12758 struct bpf_reg_state *src_reg)
12760 s64 smin_val = src_reg->smin_value;
12761 s64 smax_val = src_reg->smax_value;
12762 u64 umin_val = src_reg->umin_value;
12763 u64 umax_val = src_reg->umax_value;
12786 struct bpf_reg_state *src_reg)
12788 s32 smin_val = src_reg->s32_min_value;
12789 u32 umin_val = src_reg->u32_min_value;
12790 u32 umax_val = src_reg->u32_max_value;
12818 struct bpf_reg_state *src_reg)
12820 s64 smin_val = src_reg->smin_value;
12821 u64 umin_val = src_reg->umin_value;
12822 u64 umax_val = src_reg->umax_value;
12850 struct bpf_reg_state *src_reg)
12852 bool src_known = tnum_subreg_is_const(src_reg->var_off);
12855 s32 smin_val = src_reg->s32_min_value;
12856 u32 umax_val = src_reg->u32_max_value;
12884 struct bpf_reg_state *src_reg)
12886 bool src_known = tnum_is_const(src_reg->var_off);
12888 s64 smin_val = src_reg->smin_value;
12889 u64 umax_val = src_reg->umax_value;
12919 struct bpf_reg_state *src_reg)
12921 bool src_known = tnum_subreg_is_const(src_reg->var_off);
12924 s32 smin_val = src_reg->s32_min_value;
12925 u32 umin_val = src_reg->u32_min_value;
12953 struct bpf_reg_state *src_reg)
12955 bool src_known = tnum_is_const(src_reg->var_off);
12957 s64 smin_val = src_reg->smin_value;
12958 u64 umin_val = src_reg->umin_value;
12988 struct bpf_reg_state *src_reg)
12990 bool src_known = tnum_subreg_is_const(src_reg->var_off);
12993 s32 smin_val = src_reg->s32_min_value;
13017 struct bpf_reg_state *src_reg)
13019 bool src_known = tnum_is_const(src_reg->var_off);
13021 s64 smin_val = src_reg->smin_value;
13066 struct bpf_reg_state *src_reg)
13068 u32 umax_val = src_reg->u32_max_value;
13069 u32 umin_val = src_reg->u32_min_value;
13114 struct bpf_reg_state *src_reg)
13116 u64 umax_val = src_reg->umax_value;
13117 u64 umin_val = src_reg->umin_value;
13129 struct bpf_reg_state *src_reg)
13132 u32 umax_val = src_reg->u32_max_value;
13133 u32 umin_val = src_reg->u32_min_value;
13137 * 1) src_reg might be zero, so the sign bit of the result is
13161 struct bpf_reg_state *src_reg)
13163 u64 umax_val = src_reg->umax_value;
13164 u64 umin_val = src_reg->umin_value;
13168 * 1) src_reg might be zero, so the sign bit of the result is
13195 struct bpf_reg_state *src_reg)
13197 u64 umin_val = src_reg->u32_min_value;
13218 struct bpf_reg_state *src_reg)
13220 u64 umin_val = src_reg->umin_value;
13251 struct bpf_reg_state src_reg)
13264 smin_val = src_reg.smin_value;
13265 smax_val = src_reg.smax_value;
13266 umin_val = src_reg.umin_value;
13267 umax_val = src_reg.umax_value;
13269 s32_min_val = src_reg.s32_min_value;
13270 s32_max_val = src_reg.s32_max_value;
13271 u32_min_val = src_reg.u32_min_value;
13272 u32_max_val = src_reg.u32_max_value;
13275 src_known = tnum_subreg_is_const(src_reg.var_off);
13286 src_known = tnum_is_const(src_reg.var_off);
13326 scalar32_min_max_add(dst_reg, &src_reg);
13327 scalar_min_max_add(dst_reg, &src_reg);
13328 dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off);
13331 scalar32_min_max_sub(dst_reg, &src_reg);
13332 scalar_min_max_sub(dst_reg, &src_reg);
13333 dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off);
13336 dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off);
13337 scalar32_min_max_mul(dst_reg, &src_reg);
13338 scalar_min_max_mul(dst_reg, &src_reg);
13341 dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off);
13342 scalar32_min_max_and(dst_reg, &src_reg);
13343 scalar_min_max_and(dst_reg, &src_reg);
13346 dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off);
13347 scalar32_min_max_or(dst_reg, &src_reg);
13348 scalar_min_max_or(dst_reg, &src_reg);
13351 dst_reg->var_off = tnum_xor(dst_reg->var_off, src_reg.var_off);
13352 scalar32_min_max_xor(dst_reg, &src_reg);
13353 scalar_min_max_xor(dst_reg, &src_reg);
13364 scalar32_min_max_lsh(dst_reg, &src_reg);
13366 scalar_min_max_lsh(dst_reg, &src_reg);
13377 scalar32_min_max_rsh(dst_reg, &src_reg);
13379 scalar_min_max_rsh(dst_reg, &src_reg);
13390 scalar32_min_max_arsh(dst_reg, &src_reg);
13392 scalar_min_max_arsh(dst_reg, &src_reg);
13414 struct bpf_reg_state *regs = state->regs, *dst_reg, *src_reg;
13420 src_reg = NULL;
13429 src_reg = ®s[insn->src_reg];
13430 if (src_reg->type != SCALAR_VALUE) {
13453 src_reg, dst_reg);
13457 err = mark_chain_precision(env, insn->src_reg);
13461 dst_reg, src_reg);
13463 /* if dst_reg is precise, src_reg should be precise as well */
13464 err = mark_chain_precision(env, insn->src_reg);
13474 src_reg = &off_reg;
13477 ptr_reg, src_reg);
13486 if (WARN_ON(!src_reg)) {
13488 verbose(env, "verifier internal error: no src_reg\n");
13491 return adjust_scalar_min_max_vals(env, insn, dst_reg, *src_reg);
13504 insn->src_reg != BPF_REG_0 ||
13510 if (insn->src_reg != BPF_REG_0 || insn->off != 0 ||
13557 err = check_reg_arg(env, insn->src_reg, SRC_OP);
13561 if (insn->src_reg != BPF_REG_0 || insn->off != 0) {
13573 struct bpf_reg_state *src_reg = regs + insn->src_reg;
13575 bool need_id = src_reg->type == SCALAR_VALUE && !src_reg->id &&
13576 !tnum_is_const(src_reg->var_off);
13588 src_reg->id = ++env->id_gen;
13589 copy_register_state(dst_reg, src_reg);
13594 if (is_pointer_value(env, insn->src_reg)) {
13597 insn->src_reg);
13599 } else if (src_reg->type == SCALAR_VALUE) {
13602 no_sext = src_reg->umax_value < (1ULL << (insn->off - 1));
13604 src_reg->id = ++env->id_gen;
13605 copy_register_state(dst_reg, src_reg);
13617 if (is_pointer_value(env, insn->src_reg)) {
13620 insn->src_reg);
13622 } else if (src_reg->type == SCALAR_VALUE) {
13624 bool is_src_reg_u32 = src_reg->umax_value <= U32_MAX;
13627 src_reg->id = ++env->id_gen;
13628 copy_register_state(dst_reg, src_reg);
13629 /* Make sure ID is cleared if src_reg is not in u32
13631 * propagated into src_reg by find_equal_scalars()
13639 bool no_sext = src_reg->umax_value < (1ULL << (insn->off - 1));
13642 src_reg->id = ++env->id_gen;
13643 copy_register_state(dst_reg, src_reg);
13686 err = check_reg_arg(env, insn->src_reg, SRC_OP);
13690 if (insn->src_reg != BPF_REG_0 || insn->off > 1 ||
13769 * r2 == dst_reg, pkt_end == src_reg
13786 * pkt_end == dst_reg, r2 == src_reg
14019 struct bpf_reg_state *src_reg,
14024 if (src_reg->type == PTR_TO_PACKET_END) {
14027 pkt = src_reg;
14059 * variable register that we are working on, and src_reg is a constant or we're
14076 * variable offset from the compare (unless src_reg were a pointer into
14220 /* Same as above, but for the case that dst_reg holds a constant and src_reg is
14237 static void __reg_combine_min_max(struct bpf_reg_state *src_reg,
14240 src_reg->umin_value = dst_reg->umin_value = max(src_reg->umin_value,
14242 src_reg->umax_value = dst_reg->umax_value = min(src_reg->umax_value,
14244 src_reg->smin_value = dst_reg->smin_value = max(src_reg->smin_value,
14246 src_reg->smax_value = dst_reg->smax_value = min(src_reg->smax_value,
14248 src_reg->var_off = dst_reg->var_off = tnum_intersect(src_reg->var_off,
14250 reg_bounds_sync(src_reg);
14342 struct bpf_reg_state *src_reg,
14356 src_reg->type == PTR_TO_PACKET_END) ||
14358 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {
14364 src_reg->type == PTR_TO_PACKET) ||
14366 src_reg->type == PTR_TO_PACKET_META)) {
14368 find_good_pkt_pointers(other_branch, src_reg,
14369 src_reg->type, true);
14370 mark_pkt_end(this_branch, insn->src_reg, false);
14377 src_reg->type == PTR_TO_PACKET_END) ||
14379 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {
14385 src_reg->type == PTR_TO_PACKET) ||
14387 src_reg->type == PTR_TO_PACKET_META)) {
14389 find_good_pkt_pointers(this_branch, src_reg,
14390 src_reg->type, false);
14391 mark_pkt_end(other_branch, insn->src_reg, true);
14398 src_reg->type == PTR_TO_PACKET_END) ||
14400 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {
14406 src_reg->type == PTR_TO_PACKET) ||
14408 src_reg->type == PTR_TO_PACKET_META)) {
14410 find_good_pkt_pointers(other_branch, src_reg,
14411 src_reg->type, false);
14412 mark_pkt_end(this_branch, insn->src_reg, true);
14419 src_reg->type == PTR_TO_PACKET_END) ||
14421 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {
14427 src_reg->type == PTR_TO_PACKET) ||
14429 src_reg->type == PTR_TO_PACKET_META)) {
14431 find_good_pkt_pointers(this_branch, src_reg,
14432 src_reg->type, true);
14433 mark_pkt_end(other_branch, insn->src_reg, false);
14463 struct bpf_reg_state *dst_reg, *other_branch_regs, *src_reg = NULL;
14489 err = check_reg_arg(env, insn->src_reg, SRC_OP);
14493 src_reg = ®s[insn->src_reg];
14494 if (!(reg_is_pkt_pointer_any(dst_reg) && reg_is_pkt_pointer_any(src_reg)) &&
14495 is_pointer_value(env, insn->src_reg)) {
14497 insn->src_reg);
14501 if (insn->src_reg != BPF_REG_0) {
14511 } else if (src_reg->type == SCALAR_VALUE &&
14512 is_jmp32 && tnum_is_const(tnum_subreg(src_reg->var_off))) {
14514 tnum_subreg(src_reg->var_off).value,
14517 } else if (src_reg->type == SCALAR_VALUE &&
14518 !is_jmp32 && tnum_is_const(src_reg->var_off)) {
14520 src_reg->var_off.value,
14525 pred = is_branch_taken(src_reg,
14531 pred = is_branch_taken(src_reg,
14536 reg_is_pkt_pointer_any(src_reg) &&
14538 pred = is_pkt_ptr_branch_taken(dst_reg, src_reg, opcode);
14548 !__is_pointer_value(false, src_reg))
14549 err = mark_chain_precision(env, insn->src_reg);
14596 struct bpf_reg_state *src_reg = ®s[insn->src_reg];
14599 src_reg->type == SCALAR_VALUE) {
14600 if (tnum_is_const(src_reg->var_off) ||
14602 tnum_is_const(tnum_subreg(src_reg->var_off))))
14605 src_reg->var_off.value,
14606 tnum_subreg(src_reg->var_off).value,
14611 reg_set_min_max_inv(&other_branch_regs[insn->src_reg],
14612 src_reg,
14619 reg_combine_min_max(&other_branch_regs[insn->src_reg],
14621 src_reg, dst_reg, opcode);
14622 if (src_reg->id &&
14623 !WARN_ON_ONCE(src_reg->id != other_branch_regs[insn->src_reg].id)) {
14624 find_equal_scalars(this_branch, src_reg);
14625 find_equal_scalars(other_branch, &other_branch_regs[insn->src_reg]);
14654 __is_pointer_value(false, src_reg) && __is_pointer_value(false, dst_reg) &&
14655 type_may_be_null(src_reg->type) != type_may_be_null(dst_reg->type) &&
14656 base_type(src_reg->type) != PTR_TO_BTF_ID &&
14671 if (type_may_be_null(src_reg->type))
14672 mark_ptr_not_null_reg(&eq_branch_regs[insn->src_reg]);
14692 } else if (!try_match_pkt_pointers(insn, dst_reg, ®s[insn->src_reg],
14727 if (insn->src_reg == 0) {
14735 /* All special src_reg cases are listed below. From this point onwards
14741 if (insn->src_reg == BPF_PSEUDO_BTF_ID) {
14758 if (insn->src_reg == BPF_PSEUDO_FUNC) {
14780 if (insn->src_reg == BPF_PSEUDO_MAP_VALUE ||
14781 insn->src_reg == BPF_PSEUDO_MAP_IDX_VALUE) {
14786 } else if (insn->src_reg == BPF_PSEUDO_MAP_FD ||
14787 insn->src_reg == BPF_PSEUDO_MAP_IDX) {
14843 (mode == BPF_ABS && insn->src_reg != BPF_REG_0)) {
14881 err = check_reg_arg(env, insn->src_reg, SRC_OP);
15246 if (insn->src_reg == 0 && insn->imm == BPF_FUNC_timer_set_callback)
15268 if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) {
15288 return visit_func_call_insn(t, insns, env, insn->src_reg == BPF_PSEUDO_CALL);
16928 * dst_reg = *(u32 *)(src_reg + off)
16934 * dst_reg = *(u32*) (src_reg + off)
16936 * src_reg == ctx in one branch and
16937 * src_reg == stack|map in some other branch.
17073 err = check_reg_arg(env, insn->src_reg, SRC_OP);
17081 src_reg_type = regs[insn->src_reg].type;
17083 /* check that memory (src_reg + off) is readable,
17086 err = check_mem_access(env, env->insn_idx, insn->src_reg,
17113 err = check_reg_arg(env, insn->src_reg, SRC_OP);
17126 BPF_WRITE, insn->src_reg, false, false);
17137 insn->src_reg != BPF_REG_0) {
17164 (insn->src_reg != BPF_PSEUDO_KFUNC_CALL
17166 (insn->src_reg != BPF_REG_0 &&
17167 insn->src_reg != BPF_PSEUDO_CALL &&
17168 insn->src_reg != BPF_PSEUDO_KFUNC_CALL) ||
17176 if ((insn->src_reg == BPF_REG_0 && insn->imm != BPF_FUNC_spin_unlock) ||
17177 (insn->src_reg == BPF_PSEUDO_CALL) ||
17178 (insn->src_reg == BPF_PSEUDO_KFUNC_CALL &&
17184 if (insn->src_reg == BPF_PSEUDO_CALL)
17186 else if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL)
17196 insn->src_reg != BPF_REG_0 ||
17213 insn->src_reg != BPF_REG_0 ||
17592 insn[1].dst_reg != 0 || insn[1].src_reg != 0 ||
17598 if (insn[0].src_reg == 0)
17602 if (insn[0].src_reg == BPF_PSEUDO_BTF_ID) {
17610 if (insn[0].src_reg == BPF_PSEUDO_FUNC) {
17619 switch (insn[0].src_reg) {
17633 switch (insn[0].src_reg) {
17665 if (insn[0].src_reg == BPF_PSEUDO_MAP_FD ||
17666 insn[0].src_reg == BPF_PSEUDO_MAP_IDX) {
17774 if (insn->src_reg == BPF_PSEUDO_FUNC)
17776 insn->src_reg = 0;
18214 zext_patch[1].src_reg = load_reg;
18881 BPF_JNE | BPF_K, insn->src_reg,
18890 BPF_JEQ | BPF_K, insn->src_reg,
18950 off_reg = issrc ? insn->src_reg : insn->dst_reg;
18964 *patch++ = BPF_MOV64_REG(insn->dst_reg, insn->src_reg);
18965 insn->src_reg = BPF_REG_AX;
18986 if (insn->src_reg == BPF_PSEUDO_CALL)
18988 if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) {
19459 insn->src_reg == 0 &&