Lines Matching refs:src_reg
234 insn->src_reg == BPF_PSEUDO_CALL; in bpf_pseudo_call()
240 insn->src_reg == BPF_PSEUDO_KFUNC_CALL; in bpf_pseudo_kfunc_call()
2000 insn[i].src_reg != BPF_PSEUDO_CALL) in check_subprogs()
2109 if (insn->src_reg == BPF_PSEUDO_CALL) in is_reg64()
2187 return insn->src_reg; in insn_def_regno()
2305 if (insn->src_reg != BPF_PSEUDO_KFUNC_CALL) in disasm_kfunc_name()
2333 u32 sreg = 1u << insn->src_reg; in backtrack_insn()
2386 if (insn->src_reg != BPF_REG_FP) in backtrack_insn()
2423 if (insn->src_reg == BPF_PSEUDO_CALL) in backtrack_insn()
4545 err = check_reg_arg(env, insn->src_reg, SRC_OP); in check_atomic()
4568 if (is_pointer_value(env, insn->src_reg)) { in check_atomic()
4569 verbose(env, "R%d leaks addr into mem\n", insn->src_reg); in check_atomic()
4587 load_reg = insn->src_reg; in check_atomic()
6953 mark_reg_unknown(env, regs, insn->src_reg); in sanitize_speculative_path()
7075 u32 dst = insn->dst_reg, src = insn->src_reg; in sanitize_err()
7410 struct bpf_reg_state *src_reg) in scalar32_min_max_add() argument
7412 s32 smin_val = src_reg->s32_min_value; in scalar32_min_max_add()
7413 s32 smax_val = src_reg->s32_max_value; in scalar32_min_max_add()
7414 u32 umin_val = src_reg->u32_min_value; in scalar32_min_max_add()
7415 u32 umax_val = src_reg->u32_max_value; in scalar32_min_max_add()
7436 struct bpf_reg_state *src_reg) in scalar_min_max_add() argument
7438 s64 smin_val = src_reg->smin_value; in scalar_min_max_add()
7439 s64 smax_val = src_reg->smax_value; in scalar_min_max_add()
7440 u64 umin_val = src_reg->umin_value; in scalar_min_max_add()
7441 u64 umax_val = src_reg->umax_value; in scalar_min_max_add()
7462 struct bpf_reg_state *src_reg) in scalar32_min_max_sub() argument
7464 s32 smin_val = src_reg->s32_min_value; in scalar32_min_max_sub()
7465 s32 smax_val = src_reg->s32_max_value; in scalar32_min_max_sub()
7466 u32 umin_val = src_reg->u32_min_value; in scalar32_min_max_sub()
7467 u32 umax_val = src_reg->u32_max_value; in scalar32_min_max_sub()
7490 struct bpf_reg_state *src_reg) in scalar_min_max_sub() argument
7492 s64 smin_val = src_reg->smin_value; in scalar_min_max_sub()
7493 s64 smax_val = src_reg->smax_value; in scalar_min_max_sub()
7494 u64 umin_val = src_reg->umin_value; in scalar_min_max_sub()
7495 u64 umax_val = src_reg->umax_value; in scalar_min_max_sub()
7518 struct bpf_reg_state *src_reg) in scalar32_min_max_mul() argument
7520 s32 smin_val = src_reg->s32_min_value; in scalar32_min_max_mul()
7521 u32 umin_val = src_reg->u32_min_value; in scalar32_min_max_mul()
7522 u32 umax_val = src_reg->u32_max_value; in scalar32_min_max_mul()
7550 struct bpf_reg_state *src_reg) in scalar_min_max_mul() argument
7552 s64 smin_val = src_reg->smin_value; in scalar_min_max_mul()
7553 u64 umin_val = src_reg->umin_value; in scalar_min_max_mul()
7554 u64 umax_val = src_reg->umax_value; in scalar_min_max_mul()
7582 struct bpf_reg_state *src_reg) in scalar32_min_max_and() argument
7584 bool src_known = tnum_subreg_is_const(src_reg->var_off); in scalar32_min_max_and()
7587 s32 smin_val = src_reg->s32_min_value; in scalar32_min_max_and()
7588 u32 umax_val = src_reg->u32_max_value; in scalar32_min_max_and()
7616 struct bpf_reg_state *src_reg) in scalar_min_max_and() argument
7618 bool src_known = tnum_is_const(src_reg->var_off); in scalar_min_max_and()
7620 s64 smin_val = src_reg->smin_value; in scalar_min_max_and()
7621 u64 umax_val = src_reg->umax_value; in scalar_min_max_and()
7651 struct bpf_reg_state *src_reg) in scalar32_min_max_or() argument
7653 bool src_known = tnum_subreg_is_const(src_reg->var_off); in scalar32_min_max_or()
7656 s32 smin_val = src_reg->s32_min_value; in scalar32_min_max_or()
7657 u32 umin_val = src_reg->u32_min_value; in scalar32_min_max_or()
7685 struct bpf_reg_state *src_reg) in scalar_min_max_or() argument
7687 bool src_known = tnum_is_const(src_reg->var_off); in scalar_min_max_or()
7689 s64 smin_val = src_reg->smin_value; in scalar_min_max_or()
7690 u64 umin_val = src_reg->umin_value; in scalar_min_max_or()
7720 struct bpf_reg_state *src_reg) in scalar32_min_max_xor() argument
7722 bool src_known = tnum_subreg_is_const(src_reg->var_off); in scalar32_min_max_xor()
7725 s32 smin_val = src_reg->s32_min_value; in scalar32_min_max_xor()
7749 struct bpf_reg_state *src_reg) in scalar_min_max_xor() argument
7751 bool src_known = tnum_is_const(src_reg->var_off); in scalar_min_max_xor()
7753 s64 smin_val = src_reg->smin_value; in scalar_min_max_xor()
7798 struct bpf_reg_state *src_reg) in scalar32_min_max_lsh() argument
7800 u32 umax_val = src_reg->u32_max_value; in scalar32_min_max_lsh()
7801 u32 umin_val = src_reg->u32_min_value; in scalar32_min_max_lsh()
7846 struct bpf_reg_state *src_reg) in scalar_min_max_lsh() argument
7848 u64 umax_val = src_reg->umax_value; in scalar_min_max_lsh()
7849 u64 umin_val = src_reg->umin_value; in scalar_min_max_lsh()
7861 struct bpf_reg_state *src_reg) in scalar32_min_max_rsh() argument
7864 u32 umax_val = src_reg->u32_max_value; in scalar32_min_max_rsh()
7865 u32 umin_val = src_reg->u32_min_value; in scalar32_min_max_rsh()
7893 struct bpf_reg_state *src_reg) in scalar_min_max_rsh() argument
7895 u64 umax_val = src_reg->umax_value; in scalar_min_max_rsh()
7896 u64 umin_val = src_reg->umin_value; in scalar_min_max_rsh()
7927 struct bpf_reg_state *src_reg) in scalar32_min_max_arsh() argument
7929 u64 umin_val = src_reg->u32_min_value; in scalar32_min_max_arsh()
7950 struct bpf_reg_state *src_reg) in scalar_min_max_arsh() argument
7952 u64 umin_val = src_reg->umin_value; in scalar_min_max_arsh()
7983 struct bpf_reg_state src_reg) in adjust_scalar_min_max_vals() argument
7996 smin_val = src_reg.smin_value; in adjust_scalar_min_max_vals()
7997 smax_val = src_reg.smax_value; in adjust_scalar_min_max_vals()
7998 umin_val = src_reg.umin_value; in adjust_scalar_min_max_vals()
7999 umax_val = src_reg.umax_value; in adjust_scalar_min_max_vals()
8001 s32_min_val = src_reg.s32_min_value; in adjust_scalar_min_max_vals()
8002 s32_max_val = src_reg.s32_max_value; in adjust_scalar_min_max_vals()
8003 u32_min_val = src_reg.u32_min_value; in adjust_scalar_min_max_vals()
8004 u32_max_val = src_reg.u32_max_value; in adjust_scalar_min_max_vals()
8007 src_known = tnum_subreg_is_const(src_reg.var_off); in adjust_scalar_min_max_vals()
8018 src_known = tnum_is_const(src_reg.var_off); in adjust_scalar_min_max_vals()
8058 scalar32_min_max_add(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8059 scalar_min_max_add(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8060 dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
8063 scalar32_min_max_sub(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8064 scalar_min_max_sub(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8065 dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
8068 dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
8069 scalar32_min_max_mul(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8070 scalar_min_max_mul(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8073 dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
8074 scalar32_min_max_and(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8075 scalar_min_max_and(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8078 dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
8079 scalar32_min_max_or(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8080 scalar_min_max_or(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8083 dst_reg->var_off = tnum_xor(dst_reg->var_off, src_reg.var_off); in adjust_scalar_min_max_vals()
8084 scalar32_min_max_xor(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8085 scalar_min_max_xor(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8096 scalar32_min_max_lsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8098 scalar_min_max_lsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8109 scalar32_min_max_rsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8111 scalar_min_max_rsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8122 scalar32_min_max_arsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8124 scalar_min_max_arsh(dst_reg, &src_reg); in adjust_scalar_min_max_vals()
8149 struct bpf_reg_state *regs = state->regs, *dst_reg, *src_reg; in adjust_reg_min_max_vals() local
8155 src_reg = NULL; in adjust_reg_min_max_vals()
8164 src_reg = ®s[insn->src_reg]; in adjust_reg_min_max_vals()
8165 if (src_reg->type != SCALAR_VALUE) { in adjust_reg_min_max_vals()
8188 src_reg, dst_reg); in adjust_reg_min_max_vals()
8192 err = mark_chain_precision(env, insn->src_reg); in adjust_reg_min_max_vals()
8196 dst_reg, src_reg); in adjust_reg_min_max_vals()
8204 src_reg = &off_reg; in adjust_reg_min_max_vals()
8207 ptr_reg, src_reg); in adjust_reg_min_max_vals()
8216 if (WARN_ON(!src_reg)) { in adjust_reg_min_max_vals()
8221 return adjust_scalar_min_max_vals(env, insn, dst_reg, *src_reg); in adjust_reg_min_max_vals()
8234 insn->src_reg != BPF_REG_0 || in check_alu_op()
8240 if (insn->src_reg != BPF_REG_0 || insn->off != 0 || in check_alu_op()
8273 err = check_reg_arg(env, insn->src_reg, SRC_OP); in check_alu_op()
8277 if (insn->src_reg != BPF_REG_0 || insn->off != 0) { in check_alu_op()
8289 struct bpf_reg_state *src_reg = regs + insn->src_reg; in check_alu_op() local
8296 if (src_reg->type == SCALAR_VALUE && !src_reg->id) in check_alu_op()
8301 src_reg->id = ++env->id_gen; in check_alu_op()
8302 *dst_reg = *src_reg; in check_alu_op()
8307 if (is_pointer_value(env, insn->src_reg)) { in check_alu_op()
8310 insn->src_reg); in check_alu_op()
8312 } else if (src_reg->type == SCALAR_VALUE) { in check_alu_op()
8313 *dst_reg = *src_reg; in check_alu_op()
8359 err = check_reg_arg(env, insn->src_reg, SRC_OP); in check_alu_op()
8363 if (insn->src_reg != BPF_REG_0 || insn->off != 0) { in check_alu_op()
8701 struct bpf_reg_state *src_reg, in is_pkt_ptr_branch_taken() argument
8706 if (src_reg->type == PTR_TO_PACKET_END) { in is_pkt_ptr_branch_taken()
8709 pkt = src_reg; in is_pkt_ptr_branch_taken()
8912 static void __reg_combine_min_max(struct bpf_reg_state *src_reg, in __reg_combine_min_max() argument
8915 src_reg->umin_value = dst_reg->umin_value = max(src_reg->umin_value, in __reg_combine_min_max()
8917 src_reg->umax_value = dst_reg->umax_value = min(src_reg->umax_value, in __reg_combine_min_max()
8919 src_reg->smin_value = dst_reg->smin_value = max(src_reg->smin_value, in __reg_combine_min_max()
8921 src_reg->smax_value = dst_reg->smax_value = min(src_reg->smax_value, in __reg_combine_min_max()
8923 src_reg->var_off = dst_reg->var_off = tnum_intersect(src_reg->var_off, in __reg_combine_min_max()
8926 __update_reg_bounds(src_reg); in __reg_combine_min_max()
8929 __reg_deduce_bounds(src_reg); in __reg_combine_min_max()
8932 __reg_bound_offset(src_reg); in __reg_combine_min_max()
8938 __update_reg_bounds(src_reg); in __reg_combine_min_max()
9041 struct bpf_reg_state *src_reg, in try_match_pkt_pointers() argument
9055 src_reg->type == PTR_TO_PACKET_END) || in try_match_pkt_pointers()
9057 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) { in try_match_pkt_pointers()
9063 src_reg->type == PTR_TO_PACKET) || in try_match_pkt_pointers()
9065 src_reg->type == PTR_TO_PACKET_META)) { in try_match_pkt_pointers()
9067 find_good_pkt_pointers(other_branch, src_reg, in try_match_pkt_pointers()
9068 src_reg->type, true); in try_match_pkt_pointers()
9069 mark_pkt_end(this_branch, insn->src_reg, false); in try_match_pkt_pointers()
9076 src_reg->type == PTR_TO_PACKET_END) || in try_match_pkt_pointers()
9078 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) { in try_match_pkt_pointers()
9084 src_reg->type == PTR_TO_PACKET) || in try_match_pkt_pointers()
9086 src_reg->type == PTR_TO_PACKET_META)) { in try_match_pkt_pointers()
9088 find_good_pkt_pointers(this_branch, src_reg, in try_match_pkt_pointers()
9089 src_reg->type, false); in try_match_pkt_pointers()
9090 mark_pkt_end(other_branch, insn->src_reg, true); in try_match_pkt_pointers()
9097 src_reg->type == PTR_TO_PACKET_END) || in try_match_pkt_pointers()
9099 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) { in try_match_pkt_pointers()
9105 src_reg->type == PTR_TO_PACKET) || in try_match_pkt_pointers()
9107 src_reg->type == PTR_TO_PACKET_META)) { in try_match_pkt_pointers()
9109 find_good_pkt_pointers(other_branch, src_reg, in try_match_pkt_pointers()
9110 src_reg->type, false); in try_match_pkt_pointers()
9111 mark_pkt_end(this_branch, insn->src_reg, true); in try_match_pkt_pointers()
9118 src_reg->type == PTR_TO_PACKET_END) || in try_match_pkt_pointers()
9120 reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) { in try_match_pkt_pointers()
9126 src_reg->type == PTR_TO_PACKET) || in try_match_pkt_pointers()
9128 src_reg->type == PTR_TO_PACKET_META)) { in try_match_pkt_pointers()
9130 find_good_pkt_pointers(this_branch, src_reg, in try_match_pkt_pointers()
9131 src_reg->type, true); in try_match_pkt_pointers()
9132 mark_pkt_end(other_branch, insn->src_reg, false); in try_match_pkt_pointers()
9174 struct bpf_reg_state *dst_reg, *other_branch_regs, *src_reg = NULL; in check_cond_jmp_op() local
9193 err = check_reg_arg(env, insn->src_reg, SRC_OP); in check_cond_jmp_op()
9197 if (is_pointer_value(env, insn->src_reg)) { in check_cond_jmp_op()
9199 insn->src_reg); in check_cond_jmp_op()
9202 src_reg = ®s[insn->src_reg]; in check_cond_jmp_op()
9204 if (insn->src_reg != BPF_REG_0) { in check_cond_jmp_op()
9220 } else if (src_reg->type == SCALAR_VALUE && in check_cond_jmp_op()
9221 is_jmp32 && tnum_is_const(tnum_subreg(src_reg->var_off))) { in check_cond_jmp_op()
9223 tnum_subreg(src_reg->var_off).value, in check_cond_jmp_op()
9226 } else if (src_reg->type == SCALAR_VALUE && in check_cond_jmp_op()
9227 !is_jmp32 && tnum_is_const(src_reg->var_off)) { in check_cond_jmp_op()
9229 src_reg->var_off.value, in check_cond_jmp_op()
9233 reg_is_pkt_pointer_any(src_reg) && in check_cond_jmp_op()
9235 pred = is_pkt_ptr_branch_taken(dst_reg, src_reg, opcode); in check_cond_jmp_op()
9245 !__is_pointer_value(false, src_reg)) in check_cond_jmp_op()
9246 err = mark_chain_precision(env, insn->src_reg); in check_cond_jmp_op()
9289 struct bpf_reg_state *src_reg = ®s[insn->src_reg]; in check_cond_jmp_op() local
9292 src_reg->type == SCALAR_VALUE) { in check_cond_jmp_op()
9293 if (tnum_is_const(src_reg->var_off) || in check_cond_jmp_op()
9295 tnum_is_const(tnum_subreg(src_reg->var_off)))) in check_cond_jmp_op()
9298 src_reg->var_off.value, in check_cond_jmp_op()
9299 tnum_subreg(src_reg->var_off).value, in check_cond_jmp_op()
9304 reg_set_min_max_inv(&other_branch_regs[insn->src_reg], in check_cond_jmp_op()
9305 src_reg, in check_cond_jmp_op()
9312 reg_combine_min_max(&other_branch_regs[insn->src_reg], in check_cond_jmp_op()
9314 src_reg, dst_reg, opcode); in check_cond_jmp_op()
9315 if (src_reg->id && in check_cond_jmp_op()
9316 !WARN_ON_ONCE(src_reg->id != other_branch_regs[insn->src_reg].id)) { in check_cond_jmp_op()
9317 find_equal_scalars(this_branch, src_reg); in check_cond_jmp_op()
9318 find_equal_scalars(other_branch, &other_branch_regs[insn->src_reg]); in check_cond_jmp_op()
9348 } else if (!try_match_pkt_pointers(insn, dst_reg, ®s[insn->src_reg], in check_cond_jmp_op()
9383 if (insn->src_reg == 0) { in check_ld_imm()
9391 if (insn->src_reg == BPF_PSEUDO_BTF_ID) { in check_ld_imm()
9411 if (insn->src_reg == BPF_PSEUDO_FUNC) { in check_ld_imm()
9434 if (insn->src_reg == BPF_PSEUDO_MAP_VALUE || in check_ld_imm()
9435 insn->src_reg == BPF_PSEUDO_MAP_IDX_VALUE) { in check_ld_imm()
9440 } else if (insn->src_reg == BPF_PSEUDO_MAP_FD || in check_ld_imm()
9441 insn->src_reg == BPF_PSEUDO_MAP_IDX) { in check_ld_imm()
9497 (mode == BPF_ABS && insn->src_reg != BPF_REG_0)) { in check_ld_abs()
9530 err = check_reg_arg(env, insn->src_reg, SRC_OP); in check_ld_abs()
9860 insns[t].src_reg == BPF_PSEUDO_CALL); in visit_insn()
11195 err = check_reg_arg(env, insn->src_reg, SRC_OP); in do_check()
11203 src_reg_type = regs[insn->src_reg].type; in do_check()
11208 err = check_mem_access(env, env->insn_idx, insn->src_reg, in do_check()
11252 err = check_reg_arg(env, insn->src_reg, SRC_OP); in do_check()
11265 BPF_WRITE, insn->src_reg, false); in do_check()
11280 insn->src_reg != BPF_REG_0) { in do_check()
11309 (insn->src_reg != BPF_PSEUDO_KFUNC_CALL in do_check()
11311 (insn->src_reg != BPF_REG_0 && in do_check()
11312 insn->src_reg != BPF_PSEUDO_CALL && in do_check()
11313 insn->src_reg != BPF_PSEUDO_KFUNC_CALL) || in do_check()
11321 (insn->src_reg == BPF_PSEUDO_CALL || in do_check()
11326 if (insn->src_reg == BPF_PSEUDO_CALL) in do_check()
11328 else if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) in do_check()
11337 insn->src_reg != BPF_REG_0 || in do_check()
11350 insn->src_reg != BPF_REG_0 || in do_check()
11752 insn[1].dst_reg != 0 || insn[1].src_reg != 0 || in resolve_pseudo_ldimm64()
11758 if (insn[0].src_reg == 0) in resolve_pseudo_ldimm64()
11762 if (insn[0].src_reg == BPF_PSEUDO_BTF_ID) { in resolve_pseudo_ldimm64()
11770 if (insn[0].src_reg == BPF_PSEUDO_FUNC) { in resolve_pseudo_ldimm64()
11779 switch (insn[0].src_reg) { in resolve_pseudo_ldimm64()
11793 switch (insn[0].src_reg) { in resolve_pseudo_ldimm64()
11825 if (insn[0].src_reg == BPF_PSEUDO_MAP_FD || in resolve_pseudo_ldimm64()
11826 insn[0].src_reg == BPF_PSEUDO_MAP_IDX) { in resolve_pseudo_ldimm64()
11934 if (insn->src_reg == BPF_PSEUDO_FUNC) in convert_pseudo_ld_imm64()
11936 insn->src_reg = 0; in convert_pseudo_ld_imm64()
12370 zext_patch[1].src_reg = load_reg; in opt_subreg_zext_lo32_rnd_hi32()
12911 BPF_JNE | BPF_K, insn->src_reg, in do_misc_fixups()
12920 BPF_JEQ | BPF_K, insn->src_reg, in do_misc_fixups()
12980 off_reg = issrc ? insn->src_reg : insn->dst_reg; in do_misc_fixups()
12994 *patch++ = BPF_MOV64_REG(insn->dst_reg, insn->src_reg); in do_misc_fixups()
12995 insn->src_reg = BPF_REG_AX; in do_misc_fixups()
13016 if (insn->src_reg == BPF_PSEUDO_CALL) in do_misc_fixups()
13018 if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) { in do_misc_fixups()