Lines Matching defs:spi
332 u8 spi;
594 static bool is_spi_bounds_valid(struct bpf_func_state *state, int spi, int nr_slots)
598 /* We need to check that slots between [spi - nr_slots + 1, spi] are
601 * Please note that the spi grows downwards. For example, a dynptr
603 * spi and the second slot will be at spi - 1.
605 return spi - nr_slots + 1 >= 0 && spi < allocated_slots;
611 int off, spi;
624 spi = __get_spi(off);
625 if (spi + 1 < nr_slots) {
630 if (!is_spi_bounds_valid(func(env, reg), spi, nr_slots))
632 return spi;
708 struct bpf_func_state *state, int spi);
715 int spi, i, err;
717 spi = dynptr_get_spi(env, reg);
718 if (spi < 0)
719 return spi;
721 /* We cannot assume both spi and spi - 1 belong to the same dynptr,
725 * spi 3 2 1 0
726 * So marking spi = 2 should lead to destruction of both d1 and d2. In
730 err = destroy_if_dynptr_stack_slot(env, state, spi);
733 err = destroy_if_dynptr_stack_slot(env, state, spi - 1);
738 state->stack[spi].slot_type[i] = STACK_DYNPTR;
739 state->stack[spi - 1].slot_type[i] = STACK_DYNPTR;
746 mark_dynptr_stack_regs(env, &state->stack[spi].spilled_ptr,
747 &state->stack[spi - 1].spilled_ptr, type);
761 state->stack[spi].spilled_ptr.ref_obj_id = id;
762 state->stack[spi - 1].spilled_ptr.ref_obj_id = id;
765 state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN;
766 state->stack[spi - 1].spilled_ptr.live |= REG_LIVE_WRITTEN;
771 static void invalidate_dynptr(struct bpf_verifier_env *env, struct bpf_func_state *state, int spi)
776 state->stack[spi].slot_type[i] = STACK_INVALID;
777 state->stack[spi - 1].slot_type[i] = STACK_INVALID;
780 __mark_reg_not_init(env, &state->stack[spi].spilled_ptr);
781 __mark_reg_not_init(env, &state->stack[spi - 1].spilled_ptr);
804 state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN;
805 state->stack[spi - 1].spilled_ptr.live |= REG_LIVE_WRITTEN;
811 int spi, ref_obj_id, i;
813 spi = dynptr_get_spi(env, reg);
814 if (spi < 0)
815 return spi;
817 if (!dynptr_type_refcounted(state->stack[spi].spilled_ptr.dynptr.type)) {
818 invalidate_dynptr(env, state, spi);
822 ref_obj_id = state->stack[spi].spilled_ptr.ref_obj_id;
866 struct bpf_func_state *state, int spi)
877 if (state->stack[spi].slot_type[0] != STACK_DYNPTR)
880 /* Reposition spi to first slot */
881 if (!state->stack[spi].spilled_ptr.dynptr.first_slot)
882 spi = spi + 1;
884 if (dynptr_type_refcounted(state->stack[spi].spilled_ptr.dynptr.type)) {
889 mark_stack_slot_scratched(env, spi);
890 mark_stack_slot_scratched(env, spi - 1);
894 state->stack[spi].slot_type[i] = STACK_INVALID;
895 state->stack[spi - 1].slot_type[i] = STACK_INVALID;
898 dynptr_id = state->stack[spi].spilled_ptr.id;
911 __mark_reg_not_init(env, &state->stack[spi].spilled_ptr);
912 __mark_reg_not_init(env, &state->stack[spi - 1].spilled_ptr);
915 state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN;
916 state->stack[spi - 1].spilled_ptr.live |= REG_LIVE_WRITTEN;
923 int spi;
928 spi = dynptr_get_spi(env, reg);
930 /* -ERANGE (i.e. spi not falling into allocated stack slots) isn't an
934 if (spi < 0 && spi != -ERANGE)
952 int i, spi;
963 spi = dynptr_get_spi(env, reg);
964 if (spi < 0)
966 if (!state->stack[spi].spilled_ptr.dynptr.first_slot)
970 if (state->stack[spi].slot_type[i] != STACK_DYNPTR ||
971 state->stack[spi - 1].slot_type[i] != STACK_DYNPTR)
983 int spi;
993 spi = dynptr_get_spi(env, reg);
994 if (spi < 0)
996 return state->stack[spi].spilled_ptr.dynptr.type == dynptr_type;
1012 int spi, i, j, id;
1014 spi = iter_get_spi(env, reg, nr_slots);
1015 if (spi < 0)
1016 return spi;
1023 struct bpf_stack_state *slot = &state->stack[spi - i];
1044 mark_stack_slot_scratched(env, spi - i);
1054 int spi, i, j;
1056 spi = iter_get_spi(env, reg, nr_slots);
1057 if (spi < 0)
1058 return spi;
1061 struct bpf_stack_state *slot = &state->stack[spi - i];
1075 mark_stack_slot_scratched(env, spi - i);
1085 int spi, i, j;
1087 /* For -ERANGE (i.e. spi not falling into allocated stack slots), we
1091 spi = iter_get_spi(env, reg, nr_slots);
1092 if (spi == -ERANGE)
1094 if (spi < 0)
1098 struct bpf_stack_state *slot = &state->stack[spi - i];
1112 int spi, i, j;
1114 spi = iter_get_spi(env, reg, nr_slots);
1115 if (spi < 0)
1119 struct bpf_stack_state *slot = &state->stack[spi - i];
3077 int spi, ret;
3085 spi = dynptr_get_spi(env, reg);
3086 if (spi < 0)
3087 return spi;
3088 /* Caller ensures dynptr is valid and initialized, which means spi is in
3089 * bounds and spi is the first dynptr slot. Simply mark stack slot as
3092 ret = mark_reg_read(env, &state->stack[spi].spilled_ptr,
3093 state->stack[spi].spilled_ptr.parent, REG_LIVE_READ64);
3096 return mark_reg_read(env, &state->stack[spi - 1].spilled_ptr,
3097 state->stack[spi - 1].spilled_ptr.parent, REG_LIVE_READ64);
3101 int spi, int nr_slots)
3107 struct bpf_reg_state *st = &state->stack[spi - i].spilled_ptr;
3113 mark_stack_slot_scratched(env, spi - i);
3310 static int insn_stack_access_flags(int frameno, int spi)
3312 return INSN_F_STACK_ACCESS | (spi << INSN_F_SPI_SHIFT) | frameno;
3601 u32 spi, i, fr;
3670 spi = insn_stack_access_spi(hist->flags);
3672 bt_set_frame_slot(bt, fr, spi);
3683 spi = insn_stack_access_spi(hist->flags);
3685 if (!bt_is_frame_slot_set(bt, fr, spi))
3687 bt_clear_frame_slot(bt, fr, spi);
4082 * and/or stack slot *spi* (if spi >= 0) are marked as precisely tracked
4463 int spi, struct bpf_reg_state *reg,
4468 copy_register_state(&state->stack[spi].spilled_ptr, reg);
4470 state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN;
4473 state->stack[spi].slot_type[i - 1] = STACK_SPILL;
4477 mark_stack_slot_misc(env, &state->stack[spi].slot_type[i - 1]);
4500 int i, slot = -off - 1, spi = slot / BPF_REG_SIZE, err;
4503 int insn_flags = insn_stack_access_flags(state->frameno, spi);
4509 is_spilled_reg(&state->stack[spi]) &&
4522 u8 type = state->stack[spi].slot_type[i];
4534 err = destroy_if_dynptr_stack_slot(env, state, spi);
4538 mark_stack_slot_scratched(env, spi);
4546 save_register_state(env, state, spi, reg, size);
4549 state->stack[spi].spilled_ptr.id = 0;
4556 save_register_state(env, state, spi, &fake_reg, size);
4568 save_register_state(env, state, spi, reg, size);
4573 state->stack[spi].spilled_ptr.type = NOT_INIT;
4575 if (is_stack_slot_special(&state->stack[spi]))
4577 scrub_spilled_slot(&state->stack[spi].slot_type[i]);
4588 state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN;
4607 state->stack[spi].slot_type[(slot - i) % BPF_REG_SIZE] = type;
4663 int spi;
4665 spi = __get_spi(i);
4666 err = destroy_if_dynptr_stack_slot(env, state, spi);
4674 int slot, spi;
4677 spi = slot / BPF_REG_SIZE;
4678 stype = &state->stack[spi].slot_type[slot % BPF_REG_SIZE];
4679 mark_stack_slot_scratched(env, spi);
4698 /* If writing_zero and the spi slot contains a spill of value 0,
4702 is_spilled_scalar_reg(&state->stack[spi])) {
4703 struct bpf_reg_state *spill_reg = &state->stack[spi].spilled_ptr;
4712 state->stack[spi].spilled_ptr.type = NOT_INIT;
4759 int i, slot, spi;
4765 spi = slot / BPF_REG_SIZE;
4766 mark_stack_slot_scratched(env, spi);
4767 stype = ptr_state->stack[spi].slot_type;
4800 int i, slot = -off - 1, spi = slot / BPF_REG_SIZE;
4803 int insn_flags = insn_stack_access_flags(reg_state->frameno, spi);
4805 stype = reg_state->stack[spi].slot_type;
4806 reg = ®_state->stack[spi].spilled_ptr;
4808 mark_stack_slot_scratched(env, spi);
4810 if (is_spilled_reg(®_state->stack[spi])) {
7131 int err, min_off, max_off, i, j, slot, spi;
7206 spi = __get_spi(i);
7210 if (state->stack[spi].slot_type[stack_off % BPF_REG_SIZE] == STACK_DYNPTR) {
7224 spi = slot / BPF_REG_SIZE;
7230 stype = &state->stack[spi].slot_type[slot % BPF_REG_SIZE];
7242 if (is_spilled_reg(&state->stack[spi]) &&
7243 (state->stack[spi].spilled_ptr.type == SCALAR_VALUE ||
7246 __mark_reg_unknown(env, &state->stack[spi].spilled_ptr);
7248 scrub_spilled_slot(&state->stack[spi].slot_type[j]);
7268 mark_reg_read(env, &state->stack[spi].spilled_ptr,
7269 state->stack[spi].spilled_ptr.parent,
7782 static u32 iter_ref_obj_id(struct bpf_verifier_env *env, struct bpf_reg_state *reg, int spi)
7786 return state->stack[spi].spilled_ptr.ref_obj_id;
7823 int spi, err, i, nr_slots;
7867 spi = iter_get_spi(env, reg, nr_slots);
7868 if (spi < 0)
7869 return spi;
7871 err = mark_iter_read(env, reg, spi, nr_slots);
7876 meta->iter.spi = spi;
7878 meta->ref_obj_id = iter_ref_obj_id(env, reg, spi);
8050 int iter_spi = meta->iter.spi;
8532 int spi;
8536 spi = dynptr_get_spi(env, reg);
8537 if (spi < 0)
8538 return spi;
8539 return state->stack[spi].spilled_ptr.id;
8545 int spi;
8549 spi = dynptr_get_spi(env, reg);
8550 if (spi < 0)
8551 return spi;
8552 return state->stack[spi].spilled_ptr.ref_obj_id;
8559 int spi;
8564 spi = __get_spi(reg->off);
8565 if (spi < 0) {
8566 verbose(env, "verifier internal error: invalid spi when querying dynptr type\n");
8570 return state->stack[spi].spilled_ptr.dynptr.type;
8684 int spi;
8692 spi = dynptr_get_spi(env, reg);
8693 if (spi < 0 || !state->stack[spi].spilled_ptr.ref_obj_id) {
16839 int i, spi;
16848 spi = i / BPF_REG_SIZE;
16851 old->stack[spi].slot_type[i % BPF_REG_SIZE] !=
16852 cur->stack[spi].slot_type[i % BPF_REG_SIZE])
16855 if (!(old->stack[spi].spilled_ptr.live & REG_LIVE_READ)
16862 if (old->stack[spi].slot_type[i % BPF_REG_SIZE] == STACK_INVALID)
16866 old->stack[spi].slot_type[i % BPF_REG_SIZE] == STACK_MISC)
16880 old_reg = scalar_reg_for_stack(env, &old->stack[spi]);
16881 cur_reg = scalar_reg_for_stack(env, &cur->stack[spi]);
16893 if (old->stack[spi].slot_type[i % BPF_REG_SIZE] == STACK_MISC &&
16894 cur->stack[spi].slot_type[i % BPF_REG_SIZE] == STACK_ZERO)
16896 if (old->stack[spi].slot_type[i % BPF_REG_SIZE] !=
16897 cur->stack[spi].slot_type[i % BPF_REG_SIZE])
16907 switch (old->stack[spi].slot_type[BPF_REG_SIZE - 1]) {
16919 if (!regsafe(env, &old->stack[spi].spilled_ptr,
16920 &cur->stack[spi].spilled_ptr, idmap, exact))
16924 old_reg = &old->stack[spi].spilled_ptr;
16925 cur_reg = &cur->stack[spi].spilled_ptr;
16932 old_reg = &old->stack[spi].spilled_ptr;
16933 cur_reg = &cur->stack[spi].spilled_ptr;
17415 int spi;
17426 spi = __get_spi(iter_reg->off + iter_reg->var_off.value);
17427 iter_state = &func(env, iter_reg)->stack[spi].spilled_ptr;