Lines Matching refs:var_off
608 if (!tnum_is_const(reg->var_off)) {
613 off = reg->off + reg->var_off.value;
951 * CONST_PTR_TO_DYNPTR already has fixed and var_off as 0 due to
1752 reg->var_off = tnum_const(imm);
1771 offsetof(struct bpf_reg_state, var_off) - sizeof(reg->type));
1779 reg->var_off = tnum_const_subreg(reg->var_off, imm);
1897 tnum_equals_const(reg->var_off, 0);
1932 struct tnum var32_off = tnum_subreg(reg->var_off);
1949 reg->var_off.value | (reg->var_off.mask & S64_MIN));
1952 reg->var_off.value | (reg->var_off.mask & S64_MAX));
1953 reg->umin_value = max(reg->umin_value, reg->var_off.value);
1955 reg->var_off.value | reg->var_off.mask);
2185 /* Attempts to improve var_off based on unsigned min/max information */
2188 struct tnum var64_off = tnum_intersect(reg->var_off,
2195 reg->var_off = tnum_or(tnum_clear_subreg(var64_off), var32_off);
2200 /* We might have learned new bounds from the var_off. */
2207 /* Intersecting with the old var_off might have improved our bounds
2208 * slightly, e.g. if umax was 0x7f...f and var_off was (0; 0xf...fc),
2209 * then new var_off is (0; 0x7f...fc) which improves our umax.
2227 if (tnum_is_const(reg->var_off)) {
2228 u64 uval = reg->var_off.value;
2238 if (tnum_subreg_is_const(reg->var_off)) {
2239 u32 uval32 = tnum_subreg(reg->var_off).value;
2252 "s64=[%#llx, %#llx] u32=[%#x, %#x] s32=[%#x, %#x] var_off=(%#llx, %#llx)\n",
2257 reg->var_off.value, reg->var_off.mask);
2295 memset(reg, 0, offsetof(struct bpf_reg_state, var_off));
2299 reg->var_off = tnum_unknown;
3026 verbose(env, "verifier BUG type %s var_off %lld off %d\n",
3028 parent->var_off.value, parent->off);
3882 * R5_w=inv(id=0,umax_value=1951,var_off=(0x0; 0x7ff))
4399 return reg->type == SCALAR_VALUE && tnum_equals_const(reg->var_off, 0);
4406 tnum_is_const(subreg32 ? tnum_subreg(reg->var_off) : reg->var_off);
4412 return subreg32 ? tnum_subreg(reg->var_off).value : reg->var_off.value;
4428 !tnum_is_const(src_reg->var_off))
4691 if (tnum_is_const(spill_reg->var_off) && spill_reg->var_off.value == 0) {
4851 tnum_is_const(reg->var_off) && reg->var_off.value == 0) {
4975 bool var_off = !tnum_is_const(reg->var_off);
4981 if (dst_regno < 0 && var_off) {
4984 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
4985 verbose(env, "variable offset stack pointer cannot be passed into helper function; var_off=%s off=%d size=%d\n",
4998 if (!var_off) {
4999 off += reg->var_off.value;
5032 if (tnum_is_const(reg->var_off)) {
5033 off += reg->var_off.value;
5181 if (!tnum_is_const(reg->var_off) || reg->var_off.value) {
5184 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
5185 verbose(env, "variable %s access var_off=%s disallowed\n",
5227 * normal store of unreferenced kptr, we must ensure var_off is zero.
5364 * - tnum_is_const(reg->var_off)
5365 * - kptr_field->offset == off + reg->var_off.value
5447 if (!tnum_is_const(reg->var_off)) {
5451 if (p != off + reg->var_off.value) {
5453 p, off + reg->var_off.value);
5755 reg_off = tnum_add(reg->var_off, tnum_const(ip_align + reg->off + off));
5759 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
5780 reg_off = tnum_add(reg->var_off, tnum_const(reg->off + off));
5784 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
6046 if (!tnum_is_const(reg->var_off) || reg->var_off.value) {
6049 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
6051 "R%d invalid variable buffer offset: off=%d, var_off=%s\n",
6097 reg->var_off = tnum_subreg(reg->var_off);
6109 reg->var_off = tnum_cast(reg->var_off, size);
6149 reg->var_off = tnum_unknown;
6158 if (tnum_is_const(reg->var_off)) {
6159 u64_cval = reg->var_off.value;
6161 reg->var_off = tnum_const((s8)u64_cval);
6163 reg->var_off = tnum_const((s16)u64_cval);
6166 reg->var_off = tnum_const((s32)u64_cval);
6168 u64_cval = reg->var_off.value;
6203 reg->var_off = tnum_range(s64_min, s64_max);
6231 if (tnum_is_const(reg->var_off)) {
6232 u32_val = reg->var_off.value;
6234 reg->var_off = tnum_const((s8)u32_val);
6236 reg->var_off = tnum_const((s16)u32_val);
6238 u32_val = reg->var_off.value;
6463 if (!tnum_is_const(reg->var_off) || reg->var_off.value) {
6466 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
6468 "R%d is ptr_%s invalid variable offset: off=%d, var_off=%s\n",
6687 if (tnum_is_const(reg->var_off)) {
6688 min_off = (s64)reg->var_off.value + off;
6711 if (tnum_is_const(reg->var_off)) {
6717 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
6718 verbose(env, "invalid variable-offset%s stack R%d var_off=%s off=%d size=%d\n",
6782 if (tnum_is_const(reg->var_off))
6784 off + reg->var_off.value, BPF_KPTR);
6791 if (tnum_is_const(reg->var_off) &&
6794 int map_off = off + reg->var_off.value;
7125 if (tnum_is_const(reg->var_off)) {
7126 min_off = max_off = reg->var_off.value + off;
7136 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
7137 verbose(env, "R%d%s variable offset stack access prohibited for !root, var_off=%s\n",
7218 if (tnum_is_const(reg->var_off)) {
7224 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
7225 verbose(env, "invalid%s read from stack R%d var_off %s+%d size %d\n",
7364 if (!tnum_is_const(reg->var_off))
7484 bool is_const = tnum_is_const(reg->var_off);
7485 u64 val = reg->var_off.value;
7560 bool is_const = tnum_is_const(reg->var_off);
7562 u64 val = reg->var_off.value;
7601 if (!tnum_is_const(reg->var_off)) {
7618 kptr_off = reg->off + reg->var_off.value;
8446 * cases. var_off always must be 0 for PTR_TO_BTF_ID, hence we
8538 if (!tnum_is_const(reg->var_off)) {
8554 map_off = reg->off + reg->var_off.value;
8790 if (!tnum_is_const(reg->var_off)) {
8795 meta->mem_size = reg->var_off.value;
10047 val = reg->var_off.value;
10097 if (data_len_reg->var_off.value % 8)
10099 num_args = data_len_reg->var_off.value / 8;
10101 /* fmt being ARG_PTR_TO_CONST_STR guarantees that var_off is const
10104 fmt_map_off = fmt_reg->off + fmt_reg->var_off.value;
11453 if (!tnum_is_const(reg->var_off)) {
11461 head_off = reg->off + reg->var_off.value;
11521 if (!tnum_is_const(reg->var_off)) {
11528 node_off = reg->off + reg->var_off.value;
11649 if (!tnum_is_const(reg->var_off)) {
11657 meta->arg_constant.value = reg->var_off.value;
11671 if (!tnum_is_const(reg->var_off)) {
11676 meta->r0_size = reg->var_off.value;
11987 if (!tnum_is_const(size_reg->var_off)) {
11992 meta->arg_constant.value = size_reg->var_off.value;
12552 bool known = tnum_is_const(reg->var_off);
12553 s64 val = reg->var_off.value;
12604 ptr_limit = -(ptr_reg->var_off.value + ptr_reg->off);
12697 bool off_is_imm = tnum_is_const(off_reg->var_off);
12717 if (!tnum_is_const(off_reg->var_off) &&
12851 if (!tnum_is_const(reg->var_off)) {
12854 tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
12855 verbose(env, "R%d variable stack access prohibited for !root, var_off=%s off=%d\n",
12884 dst_reg->off + dst_reg->var_off.value))
12901 /* Handles arithmetic on a pointer and a scalar: computes new min/max and var_off.
12914 bool known = tnum_is_const(off_reg->var_off);
13015 dst_reg->var_off = ptr_reg->var_off;
13045 dst_reg->var_off = tnum_add(ptr_reg->var_off, off_reg->var_off);
13077 dst_reg->var_off = ptr_reg->var_off;
13104 dst_reg->var_off = tnum_sub(ptr_reg->var_off, off_reg->var_off);
13318 bool src_known = tnum_subreg_is_const(src_reg->var_off);
13319 bool dst_known = tnum_subreg_is_const(dst_reg->var_off);
13320 struct tnum var32_off = tnum_subreg(dst_reg->var_off);
13329 /* We get our minimum from the var_off, since that's inherently
13352 bool src_known = tnum_is_const(src_reg->var_off);
13353 bool dst_known = tnum_is_const(dst_reg->var_off);
13358 __mark_reg_known(dst_reg, dst_reg->var_off.value);
13362 /* We get our minimum from the var_off, since that's inherently
13365 dst_reg->umin_value = dst_reg->var_off.value;
13380 /* We may learn something more from the var_off */
13387 bool src_known = tnum_subreg_is_const(src_reg->var_off);
13388 bool dst_known = tnum_subreg_is_const(dst_reg->var_off);
13389 struct tnum var32_off = tnum_subreg(dst_reg->var_off);
13398 /* We get our maximum from the var_off, and our minimum is the
13421 bool src_known = tnum_is_const(src_reg->var_off);
13422 bool dst_known = tnum_is_const(dst_reg->var_off);
13427 __mark_reg_known(dst_reg, dst_reg->var_off.value);
13431 /* We get our maximum from the var_off, and our minimum is the
13435 dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask;
13449 /* We may learn something more from the var_off */
13456 bool src_known = tnum_subreg_is_const(src_reg->var_off);
13457 bool dst_known = tnum_subreg_is_const(dst_reg->var_off);
13458 struct tnum var32_off = tnum_subreg(dst_reg->var_off);
13485 bool src_known = tnum_is_const(src_reg->var_off);
13486 bool dst_known = tnum_is_const(dst_reg->var_off);
13490 /* dst_reg->var_off.value has been updated earlier */
13491 __mark_reg_known(dst_reg, dst_reg->var_off.value);
13495 /* We get both minimum and maximum from the var_off. */
13496 dst_reg->umin_value = dst_reg->var_off.value;
13497 dst_reg->umax_value = dst_reg->var_off.value | dst_reg->var_off.mask;
13517 * up from var_off)
13537 struct tnum subreg = tnum_subreg(dst_reg->var_off);
13540 dst_reg->var_off = tnum_subreg(tnum_lshift(subreg, umin_val));
13556 * what we can pick up from var_off. Perhaps we can generalize this
13589 dst_reg->var_off = tnum_lshift(dst_reg->var_off, umin_val);
13590 /* We may learn something more from the var_off */
13597 struct tnum subreg = tnum_subreg(dst_reg->var_off);
13613 * var_off of the result.
13618 dst_reg->var_off = tnum_rshift(subreg, umin_val);
13644 * var_off of the result.
13648 dst_reg->var_off = tnum_rshift(dst_reg->var_off, umin_val);
13671 dst_reg->var_off = tnum_arshift(tnum_subreg(dst_reg->var_off), umin_val, 32);
13674 * dst_reg var_off to refine the result.
13694 dst_reg->var_off = tnum_arshift(dst_reg->var_off, umin_val, 64);
13697 * dst_reg var_off to refine the result.
13741 src_known = tnum_subreg_is_const(src_reg.var_off);
13752 src_known = tnum_is_const(src_reg.var_off);
13794 dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off);
13799 dst_reg->var_off = tnum_sub(dst_reg->var_off, src_reg.var_off);
13802 dst_reg->var_off = tnum_mul(dst_reg->var_off, src_reg.var_off);
13807 dst_reg->var_off = tnum_and(dst_reg->var_off, src_reg.var_off);
13812 dst_reg->var_off = tnum_or(dst_reg->var_off, src_reg.var_off);
13817 dst_reg->var_off = tnum_xor(dst_reg->var_off, src_reg.var_off);
13873 * and var_off.
14300 struct tnum t1 = is_jmp32 ? tnum_subreg(reg1->var_off) : reg1->var_off;
14301 struct tnum t2 = is_jmp32 ? tnum_subreg(reg2->var_off) : reg2->var_off;
14580 t = tnum_intersect(tnum_subreg(reg1->var_off), tnum_subreg(reg2->var_off));
14581 reg1->var_off = tnum_with_subreg(reg1->var_off, t);
14582 reg2->var_off = tnum_with_subreg(reg2->var_off, t);
14593 reg1->var_off = tnum_intersect(reg1->var_off, reg2->var_off);
14594 reg2->var_off = reg1->var_off;
14655 t = tnum_or(tnum_subreg(reg1->var_off), tnum_const(val));
14656 reg1->var_off = tnum_with_subreg(reg1->var_off, t);
14658 reg1->var_off = tnum_or(reg1->var_off, tnum_const(val));
14668 t = tnum_and(tnum_subreg(reg1->var_off), tnum_const(~val));
14669 reg1->var_off = tnum_with_subreg(reg1->var_off, t);
14671 reg1->var_off = tnum_and(reg1->var_off, tnum_const(~val));
14777 if (WARN_ON_ONCE(reg->smin_value || reg->smax_value || !tnum_equals_const(reg->var_off, 0)))
15535 tnum_in(enforce_attach_type_range, reg->var_off))
16594 tnum_in(rold->var_off, rcur->var_off) &&
16601 /* If the new min/max/var_off satisfy the old ones and
16604 return memcmp(rold, rcur, offsetof(struct bpf_reg_state, var_off)) == 0 &&
16606 tnum_in(rold->var_off, rcur->var_off) &&
16629 tnum_in(rold->var_off, rcur->var_off);
17264 spi = __get_spi(iter_reg->off + iter_reg->var_off.value);