Lines Matching +full:no +full:- +full:1 +full:- +full:8 +full:- +full:v
1 // SPDX-License-Identifier: GPL-2.0
34 int *v, i = zero; /* obscure initial value of i */ in iter_err_unsafe_c_loop() local
39 while ((v = bpf_iter_num_next(&it))) { in iter_err_unsafe_c_loop()
62 "r4 = 1;" in iter_err_unsafe_asm_loop()
68 "r6 += 1;" in iter_err_unsafe_asm_loop()
96 int *v; in iter_while_loop() local
101 while ((v = bpf_iter_num_next(&it))) { in iter_while_loop()
102 bpf_printk("ITER_BASIC: E1 VAL: v=%d", *v); in iter_while_loop()
114 int *v; in iter_while_loop_auto_cleanup() local
119 while ((v = bpf_iter_num_next(&it))) { in iter_while_loop_auto_cleanup()
120 bpf_printk("ITER_BASIC: E1 VAL: v=%d", *v); in iter_while_loop_auto_cleanup()
122 /* (!) no explicit bpf_iter_num_destroy() */ in iter_while_loop_auto_cleanup()
132 int *v; in iter_for_loop() local
137 for (v = bpf_iter_num_next(&it); v; v = bpf_iter_num_next(&it)) { in iter_for_loop()
138 bpf_printk("ITER_BASIC: E2 VAL: v=%d", *v); in iter_for_loop()
149 int *v; in iter_bpf_for_each_macro() local
153 bpf_for_each(num, v, 5, 10) { in iter_bpf_for_each_macro()
154 bpf_printk("ITER_BASIC: E2 VAL: v=%d", *v); in iter_bpf_for_each_macro()
169 bpf_printk("ITER_BASIC: E2 VAL: v=%d", i); in iter_bpf_for_macro()
180 int *v, i; in iter_pragma_unroll_loop() local
187 v = bpf_iter_num_next(&it); in iter_pragma_unroll_loop()
188 bpf_printk("ITER_BASIC: E3 VAL: i=%d v=%d", i, v ? *v : -1); in iter_pragma_unroll_loop()
200 int *v; in iter_manual_unroll_loop() local
205 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
206 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_manual_unroll_loop()
207 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
208 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_manual_unroll_loop()
209 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
210 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_manual_unroll_loop()
211 v = bpf_iter_num_next(&it); in iter_manual_unroll_loop()
212 bpf_printk("ITER_BASIC: E4 VAL: v=%d\n", v ? *v : -1); in iter_manual_unroll_loop()
223 int *v, i; in iter_multiple_sequential_loops() local
228 while ((v = bpf_iter_num_next(&it))) { in iter_multiple_sequential_loops()
229 bpf_printk("ITER_BASIC: E1 VAL: v=%d", *v); in iter_multiple_sequential_loops()
234 for (v = bpf_iter_num_next(&it); v; v = bpf_iter_num_next(&it)) { in iter_multiple_sequential_loops()
235 bpf_printk("ITER_BASIC: E2 VAL: v=%d", *v); in iter_multiple_sequential_loops()
242 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
243 bpf_printk("ITER_BASIC: E3 VAL: i=%d v=%d", i, v ? *v : -1); in iter_multiple_sequential_loops()
248 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
249 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_multiple_sequential_loops()
250 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
251 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_multiple_sequential_loops()
252 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
253 bpf_printk("ITER_BASIC: E4 VAL: v=%d", v ? *v : -1); in iter_multiple_sequential_loops()
254 v = bpf_iter_num_next(&it); in iter_multiple_sequential_loops()
255 bpf_printk("ITER_BASIC: E4 VAL: v=%d\n", v ? *v : -1); in iter_multiple_sequential_loops()
266 int *v, i = 0, sum = 0; in iter_limit_cond_break_loop() local
271 while ((v = bpf_iter_num_next(&it))) { in iter_limit_cond_break_loop()
272 bpf_printk("ITER_SIMPLE: i=%d v=%d", i, *v); in iter_limit_cond_break_loop()
273 sum += *v; in iter_limit_cond_break_loop()
291 int *v, sum = 0; in iter_obfuscate_counter() local
300 while ((v = bpf_iter_num_next(&it))) { in iter_obfuscate_counter()
303 i += 1; in iter_obfuscate_counter()
306 * track that i becomes 1 on first iteration after increment in iter_obfuscate_counter()
308 * and mark i as precise, ruining open-coded iterator logic in iter_obfuscate_counter()
310 * *precise* value of i, and thus there would be no in iter_obfuscate_counter()
312 * instruction limit, no matter what the limit is. in iter_obfuscate_counter()
314 if (i == 1) in iter_obfuscate_counter()
317 x = i * 3 + 1; in iter_obfuscate_counter()
319 bpf_printk("ITER_OBFUSCATE_COUNTER: i=%d v=%d x=%d", i, *v, x); in iter_obfuscate_counter()
335 int *v, *elem = NULL; in iter_search_loop() local
342 while ((v = bpf_iter_num_next(&it))) { in iter_search_loop()
343 bpf_printk("ITER_SEARCH_LOOP: v=%d", *v); in iter_search_loop()
345 if (*v == 2) { in iter_search_loop()
347 elem = v; in iter_search_loop()
408 /* zero-initialize sums */ in iter_nested_iters()
433 col == ARRAY_SIZE(arr2d[0]) - 1 ? "\n" : ""); in iter_nested_iters()
452 sum += 1; in iter_nested_deeply_iters()
498 /* zero-initialize sums */ in iter_subprog_iters()
520 col == ARRAY_SIZE(arr2d[0]) - 1 ? "\n" : ""); in iter_subprog_iters()
633 /* zero-init arr1 and arr2 in such a way that verifier doesn't know in iter_stack_array_loop()
635 * all combination of zero/non-zero stack slots for arr1/arr2, which in iter_stack_array_loop()
644 if (i & 1) { in iter_stack_array_loop()
731 * The call to bpf_iter_num_next() is reachable with r7 values &fp[-16] and 0xdead. in delayed_read_mark()
732 * State with r7=&fp[-16] is visited first and follows r6 != 42 ... continue branch. in delayed_read_mark()
733 * At this point iterator next() call is reached with r7 that has no read mark. in delayed_read_mark()
738 * r7 = &fp[-16] in delayed_read_mark()
739 * fp[-16] = 0 in delayed_read_mark()
741 * bpf_iter_num_new(&fp[-8], 0, 10) in delayed_read_mark()
742 * while (bpf_iter_num_next(&fp[-8])) { in delayed_read_mark()
748 * bpf_probe_read_user(r7, 8, 0xdeadbeef); // this is not safe in delayed_read_mark()
750 * bpf_iter_num_destroy(&fp[-8]) in delayed_read_mark()
755 "r7 += -16;" in delayed_read_mark()
761 "r1 += -8;" in delayed_read_mark()
765 "1:" in delayed_read_mark()
767 "r1 += -8;" in delayed_read_mark()
770 "r6 += 1;" in delayed_read_mark()
773 "goto 1b;" in delayed_read_mark()
776 "r2 = 8;" in delayed_read_mark()
779 "goto 1b;" in delayed_read_mark()
782 "r1 += -8;" in delayed_read_mark()
804 * The call to bpf_iter_num_next() is reachable with r7 values -16 and -32. in delayed_precision_mark()
805 * State with r7=-16 is visited first and follows r6 != 42 ... continue branch. in delayed_precision_mark()
806 * At this point iterator next() call is reached with r7 that has no read in delayed_precision_mark()
808 * Loop body with r7=-32 would only be visited if verifier would decide to continue in delayed_precision_mark()
813 * fp[-16] = 0 in delayed_precision_mark()
814 * r7 = -16 in delayed_precision_mark()
816 * bpf_iter_num_new(&fp[-8], 0, 10) in delayed_precision_mark()
817 * while (bpf_iter_num_next(&fp[-8])) { in delayed_precision_mark()
819 * r7 = -32 in delayed_precision_mark()
828 * bpf_iter_num_destroy(&fp[-8]) in delayed_precision_mark()
833 "*(u64 *)(r10 - 16) = r8;" in delayed_precision_mark()
834 "r7 = -16;" in delayed_precision_mark()
838 "r1 += -8;" in delayed_precision_mark()
842 "1:" in delayed_precision_mark()
844 "r1 += -8;\n" in delayed_precision_mark()
848 "r7 = -33;" in delayed_precision_mark()
851 "goto 1b;\n" in delayed_precision_mark()
858 "goto 1b;\n" in delayed_precision_mark()
861 "r1 += -8;" in delayed_precision_mark()
884 * - states with c=-25 are explored only on a second iteration in __flag()
886 * - states with read+precise mark on c are explored only on in __flag()
892 * unsafe c=-25 memory access. in __flag()
894 * j = iter_new(); // fp[-16] in __flag()
897 * c = -24; // r8 in __flag()
899 * i = iter_new(); // fp[-8] in __flag()
903 * if (a == 1) { in __flag()
905 * b = 1; in __flag()
907 * a = 1; in __flag()
910 * if (b == 1) { in __flag()
921 * c = -25; in __flag()
928 "r1 += -16;" in __flag()
934 "r8 = -24;" in __flag()
937 "r1 += -16;" in __flag()
941 "r1 += -8;" in __flag()
949 "r1 += -8;" in __flag()
953 "if r6 != 1 goto check_zero_r6_%=;" in __flag()
955 "r7 = 1;" in __flag()
959 "r6 = 1;" in __flag()
964 "if r7 != 1 goto i_loop_%=;" in __flag()
970 "r1 += -8;" in __flag()
973 "r1 += -16;" in __flag()
979 "r1 += -8;" in __flag()
983 "r8 = -25;" in __flag()
987 "r1 += -16;" in __flag()
1009 * - states with read+precise mark on c are explored only on a second in __flag()
1012 * - states with c=-25 are explored only on a second iteration of the in __flag()
1018 * unsafe c=-25 memory access. in __flag()
1020 * j = iter_new(); // fp[-16] in __flag()
1023 * c = -24; // r8 in __flag()
1025 * i = iter_new(); // fp[-8] in __flag()
1029 * if (a == 1) { in __flag()
1031 * b = 1; in __flag()
1033 * a = 1; in __flag()
1036 * if (b == 1) { in __flag()
1045 * i = iter_new(); // fp[-8] in __flag()
1049 * if (a == 1) { in __flag()
1051 * b = 1; in __flag()
1053 * a = 1; in __flag()
1056 * if (b == 1) { in __flag()
1058 * c = -25; in __flag()
1069 "r1 += -16;" in __flag()
1075 "r8 = -24;" in __flag()
1078 "r1 += -16;" in __flag()
1084 "r1 += -8;" in __flag()
1092 "r1 += -8;" in __flag()
1096 "if r6 != 1 goto check_zero_r6_%=;" in __flag()
1098 "r7 = 1;" in __flag()
1102 "r6 = 1;" in __flag()
1107 "if r7 != 1 goto i_loop_%=;" in __flag()
1113 "r1 += -8;" in __flag()
1116 "r1 += -16;" in __flag()
1122 "r1 += -8;" in __flag()
1127 "r1 += -8;" in __flag()
1135 "r1 += -8;" in __flag()
1139 "if r6 != 1 goto check2_zero_r6_%=;" in __flag()
1141 "r7 = 1;" in __flag()
1145 "r6 = 1;" in __flag()
1150 "if r7 != 1 goto i2_loop_%=;" in __flag()
1152 "r8 = -25;" in __flag()
1156 "r1 += -8;" in __flag()
1164 "r1 += -16;" in __flag()
1187 * bpf_iter_num_new(&fp[-8], 0, 10) in triple_continue()
1188 * while (bpf_iter_num_next(&fp[-8])) { in triple_continue()
1197 * bpf_iter_num_destroy(&fp[-8]) in triple_continue()
1202 "r1 += -8;" in triple_continue()
1208 "r1 += -8;" in triple_continue()
1221 "r1 += -8;" in triple_continue()
1239 * The counter is stored in fp[-16], if this counter is not widened in widen_spill()
1242 * fp[-16] = 0 in widen_spill()
1243 * bpf_iter_num_new(&fp[-8], 0, 10) in widen_spill()
1244 * while (bpf_iter_num_next(&fp[-8])) { in widen_spill()
1245 * r0 = fp[-16]; in widen_spill()
1246 * r0 += 1; in widen_spill()
1247 * fp[-16] = r0; in widen_spill()
1249 * bpf_iter_num_destroy(&fp[-8]) in widen_spill()
1254 "*(u64 *)(r10 - 16) = r0;" in widen_spill()
1256 "r1 += -8;" in widen_spill()
1262 "r1 += -8;" in widen_spill()
1265 "r0 = *(u64 *)(r10 - 16);" in widen_spill()
1266 "r0 += 1;" in widen_spill()
1267 "*(u64 *)(r10 - 16) = r0;" in widen_spill()
1271 "r1 += -8;" in widen_spill()
1298 * if (a) sum += 1; in checkpoint_states_deletion()
1299 * if (b) sum += 1; in checkpoint_states_deletion()
1300 * if (c) sum += 1; in checkpoint_states_deletion()
1301 * if (d) sum += 1; in checkpoint_states_deletion()
1302 * if (e) sum += 1; in checkpoint_states_deletion()
1303 * if (f) sum += 1; in checkpoint_states_deletion()
1308 * with different combination of NULL/non-NULL information for a/b/c/d/e/f. in checkpoint_states_deletion()
1313 * exploration would be finished (at-least for a specific path). in checkpoint_states_deletion()
1319 * sl->miss_cnt > sl->hit_cnt * N + N // if true sl->state is evicted in checkpoint_states_deletion()
1327 "*(u64 *)(r10 - 24) = r6;" /* d */ in checkpoint_states_deletion()
1328 "*(u64 *)(r10 - 32) = r6;" /* e */ in checkpoint_states_deletion()
1329 "*(u64 *)(r10 - 40) = r6;" /* f */ in checkpoint_states_deletion()
1332 "r1 += -8;" in checkpoint_states_deletion()
1338 "r1 += -8;" in checkpoint_states_deletion()
1342 "*(u64 *)(r10 - 16) = r0;" in checkpoint_states_deletion()
1346 "r2 += -16;" in checkpoint_states_deletion()
1352 "r2 += -16;" in checkpoint_states_deletion()
1358 "r2 += -16;" in checkpoint_states_deletion()
1364 "r2 += -16;" in checkpoint_states_deletion()
1366 "*(u64 *)(r10 - 24) = r0;" in checkpoint_states_deletion()
1370 "r2 += -16;" in checkpoint_states_deletion()
1372 "*(u64 *)(r10 - 32) = r0;" in checkpoint_states_deletion()
1376 "r2 += -16;" in checkpoint_states_deletion()
1378 "*(u64 *)(r10 - 40) = r0;" in checkpoint_states_deletion()
1380 "if r6 == 0 goto +1;" in checkpoint_states_deletion()
1381 "r9 += 1;" in checkpoint_states_deletion()
1382 "if r7 == 0 goto +1;" in checkpoint_states_deletion()
1383 "r9 += 1;" in checkpoint_states_deletion()
1384 "if r8 == 0 goto +1;" in checkpoint_states_deletion()
1385 "r9 += 1;" in checkpoint_states_deletion()
1386 "r0 = *(u64 *)(r10 - 24);" in checkpoint_states_deletion()
1387 "if r0 == 0 goto +1;" in checkpoint_states_deletion()
1388 "r9 += 1;" in checkpoint_states_deletion()
1389 "r0 = *(u64 *)(r10 - 32);" in checkpoint_states_deletion()
1390 "if r0 == 0 goto +1;" in checkpoint_states_deletion()
1391 "r9 += 1;" in checkpoint_states_deletion()
1392 "r0 = *(u64 *)(r10 - 40);" in checkpoint_states_deletion()
1393 "if r0 == 0 goto +1;" in checkpoint_states_deletion()
1394 "r9 += 1;" in checkpoint_states_deletion()
1399 "r1 += -8;" in checkpoint_states_deletion()
1428 /* no rechecking of i against ARRAY_SIZE(loop_data.n) */ in iter_arr_with_actual_elem_count()
1445 if (str[1] == 'e') in nest_2()
1456 /* case 0: allocate stack, case 1: no allocate stack */ in nest_1()
1465 case 1: in nest_1()
1480 result = 1; in iter_subprog_check_stacksafe()