kernel/bpf/backtrack.c
Source file repositories/reference/linux-study-clean/kernel/bpf/backtrack.c
File Facts
- System
- Linux kernel
- Corpus path
kernel/bpf/backtrack.c- Extension
.c- Size
- 32937 bytes
- Lines
- 985
- Domain
- Core OS
- Bucket
- Scheduler, Processes, Timers, Sync, And Syscalls
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/bpf.hlinux/bpf_verifier.hlinux/filter.hlinux/bitmap.h
Detected Declarations
function bpf_push_jmp_historyfunction is_atomic_load_insnfunction is_atomic_fetch_insnfunction get_prev_insn_idxfunction bt_initfunction bt_resetfunction bt_emptyfunction bt_clear_frame_stack_arg_slotfunction bt_is_frame_stack_arg_slot_setfunction bt_subprog_enterfunction bt_subprog_exitfunction bt_clear_frame_regfunction bt_set_regfunction bt_clear_regfunction bt_clear_frame_slotfunction bt_frame_reg_maskfunction bt_reg_maskfunction bt_frame_stack_maskfunction bt_stack_maskfunction bt_stack_arg_maskfunction bt_is_reg_setfunction fmt_reg_maskfunction bpf_fmt_stack_maskfunction backtrack_insnfunction is_atomic_load_insnfunction bpf_mark_all_scalars_precisefunction bpf_mark_chain_precisionfunction for_each_set_bitfunction for_each_set_bitfunction for_each_set_bitfunction something
Annotated Snippet
if (opcode == BPF_END || opcode == BPF_NEG) {
/* sreg is reserved and unused
* dreg still need precision before this insn
*/
return 0;
} else if (opcode == BPF_MOV) {
if (BPF_SRC(insn->code) == BPF_X) {
/* dreg = sreg or dreg = (s8, s16, s32)sreg
* dreg needs precision after this insn
* sreg needs precision before this insn
*/
bt_clear_reg(bt, dreg);
if (sreg != BPF_REG_FP)
bt_set_reg(bt, sreg);
} else {
/* dreg = K
* dreg needs precision after this insn.
* Corresponding register is already marked
* as precise=true in this verifier state.
* No further markings in parent are necessary
*/
bt_clear_reg(bt, dreg);
}
} else {
if (BPF_SRC(insn->code) == BPF_X) {
/* dreg += sreg
* both dreg and sreg need precision
* before this insn
*/
if (sreg != BPF_REG_FP)
bt_set_reg(bt, sreg);
} /* else dreg += K
* dreg still needs precision before this insn
*/
}
} else if (class == BPF_LDX ||
is_atomic_load_insn(insn) ||
is_atomic_fetch_insn(insn)) {
u32 load_reg = dreg;
/*
* Atomic fetch operation writes the old value into
* a register (sreg or r0) and if it was tracked for
* precision, propagate to the stack slot like we do
* in regular ldx.
*/
if (is_atomic_fetch_insn(insn))
load_reg = insn->imm == BPF_CMPXCHG ?
BPF_REG_0 : sreg;
if (!bt_is_reg_set(bt, load_reg))
return 0;
bt_clear_reg(bt, load_reg);
if (hist && hist->flags & INSN_F_STACK_ARG_ACCESS) {
spi = hist->spi;
/*
* Stack arg read: callee reads from r11+off, but
* the data lives in the caller's stack_arg_regs.
* Set the mask in the caller frame so precision
* is marked in the caller's slot at the callee
* entry checkpoint.
*/
bt_set_frame_stack_arg_slot(bt, bt->frame - 1, spi);
return 0;
}
/* scalars can only be spilled into stack w/o losing precision.
* Load from any other memory can be zero extended.
* The desire to keep that precision is already indicated
* by 'precise' mark in corresponding register of this state.
* No further tracking necessary.
*/
if (!hist || !(hist->flags & INSN_F_STACK_ACCESS))
return 0;
/* dreg = *(u64 *)[fp - off] was a fill from the stack.
* that [fp - off] slot contains scalar that needs to be
* tracked with precision
*/
spi = hist->spi;
fr = hist->frame;
bpf_bt_set_frame_slot(bt, fr, spi);
} else if (class == BPF_STX || class == BPF_ST) {
if (bt_is_reg_set(bt, dreg))
/* stx & st shouldn't be using _scalar_ dst_reg
* to access memory. It means backtracking
* encountered a case of pointer subtraction.
*/
return -ENOTSUPP;
Annotation
- Immediate include surface: `linux/bpf.h`, `linux/bpf_verifier.h`, `linux/filter.h`, `linux/bitmap.h`.
- Detected declarations: `function bpf_push_jmp_history`, `function is_atomic_load_insn`, `function is_atomic_fetch_insn`, `function get_prev_insn_idx`, `function bt_init`, `function bt_reset`, `function bt_empty`, `function bt_clear_frame_stack_arg_slot`, `function bt_is_frame_stack_arg_slot_set`, `function bt_subprog_enter`.
- Atlas domain: Core OS / Scheduler, Processes, Timers, Sync, And Syscalls.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.