projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8477fe1)
bpf: handle fake register spill to stack with BPF_ST_MEM instruction
authorAndrii Nakryiko <andrii@kernel.org>
Sat, 9 Dec 2023 01:09:57 +0000 (17:09 -0800)
committerAlexei Starovoitov <ast@kernel.org>
Sun, 10 Dec 2023 02:43:20 +0000 (18:43 -0800)
When verifier validates BPF_ST_MEM instruction that stores known
constant to stack (e.g., *(u64 *)(r10 - 8) = 123), it effectively spills
a fake register with a constant (but initially imprecise) value to
a stack slot. Because read-side logic treats it as a proper register
fill from stack slot, we need to mark such stack slot initialization as
INSN_F_STACK_ACCESS instruction to stop precision backtracking from
missing it.

Fixes: 41f6f64e6999 ("bpf: support non-r10 register spill/fill to/from stack in precision tracking")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20231209010958.66758-1-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
kernel/bpf/verifier.c patch | blob | history

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index fb690539d5f635cf7ba6231887d8d1223e468c87..727a59e4a6479ad3950684c001cc0be31b003757 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4498,7 +4498,6 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env,
                __mark_reg_known(&fake_reg, insn->imm);
                fake_reg.type = SCALAR_VALUE;
                save_register_state(env, state, spi, &fake_reg, size);
-               insn_flags = 0; /* not a register spill */
        } else if (reg && is_spillable_regtype(reg->type)) {
                /* register containing pointer is being spilled into stack */
                if (size != BPF_REG_SIZE) {
ep93xx device tree rework repo: git://git.maquefel.me/linux.git