bpf: mark relevant stack slots scratched for register read instructions

When handling instructions that read register slots, mark relevant stack
slots as scratched so that verifier log would contain those slots' states, in
addition to currently emitted registers with stack slot offsets.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20230505043317.3629845-3-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index ff4a8ab99f08cd7c0406f14a3487c32da87c06ea..da8a5834f2ca4d150fe49b18e3a8336f5377a97c 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4109,6 +4109,7 @@ static void mark_reg_stack_read(struct bpf_verifier_env *env,
        for (i = min_off; i < max_off; i++) {
                slot = -i - 1;
                spi = slot / BPF_REG_SIZE;
+               mark_stack_slot_scratched(env, spi);
                stype = ptr_state->stack[spi].slot_type;
                if (stype[slot % BPF_REG_SIZE] != STACK_ZERO)
                        break;
@@ -4160,6 +4161,8 @@ static int check_stack_read_fixed_off(struct bpf_verifier_env *env,
        stype = reg_state->stack[spi].slot_type;
        reg = &reg_state->stack[spi].spilled_ptr;
 
+       mark_stack_slot_scratched(env, spi);
+
        if (is_spilled_reg(&reg_state->stack[spi])) {
                u8 spill_size = 1;