bpf: enforce precision of R0 on program/async callback return

Given we enforce a valid range for program and async callback return
value, we must mark R0 as precise to avoid incorrect state pruning.

Fixes: b5dc0163d8fd ("bpf: precise scalar_value tracking")
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20231202175705.885270-9-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index c54944af1bccbc4d84fa14ae8fad09475c276aff..2cd150d6d141ed015e15c04b214c89171045af25 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -15138,6 +15138,10 @@ enforce_retval:
                return -EINVAL;
        }
 
+       err = mark_chain_precision(env, regno);
+       if (err)
+               return err;
+
        if (!retval_range_within(range, reg)) {
                verbose_invalid_scalar(env, reg, range, exit_ctx, reg_name);
                if (!is_subprog &&