bpf: Verifier, refine 32bit bound in do_refine_retval_range

Further refine return values range in do_refine_retval_range by noting
these are int return types (We will assume here that int is a 32-bit type).

Two reasons to pull this out of original patch. First it makes the original
fix impossible to backport. And second I've not seen this as being problematic
in practice unlike the other case.

Fixes: 849fa50662fbc ("bpf/verifier: refine retval R0 state for bpf_get_stack helper")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/158560421952.10843.12496354931526965046.stgit@john-Precision-5820-Tower

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1c60d001bb462d858f3bccdd74369d8ad74283f9..04c6630cc18f97b53e2d7a39cd9fbc87435f1bef 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4335,6 +4335,7 @@ static void do_refine_retval_range(struct bpf_reg_state *regs, int ret_type,
                return;
 
        ret_reg->smax_value = meta->msize_max_value;
+       ret_reg->s32_max_value = meta->msize_max_value;
        __reg_deduce_bounds(ret_reg);
        __reg_bound_offset(ret_reg);
        __update_reg_bounds(ret_reg);