Jann Horn writes:
> On Tue, Mar 26, 2019 at 7:06 PM Jiong Wang <jiong.wang@xxxxxxxxxxxxx> wrote:
>>
>> In previous patch, we have split register arg type for sub-register read,
>> but haven't touch read liveness.
>>
>> This patch further split read liveness into REG_LIVE_READ64 and
>> REG_LIVE_READ32. Liveness propagation code are updated accordingly.
>>
>> After this split, customized actions could be defined when propagating full
>> register read (REG_LIVE_READ64) or sub-register read (REG_LIVE_READ32).
>>
>> Signed-off-by: Jiong Wang <jiong.wang@xxxxxxxxxxxxx>
> [...]
>> @@ -1374,7 +1374,8 @@ static int check_stack_read(struct bpf_verifier_env *env,
>> return -EACCES;
>> }
>> mark_reg_read(env, ®_state->stack[spi].spilled_ptr,
>> - reg_state->stack[spi].spilled_ptr.parent);
>> + reg_state->stack[spi].spilled_ptr.parent,
>> + size == BPF_REG_SIZE);
>
> Isn't it possible to use a 4-byte read on the upper half of an 8-byte
> stack slot?
I think that's fine, and is irrelevant with zero-extension on register.
If it is a 8-byte stack slot comes from spill of register, then the
definition of the register should have been marked as needing
zero-extension if that register was generated by sub-register write.
Regards,
Jiong
>
>> if (value_regno >= 0) {
>> if (zeros == size) {
>> /* any size read into register is zero extended,
>> @@ -2220,7 +2221,8 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno,
>> * the whole slot to be marked as 'read'
>> */
>> mark_reg_read(env, &state->stack[spi].spilled_ptr,
>> - state->stack[spi].spilled_ptr.parent);
>> + state->stack[spi].spilled_ptr.parent,
>> + access_size == BPF_REG_SIZE);
>
> Same thing as above.
>
>> }
>> return update_stack_depth(env, state, off);
>> }
> [...]
