On Mon, 2023-12-04 at 10:19 -0800, Andrii Nakryiko wrote: [...] > > @@ -6828,7 +6831,10 @@ static int check_stack_access_within_bounds( > > return err; > > } > > > > - return grow_stack_state(env, state, round_up(-min_off, BPF_REG_SIZE)); > > + /* Note that there is no stack access with offset zero, so the needed stack > > + * size is -min_off, not -min_off+1. > > + */ > > + return grow_stack_state(env, state, -min_off /* size */); > > hmm.. there is still a grow_stack_state() call in > check_stack_write_fixed_off(), right? Which is not necessary because > we do check_stack_access_within_bounds() before that one. Can you drop > it as part of patch #2? I'm not sure I understand what you mean. Patch #2 (v3) drops grow_stack_state() from check_stack_write_fixed_off() so all seems good?