On Thu, 2024-02-01 at 04:21 +0000, Kumar Kartikeya Dwivedi wrote:
[...]
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 942243cba9f1..aeaf97b0a749 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2942,6 +2942,15 @@ static int check_subprogs(struct bpf_verifier_env *env)
> insn[i].src_reg == 0 &&
> insn[i].imm == BPF_FUNC_tail_call)
> subprog[cur_subprog].has_tail_call = true;
> + /* Collect callee regs used in the subprog. */
> + if (insn[i].dst_reg == BPF_REG_6 || insn[i].src_reg == BPF_REG_6)
> + subprog[cur_subprog].callee_regs_used[0] = true;
> + if (insn[i].dst_reg == BPF_REG_7 || insn[i].src_reg == BPF_REG_7)
> + subprog[cur_subprog].callee_regs_used[1] = true;
> + if (insn[i].dst_reg == BPF_REG_8 || insn[i].src_reg == BPF_REG_8)
> + subprog[cur_subprog].callee_regs_used[2] = true;
> + if (insn[i].dst_reg == BPF_REG_9 || insn[i].src_reg == BPF_REG_9)
> + subprog[cur_subprog].callee_regs_used[3] = true;
Nit: Maybe move bpf_jit_comp.c:detect_reg_usage() to some place available to
both verifier and jit? Just to keep all related code in one place.
E.g. technically nothing prevents x86 jit to do this detection in a more
precise manner as a "fixed point" computation.
> if (!env->seen_throw_insn && is_bpf_throw_kfunc(&insn[i]))
> env->seen_throw_insn = true;
> if (BPF_CLASS(code) == BPF_LD &&
[...]
