On Sun, Mar 3, 2024 at 9:21 AM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
> > > loop_entry = get_loop_entry(&sl->state);
> > > force_exact = loop_entry && loop_entry->branches > 0;
> > > - if (states_equal(env, &sl->state, cur, force_exact)) {
> > > + if (states_equal(env, &sl->state, cur, force_exact ? EXACT : NOT_EXACT)) {
> >
> > Logically this checks same condition as checks for calls_callback() or
> > is_iter_next_insn() above: whether current state is equivalent to some
> > old state, where old state had not been tracked to 'exit' for each
> > possible path yet.
> > Thus, 'exact' flags used in these checks should be the same:
> > "force_exact ? RANGE_WITHIN : NOT_EXACT".
>
> Good point. Will change. It should help as well.
While working on that suggestion realized that this patch
has a bug that I'm fixing with extra hunk:
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 410ac8423cf8..1e823c40a6d2 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -16471,11 +16471,9 @@ static bool regsafe(struct bpf_verifier_env
*env, struct bpf_reg_state *rold,
if (!(rold->live & REG_LIVE_READ) && exact != RANGE_WITHIN)
/* explored state didn't use this */
return true;
- if (rold->type == NOT_INIT)
+ if (rold->type == NOT_INIT && exact != RANGE_WITHIN)
/* explored state can't have used this */
return true;
- if (rcur->type == NOT_INIT)
- return false;
Kinda obvious in retrospect.
