This patch series addresses a truncation bug in the eBPF verifier function coerce_reg_to_size_sx(). The issue was caused by the incorrect ordering of assignments between 32-bit and 64-bit min/max values, leading to improper truncation when updating the register state. This issue has been reported previously by Zac Ecob[1] , but was not followed up on. The first patch fixes the assignment order in coerce_reg_to_size_sx() to ensure correct truncation. The subsequent patches add selftests for coerce_{reg,subreg}_to_size_sx. [1] (https://lore.kernel.org/bpf/h3qKLDEO6m9nhif0eAQX4fVrqdO0D_OPb0y5HfMK9jBePEKK33wQ3K-bqSVnr0hiZdFZtSJOsbNkcEQGpv_yJk61PAAiO8fUkgMRSO-lB50=@protonmail.com/) Dimitar Kanaliev (3): bpf: Fix truncation bug in coerce_reg_to_size_sx() selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() kernel/bpf/verifier.c | 8 ++-- .../selftests/bpf/progs/verifier_movsx.c | 40 +++++++++++++++++++ 2 files changed, 44 insertions(+), 4 deletions(-) -- 2.43.0