On Thu, 2024-12-05 at 14:31 -0800, Kumar Kartikeya Dwivedi wrote: [...] > Fixes: cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL") > Reported-by: Manu Bretelle <chantra@xxxxxxxx> > Signed-off-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx> > --- Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx> I think this should work. Although, I'm not sure if we should delay generic fix and do this in two steps. > kernel/bpf/verifier.c | 38 ++++++++++++++++++++++++++++++-------- > 1 file changed, 30 insertions(+), 8 deletions(-) > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index 2fd35465d650..dea92cac2522 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -15340,7 +15340,8 @@ static int reg_set_min_max(struct bpf_verifier_env *env, > return err; > } > > -static void mark_ptr_or_null_reg(struct bpf_func_state *state, > +static void mark_ptr_or_null_reg(struct bpf_verifier_env *env, > + struct bpf_func_state *state, > struct bpf_reg_state *reg, u32 id, > bool is_null) > { > @@ -15357,8 +15358,8 @@ static void mark_ptr_or_null_reg(struct bpf_func_state *state, > */ > if (WARN_ON_ONCE(reg->smin_value || reg->smax_value || !tnum_equals_const(reg->var_off, 0))) > return; > - if (!(type_is_ptr_alloc_obj(reg->type) || type_is_non_owning_ref(reg->type)) && > - WARN_ON_ONCE(reg->off)) > + if (!(type_is_ptr_alloc_obj(reg->type) || type_is_non_owning_ref(reg->type) || > + mask_raw_tp_reg_cond(env, reg)) && WARN_ON_ONCE(reg->off)) Nit: the condition is a bit hard to read, maybe rewrite it as follows: if (!type_is_ptr_alloc_obj(reg->type) && !type_is_non_owning_ref(reg->type) && !mask_raw_tp_reg_cond(env, reg) && WARN_ON_ONCE(reg->off)) return; ? > return; > > if (is_null) { [...]