On Mon, Dec 14, 2020 at 11:53 AM Dmitrii Banshchikov <me@xxxxxxxxxxxxx> wrote:
>
> Factor out helper function for conversion nullable register type to its
> corresponding type with value.
>
> Signed-off-by: Dmitrii Banshchikov <me@xxxxxxxxxxxxx>
> ---
> kernel/bpf/verifier.c | 77 ++++++++++++++++++++++++-------------------
> 1 file changed, 44 insertions(+), 33 deletions(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 93def76cf32b..dee296dbc7a1 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -1073,6 +1073,43 @@ static void mark_reg_known_zero(struct bpf_verifier_env *env,
> __mark_reg_known_zero(regs + regno);
> }
[...]
> - if (is_null) {
> /* We don't need id and ref_obj_id from this point
> * onwards anymore, thus we should better reset it,
> * so that state pruning has chances to take effect.
> */
> reg->id = 0;
> reg->ref_obj_id = 0;
nit: I'd just return here and reduce further nesting of the else branch.
> - } else if (!reg_may_point_to_spin_lock(reg)) {
> - /* For not-NULL ptr, reg->ref_obj_id will be reset
> + } else {
> + mark_ptr_not_null_reg(reg);
Now that this can return -EINVAL, I think some WARN or error message is due.
> +
> + if (!reg_may_point_to_spin_lock(reg)) {
> + /* For not-NULL ptr, reg->ref_obj_id will be reset
> * in release_reg_references().
> *
> * reg->id is still used by spin_lock ptr. Other
> * than spin_lock ptr type, reg->id can be reset.
> */
> - reg->id = 0;
> + reg->id = 0;
> + }
> }
> }
> }
> --
> 2.25.1
>
