On Mon, Nov 29, 2021 at 05:29:42PM -0800, Hao Luo wrote:
> /* update return register (already marked as written above) */
> - if (fn->ret_type == RET_INTEGER) {
> + ret_type = fn->ret_type;
> + if (ret_type == RET_INTEGER) {
> /* sets type to SCALAR_VALUE */
> mark_reg_unknown(env, regs, BPF_REG_0);
> - } else if (fn->ret_type == RET_VOID) {
> + } else if (ret_type == RET_VOID) {
> regs[BPF_REG_0].type = NOT_INIT;
> - } else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL ||
> - fn->ret_type == RET_PTR_TO_MAP_VALUE) {
> + } else if (BPF_BASE_TYPE(ret_type) == RET_PTR_TO_MAP_VALUE) {
> /* There is no offset yet applied, variable or fixed */
> mark_reg_known_zero(env, regs, BPF_REG_0);
> /* remember map_ptr, so that check_map_access()
> @@ -6530,28 +6536,27 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
> }
> regs[BPF_REG_0].map_ptr = meta.map_ptr;
> regs[BPF_REG_0].map_uid = meta.map_uid;
> - if (fn->ret_type == RET_PTR_TO_MAP_VALUE) {
> + if (ret_type_may_be_null(fn->ret_type)) {
it should have been ret_type here?
> + regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL;
> + } else {
> regs[BPF_REG_0].type = PTR_TO_MAP_VALUE;
