On Wed, Dec 1, 2021 at 12:30 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Mon, Nov 29, 2021 at 05:29:42PM -0800, Hao Luo wrote:
> > /* update return register (already marked as written above) */
> > - if (fn->ret_type == RET_INTEGER) {
> > + ret_type = fn->ret_type;
> > + if (ret_type == RET_INTEGER) {
> > /* sets type to SCALAR_VALUE */
> > mark_reg_unknown(env, regs, BPF_REG_0);
> > - } else if (fn->ret_type == RET_VOID) {
> > + } else if (ret_type == RET_VOID) {
> > regs[BPF_REG_0].type = NOT_INIT;
> > - } else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL ||
> > - fn->ret_type == RET_PTR_TO_MAP_VALUE) {
> > + } else if (BPF_BASE_TYPE(ret_type) == RET_PTR_TO_MAP_VALUE) {
> > /* There is no offset yet applied, variable or fixed */
> > mark_reg_known_zero(env, regs, BPF_REG_0);
> > /* remember map_ptr, so that check_map_access()
> > @@ -6530,28 +6536,27 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
> > }
> > regs[BPF_REG_0].map_ptr = meta.map_ptr;
> > regs[BPF_REG_0].map_uid = meta.map_uid;
> > - if (fn->ret_type == RET_PTR_TO_MAP_VALUE) {
> > + if (ret_type_may_be_null(fn->ret_type)) {
>
> it should have been ret_type here?
>
Yes. I think fn->ret_type and ret_type are the same here. I can
replace it with 'ret_type' in the next version.
> > + regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL;
> > + } else {
> > regs[BPF_REG_0].type = PTR_TO_MAP_VALUE;
