On Tue, Jan 31, 2023 at 10:00 AM Dave Marchevsky <davemarchevsky@xxxxxx> wrote:
> static void invalidate_non_owning_refs(struct bpf_verifier_env *env,
> struct bpf_active_lock *lock)
> {
> + struct bpf_active_lock *cur_state_lock;
> struct bpf_func_state *unused;
> struct bpf_reg_state *reg;
>
> + cur_state_lock = &env->cur_state->active_lock;
> bpf_for_each_reg_in_vstate(env->cur_state, unused, reg, ({
> - if (reg->non_owning_ref_lock.ptr &&
> - reg->non_owning_ref_lock.ptr == lock->ptr &&
> - reg->non_owning_ref_lock.id == lock->id)
> + if (reg->non_owning_ref_lock &&
> + cur_state_lock->ptr == lock->ptr &&
> + cur_state_lock->id == lock->id)
invalidate_non_owning_refs() is called with &cur_state,
so the last two checks are redundant, but I suspect they hide
the issue with the first check.
Just reg->non_owning_ref_lock is ambiguous.
It needs base_type(reg->type) == PTR_TO_BTF_ID first.
