On Thu, Mar 02, 2023 at 03:50:12PM -0800, Andrii Nakryiko wrote:
>
> static enum kfunc_ptr_arg_type
> @@ -10278,7 +10288,17 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
> if (is_kfunc_arg_uninit(btf, &args[i]))
> iter_arg_type |= MEM_UNINIT;
>
> - ret = process_iter_arg(env, regno, insn_idx, iter_arg_type, meta);
> + if (meta->func_id == special_kfunc_list[KF_bpf_iter_num_new] ||
> + meta->func_id == special_kfunc_list[KF_bpf_iter_num_next]) {
> + iter_arg_type |= ITER_TYPE_NUM;
> + } else if (meta->func_id == special_kfunc_list[KF_bpf_iter_num_destroy]) {
> + iter_arg_type |= ITER_TYPE_NUM | OBJ_RELEASE;
Since OBJ_RELEASE is set pretty late here and kfuncs are not marked with KF_RELEASE,
the arg_type_is_release() in check_func_arg_reg_off() won't trigger.
So I'm confused why there is:
+ if (arg_type_is_iter(arg_type))
+ return 0;
in the previous patch.
Will it ever trigger?
Separate question: What happens when the user does:
bpf_iter_destroy(&it);
bpf_iter_destroy(&it);
+ if (!is_iter_reg_valid_init(env, reg)) {
+ verbose(env, "expected an initialized iter as arg #%d\n", regno);
will trigger, right?
I didn't find such selftest.
