On Sat, 2024-12-14 at 00:10 +0100, Kumar Kartikeya Dwivedi wrote:
[...]
> > @@ -11199,10 +11266,17 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
> > "kernel subsystem misconfigured verifier\n");
> > return -EINVAL;
> > }
> > +
> > + if (func_id == BPF_FUNC_map_lookup_elem &&
> > + can_elide_value_nullness(meta.map_ptr->map_type) &&
> > + meta.const_map_key >= 0 &&
> > + meta.const_map_key < meta.map_ptr->max_entries)
> > + ret_flag &= ~PTR_MAYBE_NULL;
>
> I think we probably need mark_chain_precision applied on the constant
> key since its concrete value is made use of here to prevent pruning on
> it. If it's already happening and I missed it, I think we should
> atleast add a comment.
>
> For context of a similar case with tail calls, see commit
> cc52d9140aa9 ("bpf: Fix record_func_key to perform backtracking on r3")
> for what happens when it is missed.
Great point, I'm sure this does not happen.
[...]
