diff options
| author | Andrii Nakryiko <[email protected]> | 2023-09-18 14:01:10 -0700 |
|---|---|---|
| committer | Alexei Starovoitov <[email protected]> | 2023-09-20 03:26:25 -0700 |
| commit | 81335f90e8a88b81932df011105c46e708744f44 (patch) | |
| tree | 0a13b2a8d05d69f718ca73660e6431db866d2f0e /tools/testing/selftests/bpf/prog_tests/autoload.c | |
| parent | b724a6418f1f853bcb39c8923bf14a50c7bdbd07 (diff) | |
bpf: unconditionally reset backtrack_state masks on global func exit
In mark_chain_precision() logic, when we reach the entry to a global
func, it is expected that R1-R5 might be still requested to be marked
precise. This would correspond to some integer input arguments being
tracked as precise. This is all expected and handled as a special case.
What's not expected is that we'll leave backtrack_state structure with
some register bits set. This is because for subsequent precision
propagations backtrack_state is reused without clearing masks, as all
code paths are carefully written in a way to leave empty backtrack_state
with zeroed out masks, for speed.
The fix is trivial, we always clear register bit in the register mask, and
then, optionally, set reg->precise if register is SCALAR_VALUE type.
Reported-by: Chris Mason <[email protected]>
Fixes: be2ef8161572 ("bpf: allow precision tracking for programs with subprogs")
Signed-off-by: Andrii Nakryiko <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Alexei Starovoitov <[email protected]>
Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/autoload.c')
0 files changed, 0 insertions, 0 deletions