Received: by 2002:a05:7412:a9a2:b0:e2:908c:2ebd with SMTP id o34csp986479rdh; Fri, 27 Oct 2023 01:02:13 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGZntv3taY9SX9JtA7+M6Lh+5su2RjuuZm5tsdHeSNTtI7W2AUvm5rICD4VQUGFCtXARB7t X-Received: by 2002:a25:abb0:0:b0:da0:e250:15ad with SMTP id v45-20020a25abb0000000b00da0e25015admr2002815ybi.30.1698393733478; Fri, 27 Oct 2023 01:02:13 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698393733; cv=pass; d=google.com; s=arc-20160816; b=bosh8VuoCcxvXnou12RUMGPi64JXnzM3oKV8Osh0lLv4ddVniaV+AHQY8Z07oKe/NY GBtejWhYAveJ6Ps7zq/ueXnBZfkMWi9Q/aBMjkPyKn2R89mYWtPneA6hLH2OBPvH9xrv nnI0MN5PWfG5WQXHN8CGPbT4FNMmTtnReSJHRgJk1yfRN4jjBa+QqkyykT02BrksoCX/ 4ejGKMtM+8IJll73IIhU3OjAf+33wTcXou7Y+S9TMbU+VEzpD3+VtbAibH+wz7kM9T16 3LE/FrSZRok+hh1+NCfqNFYUbavM5czSPchoby1h+Gmt1NgZ9SSxm6wEu58ZvSxpzRWu XDQw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:in-reply-to :content-transfer-encoding:content-disposition:references:message-id :subject:cc:to:from:date:dkim-signature; bh=O6rMfTEXMY0XFp7wYldg/N2Nj3YSs9RWCXJjR7YlXfw=; fh=SpaZbngUqh5y7YMHdwuMA0A2ygfTIa97JL9fd8948sk=; b=E0VANtcctddJeJWJAtpObKpJxKhRtIYU7oAPSvbqv8uL6WgQr3ByJ1AOG6HYVEpto8 v1A+ji4wFwPfJ2Ms2OMgXkZcCeUFqncR0SPAfUKTJy373PhfXYkhXrnHNnd9NCz9mjaX ke7Eirky+WZcRfeks7Etf0XW34IRV7D6KqROTdlx8lux3IoPsuDDsNlj/d+H/g4iziPX S5NpJtBWJzvhrvNcJ5ytpuxpfKyFBM407gCkqTxhJQcoql4e/z7VLUfSJf7SA4SGjphG wZRQHaWkt2xuwH4x/12L5cGjwXIa2QPNvTQT5rYF51jAUqGVc/47IRYCDVBb5X04hyfl My0A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@suse.com header.s=selector1 header.b=kgCASnC+; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id x195-20020a25e0cc000000b00da0c8110f18si1799103ybg.233.2023.10.27.01.02.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Oct 2023 01:02:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=selector1 header.b=kgCASnC+; arc=pass (i=1 spf=pass spfdomain=suse.com dkim=pass dkdomain=suse.com dmarc=pass fromdomain=suse.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id C4AA3808BE44; Fri, 27 Oct 2023 01:02:09 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231388AbjJ0IB6 (ORCPT + 99 others); Fri, 27 Oct 2023 04:01:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229503AbjJ0IB5 (ORCPT ); Fri, 27 Oct 2023 04:01:57 -0400 Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03on2040.outbound.protection.outlook.com [40.107.104.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7F1E111; Fri, 27 Oct 2023 01:01:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P/hy8vMJs5px5acSLHd67iBg9byiQwk2a4a36XYJqkJQAosFLZCgleg2vBSw/IoledKZBbbZNLE66UWV6BMeB2SK7j8BX6KMCo4IXlqwyo5lCXELBHUOUEMZrgbZeJ+WC56NBJaWwZNrVQQZA4kX/ZY44jC1CwZ2FY/LO1HgQXOEmoME389rqUT6ZJTV4KwNCwmh+R9T6i5sGvjsFLxczu+9wSfxnOys2LrtPryVZVM0k51XI+tcwiNri4OYc8MdUUob/zslDoIB410UEePJrJALaUpE2Q4KHKZYPloIs0AovQ/PwuBR6rqLPbqdlbNEJNnYu5k4rO3juU+QheUK9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O6rMfTEXMY0XFp7wYldg/N2Nj3YSs9RWCXJjR7YlXfw=; b=P7XgDU1wzZXh9nD5XzWM1QIZQb52iSYHYKNzquEJ1u26d0jjFoJ3nyb0ji3nsdesaTXFid1lfBgEhz3towTSX6bCJizvH+MxpPiVoUQliweIBZXuLdZq2qAS8XXTce4iyDBfn6vmGEG256IjvVAkajTnAxL0RVKc9MBKi0aHmtk2G/VjvDOsuAQUG/2Kuci5mlEwDThRdApzYeg3dTJzvWmpOQQxn6eTj0r7dPCzmXLtZ2ISisFPq5QSmraVAfP0gxkc3UNv0ZyBrS0JQ5YZMEraXkmuQ4x8nSd3fz2aE8cenrcUqyG9i99j4eCu4yQCjR1tlWxFGAWeOsU5ooD+SQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O6rMfTEXMY0XFp7wYldg/N2Nj3YSs9RWCXJjR7YlXfw=; b=kgCASnC+V2Lq1CdrnuZOih+Hx5Mtpeo48KQhhED8jMG5MJxHuW3P9a6y7hK9WgwW4WgTUt7H24eQOulWu0+nvg5VhVzjm2XYzr8vTWgmpve226BTDQzmAnyT9sxhCjFck4FDn1ZD0VcNgp0pDRaYTJJBz/g2enMcQidt9/xv8tV8OQP0mizbgDwR0L/Q71SgNSgMmDqCYk9/7cDmyQ6dRHyCL+OLSrTAzIb+1DT0tmdhGCMxeokG65FSLrTssiE1xacBhTwlo/MGoaOwMRJ8EmJBsiS4DvxDMLyAebQJZ1RGHXQLlM2dFCqOVgJKHqcMycBsX8SAEHXYdA6BKpwkHw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) by AS8PR04MB9127.eurprd04.prod.outlook.com (2603:10a6:20b:44a::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.8; Fri, 27 Oct 2023 08:01:51 +0000 Received: from AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c]) by AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c%6]) with mapi id 15.20.6954.008; Fri, 27 Oct 2023 08:01:51 +0000 Date: Fri, 27 Oct 2023 16:01:43 +0800 From: Shung-Hsi Yu To: Hao Sun Cc: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Eduard Zingerman , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH bpf-next 1/2] bpf: Fix check_stack_write_fixed_off() to correctly spill imm Message-ID: References: <20231026-fix-check-stack-write-v1-0-6b325ef3ce7e@gmail.com> <20231026-fix-check-stack-write-v1-1-6b325ef3ce7e@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-ClientProxiedBy: FR3P281CA0127.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:94::13) To AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB9510:EE_|AS8PR04MB9127:EE_ X-MS-Office365-Filtering-Correlation-Id: 999a8ba8-1a51-4867-d04c-08dbd6c2fa09 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DL1zSaH9WOI/fDSBsIgGAbHeu3WgPqCWKOd0HwJPTwdsX4Qe3RBnBKC8e9hO9sBT7o1UOHA/tH7V5SoEpoJpLK+oOr7gloDGHzB7/zyo4BfnIBBcViQPx3KJn32JH5sdAHQEvM9TI3W2lcA+giszchIzP5rj7LSjg5/oFAzKysz9jFlq5F7xr+OKdh0kAn4uNaAO1kHRZyD5BnmJC6tfJuyQd2i+U+8K75OOBpEnxy8tMN3rb6ea7mujGv4MyJF/0UvtbxuZKez2A5Nj1aWWnrLoIEuxC654/UrrDUn4uigyWvMe0uap8F1FH588zHqFxqkCctLOYOJRa9Jc1uNKP3yY5fFCzgbYZ3vQzAmu/FnHBbiTBAaXd45jRGDhiZgtgaxbA9ljhtathzpuwP4/yx8xElO4KwPch+u9d6z0I+G9/YFwDhIxwZQlsp5K7/EyaoWq/v08QPob5qUbpbz3HALVZcJzyUxkEINa5DNhGXXQ9kmzpuWZGwRHIL4D9lG42eIjRsDoHolr6W0G+DW7Fm3fWiW41IwRj0Ld6hIlmbc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR04MB9510.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(7916004)(366004)(346002)(376002)(136003)(396003)(39860400002)(230922051799003)(451199024)(1800799009)(186009)(64100799003)(53546011)(66899024)(6666004)(6506007)(33716001)(38100700002)(86362001)(83380400001)(9686003)(6512007)(26005)(7416002)(316002)(66946007)(54906003)(6916009)(66556008)(66476007)(41300700001)(5660300002)(6486002)(2906002)(966005)(478600001)(8676002)(4326008)(8936002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dkpMQkNkeENlemM5Y2dWVG14Q1J2MldVK09INXZDUTFEVzBUWC9mcytlSUo5?= =?utf-8?B?Z0tTRDFMRHVkTlo0dzRyNnRVRDZXQVloZHppdXUxWlJIVm9hc1JZWU1pUGxv?= =?utf-8?B?S2tJbm5rdVljZkhzWFI5Lzh2d3g5UTF0bDY5czdPS1dRc2drTTNsK3NOaXRD?= =?utf-8?B?ejMvOEpXbVFKWWVEZjNpby9HUHF4UnNvbmhlS2FoM0NVV1BBY0xiRlJxZndq?= =?utf-8?B?ZVh1ckhEdFFZTng3ejVnTHVuUUw4c2RrVjVhSXNNYTBpVFRVdzYydENCWWNC?= =?utf-8?B?OFdHWngrckd0R3BVaVg0RDh3WnZrU2FVd3hMNW1pZm9hSlFPSFZLSENFQk43?= =?utf-8?B?N2tyUnNxR1k5N05rRDN1aFZkYWRpN0pTNzQ1bkFLckx4WUMycXA0dkN5RFhF?= =?utf-8?B?aDJHVzk4RmRzYWkwcGNEcjlYY0p6ZXppQTgzNHhhYUwwTm84bi9UZFdiem9a?= =?utf-8?B?MnVVWk4yM0ZFRjJSWTJUQms4NnBweXdURGVxZklmL09Ea1J6MWpzdE8zNkdv?= =?utf-8?B?a3pCK1U4OU1kN0hpdlhmTTNTQ0l6YWFRazAyQ2VFVE40Z0pFK3hPMmZUb2Nq?= =?utf-8?B?NlQxajczeExVQTRqbjFOL3oxV1F3a1lwU1dKVHpxblZFMkRvd2l2cXFoVkh0?= =?utf-8?B?UWR6cWFuZFBkNFNlN1ZtbXQxM3RkcDNMQ1V0SWtZekVEbk9Obi9vbXVMM1BG?= =?utf-8?B?MnczZTlCSVZaNWJ0OXF1dlRxMlA4K1hUNnUyeUIzZk4vdlBPQ0xOUHV4SzhD?= =?utf-8?B?NTF4OEtsVHQ5TDFoUFRXNUg4UmpiWThmcmg3SFllY205WmdtcUx1VXRVUlhS?= =?utf-8?B?S3hrUlNrbi9PTWZVZi8rUm51V3REbHRRdDBCcHJVOGhVb0oyNFRvSys3ZTVK?= =?utf-8?B?QWZ1R2tOUS9FN1Jjamh1R1BGa0t6QTFqWVNKVk13WGJDMHdNU2hIYzN4QU5h?= =?utf-8?B?eHRQWThoRUg1SEprQXNJWVJJUStZSzBPMnBoVVNpVlNYbTgrT0pRS2dNWjBv?= =?utf-8?B?WVd0S2k5d3RZVUo0ME9Lcjh0S2RyWmNuTnZIdVViZlNWTnMyQXZ3OEZUditD?= =?utf-8?B?L3FZK0VGVkpLOGV5YVpidVlrV3NWdDI4UjNQbWFmWUxac0h5TDJINktxVmlS?= =?utf-8?B?QnZHTG5SYVZ2S0VBNjhMc3V5VktNcnNlUWFRb2hrb2hOdEljVlJNdUlBajMz?= =?utf-8?B?ZDBuMTh2SUdwaVY2WCtRZTMxcEtGd25QMEM2VnhZRXVwV1ZOTGNDSUZMOVpU?= =?utf-8?B?d2lsZHZMaG9kc01XV0pZc05XMHNCRUdiUkRPZ09TY3QrY1RDTlpodVU1NnQz?= =?utf-8?B?YVJLa2lnRDBhVUdRNHVpblE5VlFyRXpIbzZZRnBGV2ZFT2ZzUktMdjhGQWVL?= =?utf-8?B?eGJTcnVpWTN1Y0VJNDlWK0hGTnJBMmE2RVp1WWJreXJmcmlkdmhHTnJPRmxZ?= =?utf-8?B?blFNaHN0WGUxWE5OR1d3MGhWRmd3QVVnL3hrV3RuNmJNOVV4TC95QmpxWCtl?= =?utf-8?B?OFI2NDZlYVJTeG9lWkthUnY4SEpnMnNJOHFzaWtFbGtFVC9OOE1vY3pMT0VL?= =?utf-8?B?WTdrclRMY0dNNStVdFE5WDRxUTVrVkZxSkU3Q0ttaHR2RC9uUUxWMzd3WTRE?= =?utf-8?B?ck1aampJL2xuWjVsNUpESjI2dmdNczhVdTNicWVwYTJjZlB5UjV3MjhYMlBv?= =?utf-8?B?N0MwYmtVbGpQKzd4TEpEeXBPZ1NQR1E1YnEyaW5YcnBNRnJsUDM4SUd0a0Zr?= =?utf-8?B?b1lrQkRVdFpma1FMenU3OHI3TStsYTh3Y2E5U0V6dUJ5anlJenQ0MEhmUGdo?= =?utf-8?B?anZUWWJRMFBzWmRTdlA1OW1IZUVqbjg1K3pPU0pBbVFhVEIxSDFKRHAzeUkr?= =?utf-8?B?ZGRoSnJFRVFkRHpYM2YwRXNWL0grbVpOekwrMDNkS1Z6a1ZEYVA1OGdJUXBT?= =?utf-8?B?ckNWci9tWURSTnRiUXY0VWRxbUlKL1lUaC9rQnVsVmovZllqYkhuSmlNUGtu?= =?utf-8?B?V25rRmxaaVpjdHdxMlo3KzBiK29DK1BFNFcvcnpKKzVsWXhuK3hGbkhGMjNO?= =?utf-8?B?bWFBcjBZRTRXUldGSTdzWmhpYitIeUZuRUZHYWJIdWpZUXJaQ1RXZkpMOFh5?= =?utf-8?Q?w2ZALvX82j7skMq53nckT5moq?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 999a8ba8-1a51-4867-d04c-08dbd6c2fa09 X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB9510.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2023 08:01:51.2863 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: kcBkzEm61QGACDgK6M14H2FhGHkaBAyNiUf5Rwqv5a8FU9C75OgwdwiBGo3WsT1ZD/4mDktO7MxTVrtJXZfASA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB9127 X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Fri, 27 Oct 2023 01:02:10 -0700 (PDT) On Fri, Oct 27, 2023 at 09:51:58AM +0200, Hao Sun wrote: > On Fri, Oct 27, 2023 at 9:44 AM Shung-Hsi Yu wrote: > > > > On Fri, Oct 27, 2023 at 03:14:10PM +0800, Shung-Hsi Yu wrote: > > > On Thu, Oct 26, 2023 at 05:13:10PM +0200, Hao Sun wrote: > > > > In check_stack_write_fixed_off(), imm value is cast to u32 before being > > > > spilled to the stack. Therefore, the sign information is lost, and the > > > > range information is incorrect when load from the stack again. > > > > > > > > For the following prog: > > > > 0: r2 = r10 > > > > 1: *(u64*)(r2 -40) = -44 > > > > 2: r0 = *(u64*)(r2 - 40) > > > > 3: if r0 s<= 0xa goto +2 > > > > 4: r0 = 1 > > > > 5: exit > > > > 6: r0 = 0 > > > > 7: exit > > > > > > > > The verifier gives: > > > > func#0 @0 > > > > 0: R1=ctx(off=0,imm=0) R10=fp0 > > > > 0: (bf) r2 = r10 ; R2_w=fp0 R10=fp0 > > > > 1: (7a) *(u64 *)(r2 -40) = -44 ; R2_w=fp0 fp-40_w=4294967252 > > > > 2: (79) r0 = *(u64 *)(r2 -40) ; R0_w=4294967252 R2_w=fp0 > > > > fp-40_w=4294967252 > > > > 3: (c5) if r0 s< 0xa goto pc+2 > > > > mark_precise: frame0: last_idx 3 first_idx 0 subseq_idx -1 > > > > mark_precise: frame0: regs=r0 stack= before 2: (79) r0 = *(u64 *)(r2 -40) > > > > 3: R0_w=4294967252 > > > > 4: (b7) r0 = 1 ; R0_w=1 > > > > 5: (95) exit > > > > verification time 7971 usec > > > > stack depth 40 > > > > processed 6 insns (limit 1000000) max_states_per_insn 0 total_states 0 > > > > peak_states 0 mark_read 0 > > > > > > > > So remove the incorrect cast, since imm field is declared as s32, and > > > > __mark_reg_known() takes u64, so imm would be correctly sign extended > > > > by compiler. > > > > > > > > Signed-off-by: Hao Sun > > > > > > Acked-by: Shung-Hsi Yu > > > > > > The acked-by applies to future version of the patchset as well. > > (BPF_ALU | BPF_MOV | BPF_K) is handled correctly in the current > code, i.e., no cast in BPF_ALU64 so that the sign is extended, and > the cast in BPF_ALU correctly zero extend the reg. My mistake, you're right. Thank you for the explanation. > > Oh and since this is a fix it would be great to have the fixes tag[1] to > > specify when the bug was introduced > > > > Fixes: ecdf985d7615 ("bpf: track immediate values written to stack by BPF_ST instruction") > > Noted, thanks. > > > Add Cc tag for stable[2] so stable kernels pick up the fix as well > > > > Cc: stable@vger.kernel.org > > > > And ideally specify that the patch should be applied to the bpf tree rather > > than bpf-next[3] (though the BPF maintainers has the final say on which tree > > this patch should be applied). > > > > I'd owe you a big thank as well since this helps with our internal process > > at my company. So thank you in advance! > > > > 1: https://docs.kernel.org/process/submitting-patches.html#describe-your-changes > > 2: https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#option-1 > > 3: https://docs.kernel.org/bpf/bpf_devel_QA.html#q-how-do-the-changes-make-their-way-into-linux > > > > > FWIW I think we'd also need the same treatment for the (BPF_ALU | BPF_MOV | > > > BPF_K) case in check_alu_op(). ^ This statement is incorrect as Hao has explained above. > > > > --- > > > > kernel/bpf/verifier.c | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > > > > index 857d76694517..44af69ce1301 100644 > > > > --- a/kernel/bpf/verifier.c > > > > +++ b/kernel/bpf/verifier.c > > > > @@ -4674,7 +4674,7 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env, > > > > insn->imm != 0 && env->bpf_capable) { > > > > struct bpf_reg_state fake_reg = {}; > > > > > > > > - __mark_reg_known(&fake_reg, (u32)insn->imm); > > > > + __mark_reg_known(&fake_reg, insn->imm); > > > > fake_reg.type = SCALAR_VALUE; > > > > save_register_state(state, spi, &fake_reg, size); > > > > } else if (reg && is_spillable_regtype(reg->type)) { > > > > > > > > -- > > > > 2.34.1 > > > >