bpf: Simplify mark_stack_slot_obj_read() and callers

Rename mark_stack_slot_obj_read() as mark_stack_slots_scratched() and
directly call it from functions processing iter, dynptr and irq_flag.
Commit 6762e3a0bce5 ("bpf: simplify liveness to use (callsite, depth)
keyed func_instances") has removed the dynamic liveness component in
mark_stack_slot_obj_read(). The function effectively only marks stack
slots as scratched and always succeed. Therefore, return void, drop the
unused bpf_reg_state argument and rename it to
mark_stack_slots_scratched() to reflect what it does now.

In addition, to prepare for unifying dynptr handling, dynptr_get_spi()
will be moved out of mark_dynptr_read(). As mark_dynptr_read() would join
mark_iter_read() as a thin wrapper of mark_stack_slots_scratched(), just
open code these helpers.

Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Amery Hung <ameryhung@gmail.com>
Link: https://lore.kernel.org/r/20260529014936.2811085-2-ameryhung@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 3a270bc485c20ab683d2ba11f875293e74e5a98d..d048f303322088d8f19af12e207f53ba07b37192 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3006,50 +3006,13 @@ out:
        return ret;
 }
 
-static int mark_stack_slot_obj_read(struct bpf_verifier_env *env, struct bpf_reg_state *reg,
-                                   int spi, int nr_slots)
+static void mark_stack_slots_scratched(struct bpf_verifier_env *env,
+                                      int spi, int nr_slots)
 {
        int i;
 
        for (i = 0; i < nr_slots; i++)
                mark_stack_slot_scratched(env, spi - i);
-       return 0;
-}
-
-static int mark_dynptr_read(struct bpf_verifier_env *env, struct bpf_reg_state *reg)
-{
-       int spi;
-
-       /* For CONST_PTR_TO_DYNPTR, it must have already been done by
-        * check_reg_arg in check_helper_call and mark_btf_func_reg_size in
-        * check_kfunc_call.
-        */
-       if (reg->type == CONST_PTR_TO_DYNPTR)
-               return 0;
-       spi = dynptr_get_spi(env, reg);
-       if (spi < 0)
-               return spi;
-       /* Caller ensures dynptr is valid and initialized, which means spi is in
-        * bounds and spi is the first dynptr slot. Simply mark stack slot as
-        * read.
-        */
-       return mark_stack_slot_obj_read(env, reg, spi, BPF_DYNPTR_NR_SLOTS);
-}
-
-static int mark_iter_read(struct bpf_verifier_env *env, struct bpf_reg_state *reg,
-                         int spi, int nr_slots)
-{
-       return mark_stack_slot_obj_read(env, reg, spi, nr_slots);
-}
-
-static int mark_irq_flag_read(struct bpf_verifier_env *env, struct bpf_reg_state *reg)
-{
-       int spi;
-
-       spi = irq_flag_get_spi(env, reg);
-       if (spi < 0)
-               return spi;
-       return mark_stack_slot_obj_read(env, reg, spi, 1);
 }
 
 /* This function is supposed to be used by the following 32-bit optimization
@@ -7261,7 +7224,7 @@ static int process_kptr_func(struct bpf_verifier_env *env, int regno,
 static int process_dynptr_func(struct bpf_verifier_env *env, struct bpf_reg_state *reg, argno_t argno, int insn_idx,
                               enum bpf_arg_type arg_type, int clone_ref_obj_id)
 {
-       int err;
+       int spi, err = 0;
 
        if (reg->type != PTR_TO_STACK && reg->type != CONST_PTR_TO_DYNPTR) {
                verbose(env,
@@ -7323,7 +7286,17 @@ static int process_dynptr_func(struct bpf_verifier_env *env, struct bpf_reg_stat
                        return -EINVAL;
                }
 
-               err = mark_dynptr_read(env, reg);
+               if (reg->type != CONST_PTR_TO_DYNPTR) {
+                       spi = dynptr_get_spi(env, reg);
+                       if (spi < 0)
+                               return spi;
+
+                       /*
+                        * For CONST_PTR_TO_DYNPTR, reg is already scratched by check_reg_arg
+                        * in check_helper_call and mark_btf_func_reg_size in check_kfunc_call.
+                        */
+                       mark_stack_slots_scratched(env, spi, BPF_DYNPTR_NR_SLOTS);
+               }
        }
        return err;
 }
@@ -7433,9 +7406,7 @@ static int process_iter_arg(struct bpf_verifier_env *env, struct bpf_reg_state *
                if (spi < 0)
                        return spi;
 
-               err = mark_iter_read(env, reg, spi, nr_slots);
-               if (err)
-                       return err;
+               mark_stack_slots_scratched(env, spi, nr_slots);
 
                /* remember meta->iter info for process_iter_next_call() */
                meta->iter.spi = spi;
@@ -11399,7 +11370,7 @@ static int process_kf_arg_ptr_to_btf_id(struct bpf_verifier_env *env,
 static int process_irq_flag(struct bpf_verifier_env *env, struct bpf_reg_state *reg, argno_t argno,
                             struct bpf_kfunc_call_arg_meta *meta)
 {
-       int err, kfunc_class = IRQ_NATIVE_KFUNC;
+       int err, spi, kfunc_class = IRQ_NATIVE_KFUNC;
        bool irq_save;
 
        if (meta->func_id == special_kfunc_list[KF_bpf_local_irq_save] ||
@@ -11440,9 +11411,11 @@ static int process_irq_flag(struct bpf_verifier_env *env, struct bpf_reg_state *
                        return err;
                }
 
-               err = mark_irq_flag_read(env, reg);
-               if (err)
-                       return err;
+               spi = irq_flag_get_spi(env, reg);
+               if (spi < 0)
+                       return spi;
+
+               mark_stack_slots_scratched(env, spi, 1);
 
                err = unmark_stack_slot_irq_flag(env, reg, kfunc_class);
                if (err)