git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Eduard Zingerman <eddyz87@gmail.com>
	Mon, 13 Apr 2026 23:30:52 +0000 (16:30 -0700)
committer	Alexei Starovoitov <ast@kernel.org>
	Wed, 15 Apr 2026 15:40:47 +0000 (08:40 -0700)
commit	ecdd4fd8a54ca4679ab8676674a2388ea37eee1a
tree	8729f10397d7fdb52f7d4b30a8c83730a899f7ba	tree \| snapshot
parent	813f336269e629da5d9c86a8098d6bee3d84680e	commit \| diff

bpf: fix arg tracking for imprecise/multi-offset BPF_ST/STX

BPF_STX through ARG_IMPRECISE dst should be recognized as a local
spill and join at_stack with the written value. For example,
consider the following situation:

   // r1 = ARG_IMPRECISE{mask=BIT(0)|BIT(1)}
   *(u64 *)(r1 + 0) = r8

Here the analysis should produce an equivalent of

  at_stack[*] = join(old, r8)

BPF_ST through multi-offset or imprecise dst should join at_stack with
none instead of overwriting the slots. For example, consider the
following situation:

   // r1 = ARG_IMPRECISE{mask=BIT(0)|BIT(1)}
   *(u64 *)(r1 + 0) = 0

Here the analysis should produce an equivalent of

  at_stack[*r1] = join(old, none).

Move the definition of the clear_overlapping_stack_slots() in order to
have __arg_track_join() visible. Remove the OFF_IMPRECISE constant to
avoid having two ways to express imprecise offset.
Only 'offset-imprecise {frame=N, cnt=0}' remains.

Fixes: bf0c571f7feb ("bpf: introduce forward arg-tracking dataflow analysis")
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20260413-stacklive-fixes-v2-1-398e126e5cf3@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>