git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eduard Zingerman <eddyz87@gmail.com>
	Fri, 10 Apr 2026 20:55:56 +0000 (13:55 -0700)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 10 Apr 2026 22:04:59 +0000 (15:04 -0700)
commit	be23266b4a08540aa43d8503a2ea10247c8daebe
tree	f4fb91695c70112f6cd236f609a48e619bfc283b	tree \| snapshot
parent	7ca5f68cda073a6c4aa6135e98a27c7b2a731cdd	commit \| diff

bpf: 4-byte precise clean_verifier_state

Migrate clean_verifier_state() and its liveness queries from 8-byte
SPI granularity to 4-byte half-slot granularity.

In __clean_func_state(), each SPI is cleaned in two independent
halves:
- half_spi 2*i (lo): slot_type[0..3]
- half_spi 2*i+1 (hi): slot_type[4..7]

Slot types STACK_DYNPTR, STACK_ITER and STACK_IRQ_FLAG are never
cleaned, as their slot type markers are required by
destroy_if_dynptr_stack_slot(), is_iter_reg_valid_uninit() and
is_irq_flag_reg_valid_uninit() for correctness.

When only the hi half is dead, spilled_ptr metadata is destroyed and
the lo half's STACK_SPILL bytes are downgraded to STACK_MISC or
STACK_ZERO. When only the lo half is dead, spilled_ptr is preserved
because the hi half may still need it for state comparison.

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20260410-patch-set-v4-5-5d4eecb343db@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

kernel/bpf/liveness.c		diff \| blob \| blame \| history
kernel/bpf/verifier.c		diff \| blob \| blame \| history