Commit 7af33399 authored by Mykyta Yatsenko's avatar Mykyta Yatsenko Committed by Alexei Starovoitov
Browse files

bpf: Consistently use reg_state() for register access in the verifier 



Replace the pattern of declaring a local regs array from cur_regs()
and then indexing into it with the more concise reg_state() helper.
This simplifies the code by eliminating intermediate variables and
makes register access more consistent throughout the verifier.

Signed-off-by: default avatarMykyta Yatsenko <yatsenko@meta.com>
Acked-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20260113134826.2214860-1-mykyta.yatsenko5@gmail.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 9c1a3525

kernel/bpf/verifier.c

+19 −23
Original line number Diff line number Diff line
@@ -5654,8 +5654,8 @@ static int check_stack_write(struct bpf_verifier_env *env, 
static int check_map_access_type(struct bpf_verifier_env *env, u32 regno,

				 int off, int size, enum bpf_access_type type)

{

	struct bpf_reg_state *regs = cur_regs(env);

	struct bpf_map *map = regs[regno].map_ptr;

	struct bpf_reg_state *reg = reg_state(env, regno);

	struct bpf_map *map = reg->map_ptr;

	u32 cap = bpf_map_flags_to_cap(map);









	if (type == BPF_WRITE && !(cap & BPF_MAP_CAN_WRITE)) {








@@ -6168,8 +6168,7 @@ static bool may_access_direct_pkt_data(struct bpf_verifier_env *env,







static int check_packet_access(struct bpf_verifier_env *env, u32 regno, int off,









			       int size, bool zero_size_allowed)









{









	struct bpf_reg_state *regs = cur_regs(env);









	struct bpf_reg_state *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	int err;

















	/* We may have added a variable offset to the packet pointer; but any








@@ -6256,8 +6255,7 @@ static int check_sock_access(struct bpf_verifier_env *env, int insn_idx,







			     u32 regno, int off, int size,









			     enum bpf_access_type t)









{









	struct bpf_reg_state *regs = cur_regs(env);









	struct bpf_reg_state *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	struct bpf_insn_access_aux info = {};









	bool valid;
















@@ -7453,8 +7451,7 @@ static int check_stack_access_within_bounds(







		int regno, int off, int access_size,









		enum bpf_access_type type)









{









	struct bpf_reg_state *regs = cur_regs(env);









	struct bpf_reg_state *reg = regs + regno;









	struct bpf_reg_state *reg = reg_state(env, regno);









	struct bpf_func_state *state = func(env, reg);









	s64 min_off, max_off;









	int err;








@@ -8408,7 +8405,7 @@ static int process_spin_lock(struct bpf_verifier_env *env, int regno, int flags)







{









	bool is_lock = flags & PROCESS_SPIN_LOCK, is_res_lock = flags & PROCESS_RES_LOCK;









	const char *lock_str = is_res_lock ? "bpf_res_spin" : "bpf_spin";









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	struct bpf_verifier_state *cur = env->cur_state;









	bool is_const = tnum_is_const(reg->var_off);









	bool is_irq = flags & PROCESS_LOCK_IRQ;








@@ -8524,7 +8521,7 @@ static int process_spin_lock(struct bpf_verifier_env *env, int regno, int flags)







static int check_map_field_pointer(struct bpf_verifier_env *env, u32 regno,









				   enum btf_field_type field_type)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	bool is_const = tnum_is_const(reg->var_off);









	struct bpf_map *map = reg->map_ptr;









	u64 val = reg->var_off.value;








@@ -8571,7 +8568,7 @@ static int check_map_field_pointer(struct bpf_verifier_env *env, u32 regno,







static int process_timer_func(struct bpf_verifier_env *env, int regno,









			      struct bpf_call_arg_meta *meta)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	struct bpf_map *map = reg->map_ptr;









	int err;
















@@ -8595,7 +8592,7 @@ static int process_timer_func(struct bpf_verifier_env *env, int regno,







static int process_wq_func(struct bpf_verifier_env *env, int regno,









			   struct bpf_kfunc_call_arg_meta *meta)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	struct bpf_map *map = reg->map_ptr;









	int err;
















@@ -8616,7 +8613,7 @@ static int process_wq_func(struct bpf_verifier_env *env, int regno,







static int process_task_work_func(struct bpf_verifier_env *env, int regno,









				  struct bpf_kfunc_call_arg_meta *meta)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	struct bpf_map *map = reg->map_ptr;









	int err;
















@@ -8636,7 +8633,7 @@ static int process_task_work_func(struct bpf_verifier_env *env, int regno,







static int process_kptr_func(struct bpf_verifier_env *env, int regno,









			     struct bpf_call_arg_meta *meta)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	struct btf_field *kptr_field;









	struct bpf_map *map_ptr;









	struct btf_record *rec;








@@ -8709,7 +8706,7 @@ static int process_kptr_func(struct bpf_verifier_env *env, int regno,







static int process_dynptr_func(struct bpf_verifier_env *env, int regno, int insn_idx,









			       enum bpf_arg_type arg_type, int clone_ref_obj_id)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	int err;

















	if (reg->type != PTR_TO_STACK && reg->type != CONST_PTR_TO_DYNPTR) {








@@ -8829,7 +8826,7 @@ static bool is_kfunc_arg_iter(struct bpf_kfunc_call_arg_meta *meta, int arg_idx,







static int process_iter_arg(struct bpf_verifier_env *env, int regno, int insn_idx,









			    struct bpf_kfunc_call_arg_meta *meta)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	const struct btf_type *t;









	int spi, err, i, nr_slots, btf_id;
















@@ -9301,7 +9298,7 @@ static int check_reg_type(struct bpf_verifier_env *env, u32 regno,







			  const u32 *arg_btf_id,









			  struct bpf_call_arg_meta *meta)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	enum bpf_reg_type expected, type = reg->type;









	const struct bpf_reg_types *compatible;









	int i, j;








@@ -9714,7 +9711,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,







			  int insn_idx)









{









	u32 regno = BPF_REG_1 + arg;









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	enum bpf_arg_type arg_type = fn->arg_type[arg];









	enum bpf_reg_type type = reg->type;









	u32 *arg_btf_id = NULL;








@@ -11247,7 +11244,7 @@ record_func_key(struct bpf_verifier_env *env, struct bpf_call_arg_meta *meta,







		int func_id, int insn_idx)









{









	struct bpf_insn_aux_data *aux = &env->insn_aux_data[insn_idx];









	struct bpf_reg_state *regs = cur_regs(env), *reg;









	struct bpf_reg_state *reg;









	struct bpf_map *map = meta->map_ptr;









	u64 val, max;









	int err;








@@ -11259,7 +11256,7 @@ record_func_key(struct bpf_verifier_env *env, struct bpf_call_arg_meta *meta,







		return -EINVAL;









	}

















	reg = &regs[BPF_REG_3];









	reg = reg_state(env, BPF_REG_3);









	val = reg->var_off.value;









	max = map->max_entries;
















@@ -11405,8 +11402,7 @@ static struct bpf_insn_aux_data *cur_aux(const struct bpf_verifier_env *env)















static bool loop_flag_is_zero(struct bpf_verifier_env *env)









{









	struct bpf_reg_state *regs = cur_regs(env);









	struct bpf_reg_state *reg = &regs[BPF_REG_4];









	struct bpf_reg_state *reg = reg_state(env, BPF_REG_4);









	bool reg_is_null = register_is_null(reg);

















	if (reg_is_null)








@@ -12668,7 +12664,7 @@ static int process_kf_arg_ptr_to_btf_id(struct bpf_verifier_env *env,







static int process_irq_flag(struct bpf_verifier_env *env, int regno,









			     struct bpf_kfunc_call_arg_meta *meta)









{









	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];









	struct bpf_reg_state *reg = reg_state(env, regno);









	int err, kfunc_class = IRQ_NATIVE_KFUNC;









	bool irq_save;