From: Ihor Solodrai <ihor.solodrai@linux.dev>
To: Eduard Zingerman <eddyz87@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <martin.lau@linux.dev>
Cc: Mykyta Yatsenko <yatsenko@meta.com>, Tejun Heo <tj@kernel.org>,
Alan Maguire <alan.maguire@oracle.com>,
Benjamin Tissoires <bentiss@kernel.org>,
Jiri Kosina <jikos@kernel.org>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-input@vger.kernel.org, sched-ext@lists.linux.dev
Subject: Re: [PATCH bpf-next v1 03/10] bpf: Verifier support for KF_IMPLICIT_ARGS
Date: Tue, 13 Jan 2026 15:48:46 -0800 [thread overview]
Message-ID: <c7e2a776-52f9-46ad-8422-3a9202bbd9f1@linux.dev> (raw)
In-Reply-To: <93ecdc25-aa5e-485b-8ff4-a9db3b585861@linux.dev>
On 1/13/26 2:03 PM, Ihor Solodrai wrote:
> On 1/13/26 12:39 PM, Eduard Zingerman wrote:
>> On Fri, 2026-01-09 at 10:48 -0800, Ihor Solodrai wrote:
>>>
>>
>> [...]
>>
>>> @@ -14303,6 +14358,17 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
>>> for (i = 0; i < nargs; i++) {
>>> u32 regno = i + 1;
>>>
>>> + /*
>>> + * Implicit kfunc arguments are set after main verification pass.
>>> + * For correct tracking of zero-extensions we have to reset subreg_def for such
>>> + * args. Otherwise mark_btf_func_reg_size() will be inspecting subreg_def of regs
>>> + * from an earlier (irrelevant) point in the program, which may lead to an error
>>> + * in opt_subreg_zext_lo32_rnd_hi32().
>>> + */
>>> + if (unlikely(KF_IMPLICIT_ARGS & meta.kfunc_flags
>>> + && is_kfunc_arg_implicit(desc_btf, &args[i])))
>>> + regs[regno].subreg_def = DEF_NOT_SUBREG;
>>> +
>>
>> Did you try doing this in `mark_reg_not_init()`?
>> This function is called for R1-R5 some time prior this hunk.
>
>> Did you try doing this in `mark_reg_not_init()`?
>
> Just tried, it doesn't work because REG0 is considered a caller saved
> register, and so it breaks the zext tracking:
>
> #define CALLER_SAVED_REGS 6
> static const int caller_saved[CALLER_SAVED_REGS] = {
> BPF_REG_0, BPF_REG_1, BPF_REG_2, BPF_REG_3, BPF_REG_4, BPF_REG_5
> };
>
> [...]
>
> for (i = 0; i < CALLER_SAVED_REGS; i++)
> mark_reg_not_init(env, regs, caller_saved[i]);
>
> CI run for the diff below (on top of this series):
> https://github.com/kernel-patches/bpf/actions/runs/20972520708
>
>
> [...]
>
> ---
>
> Resetting all reg args appears to be working however (see below).
> CI: https://github.com/kernel-patches/bpf/actions/runs/20973490221
>
A follow up after a chat with Eduard.
This change in check_kfunc_call() appears to be working:
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 092003cc7841..ff743335111c 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -13958,8 +13958,11 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
regs = branch->frame[branch->curframe]->regs;
/* Clear r0-r5 registers in forked state */
- for (i = 0; i < CALLER_SAVED_REGS; i++)
- mark_reg_not_init(env, regs, caller_saved[i]);
+ for (i = 0; i < CALLER_SAVED_REGS; i++) {
+ u32 regno = caller_saved[i];
+ mark_reg_not_init(env, regs, regno);
+ regs[regno].subreg_def = DEF_NOT_SUBREG;
+ }
mark_reg_unknown(env, regs, BPF_REG_0);
err = __mark_reg_s32_range(env, regs, BPF_REG_0, -MAX_ERRNO, -1);
https://github.com/kernel-patches/bpf/actions/runs/20975419422
Apparently, doing .subreg_def = DEF_NOT_SUBREG in mark_reg_not_init()
breaks zero-extension tracking somewhere else. But this is not
directly relevant to the series.
Eduard, Alexei, any concerns with this diff? Should I send a separate
patch?
> [...]
next prev parent reply other threads:[~2026-01-13 23:49 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-09 18:48 [PATCH bpf-next v1 00/10] bpf: Kernel functions with KF_IMPLICIT_ARGS Ihor Solodrai
2026-01-09 18:48 ` [PATCH bpf-next v1 01/10] bpf: Refactor btf_kfunc_id_set_contains Ihor Solodrai
2026-01-13 21:43 ` Eduard Zingerman
2026-01-09 18:48 ` [PATCH bpf-next v1 02/10] bpf: Introduce struct bpf_kfunc_meta Ihor Solodrai
2026-01-13 21:46 ` Eduard Zingerman
2026-01-09 18:48 ` [PATCH bpf-next v1 03/10] bpf: Verifier support for KF_IMPLICIT_ARGS Ihor Solodrai
2026-01-09 19:54 ` Alexei Starovoitov
2026-01-09 23:25 ` Andrii Nakryiko
2026-01-13 20:39 ` Eduard Zingerman
2026-01-13 22:03 ` Ihor Solodrai
2026-01-13 23:48 ` Ihor Solodrai [this message]
2026-01-14 0:55 ` Alexei Starovoitov
2026-01-14 3:57 ` Ihor Solodrai
2026-01-14 1:35 ` Eduard Zingerman
2026-01-13 21:59 ` Eduard Zingerman
2026-01-14 0:03 ` Ihor Solodrai
2026-01-14 1:06 ` Eduard Zingerman
2026-01-14 4:08 ` Ihor Solodrai
2026-01-09 18:48 ` [PATCH bpf-next v1 04/10] resolve_btfids: Support " Ihor Solodrai
2026-01-09 19:15 ` bot+bpf-ci
2026-01-09 19:34 ` Ihor Solodrai
2026-01-09 23:25 ` Andrii Nakryiko
2026-01-10 1:15 ` Ihor Solodrai
2026-01-12 16:51 ` Andrii Nakryiko
2026-01-13 1:49 ` Ihor Solodrai
2026-01-13 16:55 ` Andrii Nakryiko
2026-01-09 18:48 ` [PATCH bpf-next v1 05/10] selftests/bpf: Add tests " Ihor Solodrai
2026-01-09 23:25 ` Andrii Nakryiko
2026-01-10 1:29 ` Ihor Solodrai
2026-01-12 16:55 ` Andrii Nakryiko
2026-01-09 18:48 ` [PATCH bpf-next v1 06/10] bpf: Add bpf_wq_set_callback kfunc with KF_IMPLICIT_ARGS Ihor Solodrai
2026-01-09 18:48 ` [PATCH bpf-next v1 07/10] HID: Use bpf_wq_set_callback kernel function Ihor Solodrai
2026-01-09 21:34 ` Benjamin Tissoires
2026-01-09 18:48 ` [PATCH bpf-next v1 08/10] bpf: Add bpf_task_work_schedule_* kfuncs with KF_IMPLICIT_ARGS Ihor Solodrai
2026-01-09 19:58 ` Alexei Starovoitov
2026-01-09 20:02 ` Ihor Solodrai
2026-01-09 20:47 ` Alexei Starovoitov
2026-01-09 21:39 ` Ihor Solodrai
2026-01-09 21:49 ` Alexei Starovoitov
2026-01-09 21:56 ` Ihor Solodrai
2026-01-12 18:53 ` Ihor Solodrai
2026-01-12 22:43 ` Andrii Nakryiko
2026-01-09 18:48 ` [PATCH bpf-next v1 09/10] bpf: Add bpf_stream_vprintk " Ihor Solodrai
2026-01-09 18:48 ` [PATCH bpf-next v1 10/10] bpf,docs: Document KF_IMPLICIT_ARGS flag Ihor Solodrai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c7e2a776-52f9-46ad-8422-3a9202bbd9f1@linux.dev \
--to=ihor.solodrai@linux.dev \
--cc=alan.maguire@oracle.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bentiss@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=jikos@kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sched-ext@lists.linux.dev \
--cc=tj@kernel.org \
--cc=yatsenko@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.