From: david.laight.linux@gmail.com
To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
David Laight <david.laight.linux@gmail.com>
Subject: [PATCH 06/44] bpf: Verifier, remove some unusual uses of min_t() and max_t()
Date: Wed, 19 Nov 2025 22:41:02 +0000 [thread overview]
Message-ID: <20251119224140.8616-7-david.laight.linux@gmail.com> (raw)
In-Reply-To: <20251119224140.8616-1-david.laight.linux@gmail.com>
From: David Laight <david.laight.linux@gmail.com>
min_t() and max_t() are normally used to change the signedness
of a positive value to avoid a signed-v-unsigned compare warning.
However they are used here to convert an unsigned 64bit pattern
to a signed to a 32/64bit signed number.
To avoid any confusion use plain min()/max() and explicitely cast
the u64 expression to the correct signed value.
Use a simple max() for the max_pkt_offset calulation and delete the
comment about why the cast to u32 is safe.
Signed-off-by: David Laight <david.laight.linux@gmail.com>
---
kernel/bpf/verifier.c | 29 +++++++++++------------------
1 file changed, 11 insertions(+), 18 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index ff40e5e65c43..22fa9769fbdb 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2319,12 +2319,12 @@ static void __update_reg32_bounds(struct bpf_reg_state *reg)
struct tnum var32_off = tnum_subreg(reg->var_off);
/* min signed is max(sign bit) | min(other bits) */
- reg->s32_min_value = max_t(s32, reg->s32_min_value,
- var32_off.value | (var32_off.mask & S32_MIN));
+ reg->s32_min_value = max(reg->s32_min_value,
+ (s32)(var32_off.value | (var32_off.mask & S32_MIN)));
/* max signed is min(sign bit) | max(other bits) */
- reg->s32_max_value = min_t(s32, reg->s32_max_value,
- var32_off.value | (var32_off.mask & S32_MAX));
- reg->u32_min_value = max_t(u32, reg->u32_min_value, (u32)var32_off.value);
+ reg->s32_max_value = min(reg->s32_max_value,
+ (s32)(var32_off.value | (var32_off.mask & S32_MAX)));
+ reg->u32_min_value = max(reg->u32_min_value, (u32)var32_off.value);
reg->u32_max_value = min(reg->u32_max_value,
(u32)(var32_off.value | var32_off.mask));
}
@@ -2332,11 +2332,11 @@ static void __update_reg32_bounds(struct bpf_reg_state *reg)
static void __update_reg64_bounds(struct bpf_reg_state *reg)
{
/* min signed is max(sign bit) | min(other bits) */
- reg->smin_value = max_t(s64, reg->smin_value,
- reg->var_off.value | (reg->var_off.mask & S64_MIN));
+ reg->smin_value = max(reg->smin_value,
+ (s64)(reg->var_off.value | (reg->var_off.mask & S64_MIN)));
/* max signed is min(sign bit) | max(other bits) */
- reg->smax_value = min_t(s64, reg->smax_value,
- reg->var_off.value | (reg->var_off.mask & S64_MAX));
+ reg->smax_value = min(reg->smax_value,
+ (s64)(reg->var_off.value | (reg->var_off.mask & S64_MAX)));
reg->umin_value = max(reg->umin_value, reg->var_off.value);
reg->umax_value = min(reg->umax_value,
reg->var_off.value | reg->var_off.mask);
@@ -6128,15 +6128,8 @@ static int check_packet_access(struct bpf_verifier_env *env, u32 regno, int off,
return err;
}
- /* __check_mem_access has made sure "off + size - 1" is within u16.
- * reg->umax_value can't be bigger than MAX_PACKET_OFF which is 0xffff,
- * otherwise find_good_pkt_pointers would have refused to set range info
- * that __check_mem_access would have rejected this pkt access.
- * Therefore, "off + reg->umax_value + size - 1" won't overflow u32.
- */
- env->prog->aux->max_pkt_offset =
- max_t(u32, env->prog->aux->max_pkt_offset,
- off + reg->umax_value + size - 1);
+ env->prog->aux->max_pkt_offset = max(env->prog->aux->max_pkt_offset,
+ off + reg->umax_value + size - 1);
return err;
}
--
2.39.5
next prev parent reply other threads:[~2025-11-19 22:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-19 22:40 [PATCH 00/44] Change a lot of min_t() that might mask high bits david.laight.linux
2025-11-19 22:41 ` david.laight.linux [this message]
2025-11-21 21:40 ` [PATCH 06/44] bpf: Verifier, remove some unusual uses of min_t() and max_t() Alexei Starovoitov
2025-11-21 22:21 ` David Laight
2025-11-23 16:39 ` Alexei Starovoitov
2025-11-23 18:07 ` David Laight
2025-11-23 19:20 ` Alexei Starovoitov
2025-11-23 23:03 ` David Laight
2025-11-19 22:41 ` [PATCH 34/44] bpf: use min() instead of min_t() david.laight.linux
2025-11-19 22:41 ` [PATCH 35/44] " david.laight.linux
2025-11-19 22:41 ` [PATCH 41/44] net/core: Change loop conditions so min() can be used david.laight.linux
2025-11-20 1:47 ` [PATCH 00/44] Change a lot of min_t() that might mask high bits Jakub Kicinski
2025-11-20 9:38 ` Lorenzo Stoakes
2025-11-20 14:52 ` (subset) " Jens Axboe
2025-11-24 9:49 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251119224140.8616-7-david.laight.linux@gmail.com \
--to=david.laight.linux@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox