On Thu, 2024-09-12 at 22:40 +0800, lonial con wrote: > Hi, > > I tried to build this environment, but it seems that it needs kvm > support. For me, it is very troublesome to prepare a kvm environment. > So could you please write this selftest? Please find the patch for test in the attachment. Please submit a v2 as a patch-set of two parts: - first patch: your fix - second patch: my test Also, please make sure to use up to date bpf-next kernel tree, your patch changes function find_equal_scalars(), this function was renamed to sync_linked_regs() some time ago. So the updated fix should look like: @@ -15349,8 +15349,12 @@ static void sync_linked_regs(struct bpf_verifier_state *vstate, struct bpf_reg_s continue; if ((!(reg->id & BPF_ADD_CONST) && !(known_reg->id & BPF_ADD_CONST)) || reg->off == known_reg->off) { + s32 saved_subreg_def = reg->subreg_def; + copy_register_state(reg, known_reg); + reg->subreg_def = saved_subreg_def; } else { + s32 saved_subreg_def = reg->subreg_def; s32 saved_off = reg->off; fake_reg.type = SCALAR_VALUE; @@ -15363,6 +15367,8 @@ static void sync_linked_regs(struct bpf_verifier_state *vstate, struct bpf_reg_s * otherwise another sync_linked_regs() will be incorrect. */ reg->off = saved_off; + /* TODO: describe why */ + reg->subreg_def = saved_subreg_def; scalar32_min_max_add(reg, &fake_reg); scalar_min_max_add(reg, &fake_reg); For illustrative purposes, you might refer to the test case in the commit message for the fix. (You can actually run it w/o KVM, it would be slower but otherwise should work). W/o your fix the test case is miscompiled as follows: call %[bpf_ktime_get_ns]; call unknown r0 &= 0x7fffffff; after verifier r0 &= 2147483647 w1 = w0; rewrites w1 = w0 if w0 < 10 goto +0; --------------> r11 = 794195110 r1 >>= 32; r11 <<= 32 r0 = r1; r1 |= r11 exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit Leaving return value undefined. [...]