On Sat, 2024-12-14 at 00:10 +0100, Kumar Kartikeya Dwivedi wrote:
[...]
@@ -11199,10 +11266,17 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn "kernel subsystem misconfigured verifier\n"); return -EINVAL; }
if (func_id == BPF_FUNC_map_lookup_elem &&can_elide_value_nullness(meta.map_ptr->map_type) &&meta.const_map_key >= 0 &&meta.const_map_key < meta.map_ptr->max_entries)ret_flag &= ~PTR_MAYBE_NULL;I think we probably need mark_chain_precision applied on the constant key since its concrete value is made use of here to prevent pruning on it. If it's already happening and I missed it, I think we should atleast add a comment.
For context of a similar case with tail calls, see commit cc52d9140aa9 ("bpf: Fix record_func_key to perform backtracking on r3") for what happens when it is missed.
Great point, I'm sure this does not happen.
[...]