[PATCH 4/4] Revert "bpf: allow precision tracking for programs with subprogs"

23 Jun 2025

This reverts commit 2474ec58b96d8a028b046beabdf49f5475eefcf8.
The backport of bpf precision tracking related changes has caused bpf
verifier to panic while loading some certain bpf prog so revert them.
Link: https://lkml.kernel.org/r/20250605070921.GA3795@bytedance/
Reported-by: Wei Wei weiwei.danny@bytedance.com
Signed-off-by: Aaron Lu ziqianlu@bytedance.com
---
 kernel/bpf/verifier.c | 35 +----------------------------------
 1 file changed, 1 insertion(+), 34 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index ecd0d04ff8e61..7a8599355c5ed 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1359,7 +1359,7 @@ static void __mark_reg_unknown(const struct bpf_verifier_env *env,
    reg->type = SCALAR_VALUE;
    reg->var_off = tnum_unknown;
    reg->frameno = 0;
-	reg->precise = !env->bpf_capable;
+	reg->precise = env->subprog_cnt > 1 || !env->bpf_capable;
    __mark_reg_unbounded(reg);
 }
@@ -2102,42 +2102,12 @@ static int __mark_chain_precision(struct bpf_verifier_env *env, int frame, int r
    	return 0;
    if (!reg_mask && !stack_mask)
    	return 0;
-
    for (;;) {
    	DECLARE_BITMAP(mask, 64);
    	u32 history = st->jmp_history_cnt;
if (env->log.level & BPF_LOG_LEVEL)
    		verbose(env, "last_idx %d first_idx %d\n", last_idx, first_idx);
-
-		if (last_idx < 0) {
-			/* we are at the entry into subprog, which
-			 * is expected for global funcs, but only if
-			 * requested precise registers are R1-R5
-			 * (which are global func's input arguments)
-			 */
-			if (st->curframe == 0 &&
-			    st->frame[0]->subprogno > 0 &&
-			    st->frame[0]->callsite == BPF_MAIN_FUNC &&
-			    stack_mask == 0 && (reg_mask & ~0x3e) == 0) {
-				bitmap_from_u64(mask, reg_mask);
-				for_each_set_bit(i, mask, 32) {
-					reg = &st->frame[0]->regs[i];
-					if (reg->type != SCALAR_VALUE) {
-						reg_mask &= ~(1u << i);
-						continue;
-					}
-					reg->precise = true;
-				}
-				return 0;
-			}
-
-			verbose(env, "BUG backtracing func entry subprog %d reg_mask %x stack_mask %llx\n",
-				st->frame[0]->subprogno, reg_mask, stack_mask);
-			WARN_ONCE(1, "verifier backtracking bug");
-			return -EFAULT;
-		}
-
    	for (i = last_idx;;) {
    		if (skip_first) {
    			err = 0;
@@ -11896,9 +11866,6 @@ static int do_check_common(struct bpf_verifier_env *env, int subprog)
    		0 /* frameno */,
    		subprog);
-	state->first_insn_idx = env->subprog_info[subprog].start;
-	state->last_insn_idx = -1;
-
    regs = state->frame[state->curframe]->regs;
    if (subprog || env->prog->type == BPF_PROG_TYPE_EXT) {
    	ret = btf_prepare_func_args(env, subprog, regs);
-- 
2.39.5



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 4/4] Revert "bpf: allow precision tracking for programs with subprogs"