superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/kernel/bpf
History
Puranjay Mohan 7a433e5193 bpf: Support negative offsets, BPF_SUB, and alu32 for linked register tracking 
Previously, the verifier only tracked positive constant deltas between
linked registers using BPF_ADD. This limitation meant patterns like:

  r1 = r0;
  r1 += -4;
  if r1 s>= 0 goto l0_%=;   // r1 >= 0 implies r0 >= 4
  // verifier couldn't propagate bounds back to r0
  if r0 != 0 goto l0_%=;
	r0 /= 0; // Verifier thinks this is reachable
  l0_%=:

Similar limitation exists for 32-bit registers.

With this change, the verifier can now track negative deltas in reg->off
enabling bound propagation for the above pattern.

For alu32, we make sure the destination register has the upper 32 bits
as 0s before creating the link. BPF_ADD_CONST is split into
BPF_ADD_CONST64 and BPF_ADD_CONST32, the latter is used in case of alu32
and sync_linked_regs uses this to zext the result if known_reg has this
flag.

Signed-off-by: Puranjay Mohan <puranjay@kernel.org>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20260204151741.2678118-2-puranjay@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
 		2026-02-04 13:35:28 -08:00
..
preload
Kconfig bpf: Update the bpf_prog_calc_tag to use SHA256 2025-09-18 19:10:20 -07:00
Makefile bpf: annotate file argument as __nullable in bpf_lsm_mmap_file 2025-12-21 10:56:33 -08:00
arena.c bpf: arena: Reintroduce memcg accounting 2026-01-02 14:31:59 -08:00
arraymap.c bpf: Add BPF_F_CPU and BPF_F_ALL_CPUS flags support for percpu_array maps 2026-01-06 20:48:32 -08:00
bloom_filter.c
bpf_cgrp_storage.c bpf: use rcu_read_lock_dont_migrate() for bpf_cgrp_storage_free() 2025-08-25 18:52:16 -07:00
bpf_inode_storage.c bpf: use rcu_read_lock_dont_migrate() for bpf_inode_storage_free() 2025-08-25 18:52:16 -07:00
bpf_insn_array.c bpf: Return EACCES for incorrect access to insn array 2026-01-13 19:36:18 -08:00
bpf_iter.c bpf: Fix bpf_seq_read docs for increased buffer size 2025-12-13 18:57:53 -08:00
bpf_local_storage.c bpf: Replace bpf memory allocator with kmalloc_nolock() in local storage 2025-11-18 16:20:25 -08:00
bpf_lru_list.c bpf: Replace get_next_cpu() with cpumask_next_wrap() 2025-08-18 15:11:02 +02:00
bpf_lru_list.h
bpf_lsm.c bpf: annotate file argument as __nullable in bpf_lsm_mmap_file 2025-12-21 10:56:33 -08:00
bpf_lsm_proto.c bpf: annotate file argument as __nullable in bpf_lsm_mmap_file 2025-12-21 10:56:33 -08:00
bpf_struct_ops.c bpf: Support associating BPF program with struct_ops 2025-12-05 16:17:57 -08:00
bpf_task_storage.c bpf: use rcu_read_lock_dont_migrate() for bpf_task_storage_free() 2025-08-25 18:52:16 -07:00
btf.c bpf: Replace snprintf("%s") with strscpy 2026-02-02 18:43:33 -08:00
btf_iter.c
btf_relocate.c
cgroup.c bpf: Use sk_is_inet() and sk_is_unix() in __cgroup_bpf_run_filter_sock_addr(). 2026-02-04 09:36:01 -08:00
cgroup_iter.c bpf: add new BPF_CGROUP_ITER_CHILDREN control option 2026-01-27 09:05:54 -08:00
core.c bpf: Add bpf_jit_supports_fsession() 2026-01-31 13:51:04 -08:00
cpumap.c bpf: cpumap: propagate underlying error in cpu_map_update_elem() 2025-12-09 23:53:27 -08:00
cpumask.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
crypto.c bpf: crypto: Use the correct destructor kfunc type 2026-01-12 18:53:57 -08:00
devmap.c bpf: Remove redundant __GFP_NOWARN 2025-08-12 14:56:04 -07:00
disasm.c bpf: disasm: add support for BPF_JMP|BPF_JA|BPF_X 2025-11-05 17:53:23 -08:00
disasm.h
dispatcher.c
dmabuf_iter.c bpf: Fix truncated dmabuf iterator reads 2025-12-09 23:48:34 -08:00
hashtab.c bpf: Remove leftover accounting in htab_map_mem_usage after rqspinlock 2026-01-20 11:28:02 -08:00
helpers.c bpf: Add a recursion check to prevent loops in bpf_timer 2026-02-04 13:12:50 -08:00
inode.c bpf: Optimize the performance of find_bpffs_btf_enums 2026-01-13 16:21:36 -08:00
kmem_cache_iter.c
link_iter.c
liveness.c bpf: correct stack liveness for tail calls 2025-11-21 17:45:30 -08:00
local_storage.c bpf: Add BPF_F_CPU and BPF_F_ALL_CPUS flags support for percpu_cgroup_storage maps 2026-01-06 20:48:32 -08:00
log.c bpf, x86: add support for indirect jumps 2025-11-05 17:53:23 -08:00
lpm_trie.c
map_in_map.c
map_in_map.h
map_iter.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
memalloc.c bpf: replace use of system_unbound_wq with system_dfl_wq 2025-09-08 10:04:37 -07:00
mmap_unlock_work.h
mprog.c
net_namespace.c
offload.c bpf: Add SPDX license identifiers to a few files 2026-01-16 14:50:00 -08:00
percpu_freelist.c
percpu_freelist.h
prog_iter.c
queue_stack_maps.c
range_tree.c bpf: arena: Reintroduce memcg accounting 2026-01-02 14:31:59 -08:00
range_tree.h
relo_core.c
reuseport_array.c
ringbuf.c bpf: Add SPDX license identifiers to a few files 2026-01-16 14:50:00 -08:00
rqspinlock.c rqspinlock: Fix TAS fallback lock entry creation 2026-01-23 10:03:49 -08:00
rqspinlock.h
stackmap.c bpf-next-6.19 2025-12-03 16:54:54 -08:00
stream.c bpf: Add bpf_stream_print_stack stack dumping kfunc 2026-02-03 10:41:16 -08:00
syscall.c bpf: Fix tcx/netkit detach permissions when prog fd isn't given 2026-01-27 18:39:58 -08:00
sysfs_btf.c Driver core changes for 6.17-rc1 2025-07-29 12:15:39 -07:00
task_iter.c
tcx.c
tnum.c bpf: Add bitwise tracking for BPF_END 2026-02-04 13:22:39 -08:00
token.c bpf: Add SPDX license identifiers to a few files 2026-01-16 14:50:00 -08:00
trampoline.c bpf,x86: Use single ftrace_ops for direct calls 2026-01-28 11:44:59 -08:00
verifier.c bpf: Support negative offsets, BPF_SUB, and alu32 for linked register tracking 2026-02-04 13:35:28 -08:00