verifier: should we handle mark_chain_precision return value properly in loop_flag_is_zero?

From: Suchit Karunakaran
Date: Wed Oct 01 2025 - 10:22:10 EST

Next message: Jingzhou Zhu: "[PATCH v2 2/2] arm64: dts: qcom: Add support for Huawei MateBook E 2019"
Previous message: Jingzhou Zhu: "[PATCH v2 1/2] dt-bindings: arm: qcom: Document Huawei MateBook E 2019"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi folks,
While going through the verifier code, I noticed that the integer return value of mark_chain_precision() is ignored within loop_flag_is_zero().

static bool loop_flag_is_zero(struct bpf_verifier_env *env)
{
struct bpf_reg_state *regs = cur_regs(env);
struct bpf_reg_state *reg = &regs[BPF_REG_4];
bool reg_is_null = register_is_null(reg);

if (reg_is_null)
mark_chain_precision(env, BPF_REG_4);

return reg_is_null;
}

My question is:
Is this behavior intentional (i.e., errors from mark_chain_precision() are safe to ignore here)?
Or should loop_flag_is_zero() propagate the error to update_loop_inline_state() and from there to check_helper_call() function?
I’d appreciate any clarification or suggestions. Apologies if this kind of question isn’t appropriate for the mailing list, I wanted to clarify the intended semantics before attempting a fix.

Thanks,
Suchit Karunakaran

Next message: Jingzhou Zhu: "[PATCH v2 2/2] arm64: dts: qcom: Add support for Huawei MateBook E 2019"
Previous message: Jingzhou Zhu: "[PATCH v2 1/2] dt-bindings: arm: qcom: Document Huawei MateBook E 2019"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]