Re: [PATCH bpf-next v2 2/2] selftests/bpf: Cover half-slot cleanup of pointer spills

Next message: Eric Biggers: "Re: [RFC PATCH 2/7] drm/vino: add the clean-room HDCP 2.2 AKE/LC/SKE"
Previous message: Lee Jones: "Re: (subset) [PATCH v2] mfd: si476x: Modernize GPIO handling"
In reply to: Nuoqi Gui: "[PATCH bpf-next v2 2/2] selftests/bpf: Cover half-slot cleanup of pointer spills"
Next in thread: Nuoqi Gui: "[PATCH bpf-next v2 1/2] bpf: Preserve pointer spill metadata during half-slot cleanup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: bot+bpf-ci

Date: Wed Jun 17 2026 - 12:18:24 EST

> selftests/bpf: Cover half-slot cleanup of pointer spills
>
> Add a verifier regression test for a pointer spill whose high half is
> cleaned dead while the low half remains live. Force checkpoint creation
> with BPF_F_TEST_STATE_FREQ and assert the verifier log reaches the
> checkpoint and the subsequent 32-bit fill before rejecting the partial fill
> from a non-scalar spill.
>
> Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
> Signed-off-by: Nuoqi Gui <gnq25@xxxxxxxxxxxxxxxxxxxxx>

This is a regression test for a verifier bug where a partial 32-bit fill
from a pointer spill whose high half was cleaned dead could read a
non-scalar stack slot past the register-fill check.

The half-slot cleanup that destroys the spilled_ptr metadata when the hi
half is dead was introduced in __clean_func_state() by:

be23266b4a08 ("bpf: 4-byte precise clean_verifier_state")

Should this test carry a Fixes: tag pointing at that commit, matching the
accompanying fix?

Fixes: be23266b4a08 ("bpf: 4-byte precise clean_verifier_state")

---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/27700639579