Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx> writes:
[...]
> @@ -818,22 +819,19 @@ static void invalidate_dynptr(struct bpf_verifier_env *env, struct bpf_func_stat
> state->stack[spi - 1].spilled_ptr.live |= REG_LIVE_WRITTEN;
> }
>
> -static int unmark_stack_slots_dynptr(struct bpf_verifier_env *env, struct bpf_reg_state *reg)
> +static int __unmark_stack_slots_dynptr(struct bpf_verifier_env *env, struct bpf_func_state *state,
> + int spi, bool slice)
> {
> - struct bpf_func_state *state = func(env, reg);
> - int spi, ref_obj_id, i;
> + u32 ref_obj_id;
> + int i;
>
> - spi = dynptr_get_spi(env, reg);
> - if (spi < 0)
> - return spi;
> + ref_obj_id = state->stack[spi].spilled_ptr.ref_obj_id;
>
> - if (!dynptr_type_refcounted(state->stack[spi].spilled_ptr.dynptr.type)) {
> + if (!dynptr_type_refcounted(state->stack[spi].spilled_ptr.dynptr.type) && !ref_obj_id) {
If dynptr_type_refcounted is true, does this mean that ref_obj_id is set?
If it does, the check could be simplified to just `if (!ref_obj_id)`.
> invalidate_dynptr(env, state, spi);
> return 0;
> }
>
> - ref_obj_id = state->stack[spi].spilled_ptr.ref_obj_id;
> -
> /* If the dynptr has a ref_obj_id, then we need to invalidate
> * two things:
> *
[...]
