> selftests/bpf: add tests for PTR_TO_FLOW_KEYS constant offset bounds
>
> Add verifier tests covering constant pointer arithmetic on a
> PTR_TO_FLOW_KEYS register, which regressed with commit 022ac0750883
> ("bpf: use reg->var_off instead of reg->off for pointers"): an
> out-of-bounds offset introduced as flow_keys += K and then dereferenced
> at insn->off 0 was accepted, while the equivalent flow_keys + K direct
> offset was rejected.
>
> The tests check that:
> - in-bounds constant arithmetic on the keys pointer is still accepted,
> - an out-of-bounds offset introduced via constant arithmetic is rejected
> for both read and write, with the same diagnostic as the direct
> insn->off form.
>
> Signed-off-by: Nuoqi Gui <[email protected]>
The commit message names the commit that introduced the out-of-bounds
behaviour these tests reproduce, but there is no Fixes: tag.
Should this carry a Fixes: tag so it is backported alongside the
functional fix?
Fixes: 022ac0750883 ("bpf: use reg->var_off instead of reg->off for pointers")
The accompanying fix commit (89ea48e0ec4c) already carries the same tag.
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26970818032
