bpf: verifier: centralize const dynptr check in unmark_stack_slots_dynptr()

Move the const dynptr check into unmark_stack_slots_dynptr() so callers
don’t have to duplicate it. This puts the validation next to the code
that manipulates dynptr stack slots and allows upcoming changes to reuse
it directly.

Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20251026203853.135105-6-mykyta.yatsenko5@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 6d175849e57acdab17277139e5a12e4af805a7d6..f60cfab952307ec18e209074816b7d5dc072d091 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -828,6 +828,15 @@ static int unmark_stack_slots_dynptr(struct bpf_verifier_env *env, struct bpf_re
        struct bpf_func_state *state = func(env, reg);
        int spi, ref_obj_id, i;
 
+       /*
+        * This can only be set for PTR_TO_STACK, as CONST_PTR_TO_DYNPTR cannot
+        * be released by any dynptr helper. Hence, unmark_stack_slots_dynptr
+        * is safe to do directly.
+        */
+       if (reg->type == CONST_PTR_TO_DYNPTR) {
+               verifier_bug(env, "CONST_PTR_TO_DYNPTR cannot be released");
+               return -EFAULT;
+       }
        spi = dynptr_get_spi(env, reg);
        if (spi < 0)
                return spi;
@@ -11514,15 +11523,7 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
 
        if (meta.release_regno) {
                err = -EINVAL;
-               /* This can only be set for PTR_TO_STACK, as CONST_PTR_TO_DYNPTR cannot
-                * be released by any dynptr helper. Hence, unmark_stack_slots_dynptr
-                * is safe to do directly.
-                */
                if (arg_type_is_dynptr(fn->arg_type[meta.release_regno - BPF_REG_1])) {
-                       if (regs[meta.release_regno].type == CONST_PTR_TO_DYNPTR) {
-                               verifier_bug(env, "CONST_PTR_TO_DYNPTR cannot be released");
-                               return -EFAULT;
-                       }
                        err = unmark_stack_slots_dynptr(env, &regs[meta.release_regno]);
                } else if (func_id == BPF_FUNC_kptr_xchg && meta.ref_obj_id) {
                        u32 ref_obj_id = meta.ref_obj_id;