bpf: Reduce stack consumption in check_stack_write_fixed_off

The fake_reg moved into env->fake_reg given it consumes a lot of stack
space (120 bytes). Migrate the fake_reg in check_stack_write_fixed_off()
as well now that we have it.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/r/20240613115310.25383-2-daniel@iogearbox.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index f455548ba46c98cc0f260316eb830fa55725f3b1..e5a0ba3bc38d45011cf7d4ec5982e8e4b449ba74 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4549,11 +4549,12 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env,
                        state->stack[spi].spilled_ptr.id = 0;
        } else if (!reg && !(off % BPF_REG_SIZE) && is_bpf_st_mem(insn) &&
                   env->bpf_capable) {
-               struct bpf_reg_state fake_reg = {};
+               struct bpf_reg_state *tmp_reg = &env->fake_reg[0];
 
-               __mark_reg_known(&fake_reg, insn->imm);
-               fake_reg.type = SCALAR_VALUE;
-               save_register_state(env, state, spi, &fake_reg, size);
+               memset(tmp_reg, 0, sizeof(*tmp_reg));
+               __mark_reg_known(tmp_reg, insn->imm);
+               tmp_reg->type = SCALAR_VALUE;
+               save_register_state(env, state, spi, tmp_reg, size);
        } else if (reg && is_spillable_regtype(reg->type)) {
                /* register containing pointer is being spilled into stack */
                if (size != BPF_REG_SIZE) {