On 3/20/19 5:57 AM, Paul Chaignon wrote: > The BPF verifier checks the maximum number of call stack frames twice, > first in the main CFG traversal (do_check) and then in a subsequent > traversal (check_max_stack_depth). If the second check fails, it logs a > 'verifier bug' warning and errors out, as the number of call stack frames > should have been verified already. > > However, the second check may fail without indicating a verifier bug: if > the excessive function calls reside in dead code, the main CFG traversal > may not visit them; the subsequent traversal visits all instructions, > including dead code. > > This case raises the question of how invalid dead code should be treated. Maybe we should do this check after dead code elimination to be consistent with do_check? There could some other kinds of illegal stuff in the dead code, e.g., illegal/unsupported helpers, etc. I suppose we did not warn or reject the program, right? > The first patch implements the conservative option and rejects such code; > the second adds a test case. > > Paul Chaignon (2): > bpf: remove incorrect 'verifier bug' warning > selftests/bpf: test case for invalid call stack in dead code > > kernel/bpf/verifier.c | 5 +-- > tools/testing/selftests/bpf/verifier/calls.c | 38 ++++++++++++++++++++ > 2 files changed, 41 insertions(+), 2 deletions(-) >
