bpf: incorrectly reject program with `back-edge insn from 7 to 8`

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

The verifier incorrectly rejects the following prog in check_cfg() when
loading with root with confusing log `back-edge insn from 7 to 8`:
  /* 0: r9 = 2
   * 1: r3 = 0x20
   * 2: r4 = 0x35
   * 3: r8 = r4
   * 4: goto+3
   * 5: r9 -= r3
   * 6: r9 -= r4
   * 7: r9 -= r8
   * 8: r8 += r4
   * 9: if r8 < 0x64 goto-5
   * 10: r0 = r9
   * 11: exit
   * */
  BPF_MOV64_IMM(BPF_REG_9, 2),
  BPF_MOV64_IMM(BPF_REG_3, 0x20),
  BPF_MOV64_IMM(BPF_REG_4, 0x35),
  BPF_MOV64_REG(BPF_REG_8, BPF_REG_4),
  BPF_JMP_IMM(BPF_JA, 0, 0, 3),
  BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_3),
  BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_4),
  BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8),
  BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_4),
  BPF_JMP32_IMM(BPF_JLT, BPF_REG_8, 0x68, -5),
  BPF_MOV64_REG(BPF_REG_0, BPF_REG_9),
  BPF_EXIT_INSN()

-------- Verifier Log --------
func#0 @0
back-edge from insn 7 to 8
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0
peak_states 0 mark_read 0

This is not intentionally rejected, right?

Best
Hao
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux