On Wed, 2023-11-08 at 15:11 -0800, Andrii Nakryiko wrote:
> ldimm64 instructions are 16-byte long, and so have to be handled
> appropriately in check_cfg(), just like the rest of BPF verifier does.
>
> This has implications in three places:
> - when determining next instruction for non-jump instructions;
> - when determining next instruction for callback address ldimm64
> instructions (in visit_func_call_insn());
> - when checking for unreachable instructions, where second half of
> ldimm64 is expected to be unreachable;
>
> We take this also as an opportunity to report jump into the middle of
> ldimm64. And adjust few test_verifier tests accordingly.
>
> Reported-by: Hao Sun <sunhao.th@xxxxxxxxx>
> Fixes: 475fb78fbf48 ("bpf: verifier (add branch/goto checks)")
> Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
