On Tue, 2023-11-21 at 18:16 +0100, Hao Sun wrote:
[...]
> Yet, the sample direct read would be rejected:
>
> func#0 @0
> 0: R1=ctx() R10=fp0
> 0: (bf) r6 = r10 ; R6_w=fp0 R10=fp0
> 1: (61) r7 = *(u32 *)(r6 -200)
> invalid read from stack R6 off=-200 size=4
>
> Eduard, you added support for reading uninit slots, should we also add something
> like the following:
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 8c2d31aa3d31..aa861d2da240 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -6446,7 +6446,7 @@ static int check_stack_slot_within_bounds(int off,
> {
> int min_valid_off;
>
> - if (t == BPF_WRITE)
> + if (t == BPF_WRITE || env->allow_uninit_stack)
> min_valid_off = -MAX_BPF_STACK;
> else
> min_valid_off = -state->allocated_stack;
I agree with your logic and this change seems reasonable.
Sorry for delayed response.
