I have a relatively complex program that fails to load on 6.5.6 with a if (data + 98 != data_end) return TC_ACT_SHOT; check, that loads fine if I change the above != to (a you would think weaker) > check. It's not important, hit this while debugging, and I don't know if the cause is the verifier treating != differently than > or the compiler optimizing != somehow... but my gut feeling is on the former: some verifier logic special cases > without doing something similar for the stronger != comparison. ... 453: (85) call bpf_trace_printk#6 ; R0_w=scalar() ; if (data + 98 != data_end) return TC_ACT_SHOT; 454: (bf) r1 = r6 ; R1_w=pkt(off=0,r=42,imm=0) R6=pkt(off=0,r=42,imm=0) 455: (07) r1 += 98 ; R1_w=pkt(off=98,r=42,imm=0) ; if (data + 98 != data_end) return TC_ACT_SHOT; 456: (5d) if r1 != r9 goto pc-23 ; R1_w=pkt(off=98,r=42,imm=0) R9=pkt_end(off=0,imm=0) *** IMHO here r=42 should be bumped to 98 *** 457: (bf) r3 = r6 ; R3_w=pkt(off=0,r=42,imm=0) R6=pkt(off=0,r=42,imm=0) 458: (07) r3 += 34 ; R3_w=pkt(off=34,r=42,imm=0) ; uint64_t cs = bpf_csum_diff(NULL, 0, data + 14 + 20, 98 - 14 - 20, 0xFFFF); 459: (b7) r1 = 0 ; R1_w=0 460: (b7) r2 = 0 ; R2_w=0 461: (b7) r4 = 64 ; R4_w=64 462: (b7) r5 = 65535 ; R5_w=65535 463: (85) call bpf_csum_diff#28 invalid access to packet, off=34 size=64, R3(id=0,off=34,r=42) R3 offset is outside of the packet Side note: bpf_csum_diff() is super non user-friendly, but that's for another thread... Happy New Year, Maciej
