On Tue, 2024-03-05 at 19:19 -0800, Alexei Starovoitov wrote: > From: Alexei Starovoitov <ast@xxxxxxxxxx> > > When open code iterators, bpf_loop or may_goto are used the following two > states are equivalent and safe to prune the search: > > cur state: fp-8_w=scalar(id=3,smin=umin=smin32=umin32=2,smax=umax=smax32=umax32=11,var_off=(0x0; 0xf)) > old state: fp-8_rw=scalar(id=2,smin=umin=smin32=umin32=1,smax=umax=smax32=umax32=11,var_off=(0x0; 0xf)) > > In other words "exact" state match should ignore liveness and precision > marks, since open coded iterator logic didn't complete their propagation, > reg_old->type == NOT_INIT && reg_cur->type != NOT_INIT is also not safe to > prune while looping, but range_within logic that applies to scalars, > ptr_to_mem, map_value, pkt_ptr is safe to rely on. > > Avoid doing such comparison when regular infinite loop detection logic is > used, otherwise bounded loop logic will declare such "infinite loop" as > false positive. Such example is in progs/verifier_loops1.c > not_an_inifinite_loop(). > > Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
