On Wed, 2025-01-15 at 21:51 -0800, Yonghong Song wrote:
> Commit 011832b97b31 ("bpf: Introduce may_goto instruction") added support
> for may_goto insn. The 'may_goto 0' insn is disallowed since the insn is
> equivalent to a nop as both branch will go to the next insn.
>
> But it is possible that compiler transformation may generate 'may_goto 0'
> insn. Emil Tsalapatis from Meta reported such a case which caused
> verification failure. For example, for the following code,
> int i, tmp[3];
> for (i = 0; i < 3 && can_loop; i++)
> tmp[i] = 0;
> ...
>
> clang 20 may generate code like
> may_goto 2;
> may_goto 1;
> may_goto 0;
> r1 = 0; /* tmp[0] = 0; */
> r2 = 0; /* tmp[1] = 0; */
> r3 = 0; /* tmp[2] = 0; */
>
> Let us permit 'may_goto 0' insn to avoid verification failure for codes
> like the above.
>
> Reported-by: Emil Tsalapatis <etsal@xxxxxxxx>
> Signed-off-by: Yonghong Song <yonghong.song@xxxxxxxxx>
> ---
Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
[...]
