Verifier logic to track pointer is_branch_taken logic to prune paths
that can not be taken. For many types we track if the pointer is null
or not. We can then use this information when calculating if branches
are taken when jump is comparing if pointer is null or not.
First patch is the verifier logic, patches 2/3 are tests for sock
pointers and map values. The final patch adds a printk to one of
the C test cases where the issue was initially reported. Feel free
to drop this if we think its overkill. OTOH it keeps a nice test
of a pattern folks might actually try and also doesn't add much in
the way of test overhead.
---
John Fastabend (4):
bpf: verifier track null pointer branch_taken with JNE and JEQ
bpf: selftests, verifier case for non null pointer check branch taken
bpf: selftests, verifier case for non null pointer map value branch
bpf: selftests, add printk to test_sk_lookup_kern to encode null ptr check
.../selftests/bpf/progs/test_sk_lookup_kern.c | 1 +
.../testing/selftests/bpf/verifier/ref_tracking.c | 16 ++++++++++++++++
.../testing/selftests/bpf/verifier/value_or_null.c | 19 +++++++++++++++++++
3 files changed, 36 insertions(+)
--
Signature
