On Mon, May 18, 2020 at 1:05 PM John Fastabend <john.fastabend@xxxxxxxxx> wrote: > > Verifier logic to track pointer is_branch_taken logic to prune paths > that can not be taken. For many types we track if the pointer is null I re-read first sentence many times, still not sure what it is saying. Do you mind rephrasing it a bit for clarity? Thanks! > or not. We can then use this information when calculating if branches > are taken when jump is comparing if pointer is null or not. > > First patch is the verifier logic, patches 2/3 are tests for sock > pointers and map values. The final patch adds a printk to one of > the C test cases where the issue was initially reported. Feel free > to drop this if we think its overkill. OTOH it keeps a nice test > of a pattern folks might actually try and also doesn't add much in > the way of test overhead. > > --- > > John Fastabend (4): > bpf: verifier track null pointer branch_taken with JNE and JEQ > bpf: selftests, verifier case for non null pointer check branch taken > bpf: selftests, verifier case for non null pointer map value branch > bpf: selftests, add printk to test_sk_lookup_kern to encode null ptr check > > > .../selftests/bpf/progs/test_sk_lookup_kern.c | 1 + > .../testing/selftests/bpf/verifier/ref_tracking.c | 16 ++++++++++++++++ > .../testing/selftests/bpf/verifier/value_or_null.c | 19 +++++++++++++++++++ > 3 files changed, 36 insertions(+) > > -- > Signature
