Wenbo reported an issue in [1] where a checking of null
pointer is evaluated as always false. In this particular
case, the program type is tp_btf and the pointer to
compare is a PTR_TO_BTF_ID.
As an illustration of original issue, consider the following
example:
struct bpf_fentry_test_t {
struct bpf_fentry_test_t *a;
};
int BPF_PROG(test8, struct bpf_fentry_test_t *arg)
{
if (arg->a == 0)
test8_result = 1;
return 0;
}
In the xlated byte code, "arg->a == 0" condition is evaluted
always false and "test8_result = 1" is removed.
This is not right. Patch #1 shows why this happens and how to
fix it in verifier. Patch #2 added two subtests in test_progs
to catch such cases.
[1]: https://lore.kernel.org/bpf/79dbb7c0-449d-83eb-5f4f-7af0cc269168@xxxxxx/T/
Yonghong Song (2):
bpf: fix an incorrect branch elimination by verifier
bpf: add tests for PTR_TO_BTF_ID vs. null comparison
kernel/bpf/verifier.c | 3 +--
net/bpf/test_run.c | 19 +++++++++++++++-
.../selftests/bpf/prog_tests/fentry_fexit.c | 2 +-
.../testing/selftests/bpf/progs/fentry_test.c | 22 +++++++++++++++++++
.../testing/selftests/bpf/progs/fexit_test.c | 22 +++++++++++++++++++
5 files changed, 64 insertions(+), 4 deletions(-)
--
2.24.1
