Alexei Starovoitov wrote: > From: Alexei Starovoitov <ast@xxxxxxxxxx> > > This patch adds the verifier support to recognize inlined branch conditions. > The LLVM knows that the branch evaluates to the same value, but the verifier > couldn't track it. Hence causing valid programs to be rejected. > The potential LLVM workaround: https://reviews.llvm.org/D87428 > can have undesired side effects, since LLVM doesn't know that > skb->data/data_end are being compared. LLVM has to introduce extra boolean > variable and use inline_asm trick to force easier for the verifier assembly. > > Instead teach the verifier to recognize that > r1 = skb->data; > r1 += 10; > r2 = skb->data_end; > if (r1 > r2) { > here r1 points beyond packet_end and > subsequent > if (r1 > r2) // always evaluates to "true". > } > > Tested-by: Jiri Olsa <jolsa@xxxxxxxxxx> > Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> > --- > include/linux/bpf_verifier.h | 2 +- > kernel/bpf/verifier.c | 129 +++++++++++++++++++++++++++++------ > 2 files changed, 108 insertions(+), 23 deletions(-) > Thanks, we can remove another set of inline asm logic. Acked-by: John Fastabend <john.fastabend@xxxxxxxxx> > if (pred >= 0) { > @@ -7517,7 +7601,8 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, > */ > if (!__is_pointer_value(false, dst_reg)) > err = mark_chain_precision(env, insn->dst_reg); > - if (BPF_SRC(insn->code) == BPF_X && !err) > + if (BPF_SRC(insn->code) == BPF_X && !err && > + !__is_pointer_value(false, src_reg)) This could have been more specific with !type_is_pkt_pointer() correct? I think its fine as is though. > err = mark_chain_precision(env, insn->src_reg); > if (err) > return err; > -- > 2.24.1 >
