Looks like I half-baked some last-minute changes before sending this
out. If you disable the JIT, test_verifier will fail.
On Mon, Nov 23, 2020 at 05:32:01PM +0000, Brendan Jackman wrote:
> diff --git a/include/linux/filter.h b/include/linux/filter.h
...
> +#define BPF_ATOMIC_SET(SIZE, DST, SRC, OFF) \
> + ((struct bpf_insn) { \
> + .code = BPF_STX | BPF_SIZE(SIZE) | BPF_ATOMIC, \
> + .dst_reg = DST, \
> + .src_reg = SRC, \
> + .off = OFF, \
> + .imm = BPF_SET })
> +
Should be deleted, and in the tools/ copy too. There's a test case in
the later commit that should be changed to assert that instructions like
this fail to verify.
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 14f5053daf22..2e611d3695bf 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -3602,10 +3602,14 @@ static int check_atomic(struct bpf_verifier_env *env, int insn_idx, struct bpf_i
> {
> struct bpf_reg_state *regs = cur_regs(env);
> int err;
> + int load_reg;
>
> switch (insn->imm) {
> case BPF_ADD:
> case BPF_ADD | BPF_FETCH:
> + case BPF_SET:
Should be deleted.
> + case BPF_SET | BPF_FETCH:
> + case BPF_CMPSET | BPF_FETCH: /* CMPSET without FETCH is not supported */
> break;
> default:
> verbose(env, "BPF_ATOMIC uses invalid atomic opcode %02x\n", insn->imm);
I'll fold the fix into the next revision along with the comments
generated by this initial version.
