The verifier currently does not save the reg state when spilling <8byte bounded scalar to the stack. The bpf program will be incorrectly rejected when this scalar is refilled to the reg and then used to offset into a packet header. The later patch has a simplified bpf prog from a real use case to demonstrate this case. The current work around is to reparse the packet again such that this offset scalar is close to where the packet data will be accessed to avoid the spill. Thus, the header is parsed twice. The llvm patch [1] will align the <8bytes spill to the 8-byte stack address. This set is to make the necessary changes in verifier to support <8byte scalar spill and refill. [1] https://reviews.llvm.org/D109073 v2: - Changed the xdpwall selftest in patch 3 to trigger a u32 spill at a non 8-byte aligned stack address. The v1 has simplified the real example too much such that it only triggers a u32 spill but does not spill at a non 8-byte aligned stack address. - Changed README.rst in patch 3 to explain the llvm dependency for the xdpwall test. Martin KaFai Lau (4): bpf: Check the other end of slot_type for STACK_SPILL bpf: Support <8-byte scalar spill and refill bpf: selftest: A bpf prog that has a 32bit scalar spill bpf: selftest: Add verifier tests for <8-byte scalar spill and refill kernel/bpf/verifier.c | 97 +++-- tools/testing/selftests/bpf/README.rst | 13 + .../selftests/bpf/prog_tests/xdpwall.c | 15 + tools/testing/selftests/bpf/progs/xdpwall.c | 365 ++++++++++++++++++ .../selftests/bpf/verifier/spill_fill.c | 161 ++++++++ 5 files changed, 625 insertions(+), 26 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/xdpwall.c create mode 100644 tools/testing/selftests/bpf/progs/xdpwall.c -- 2.30.2
