On Tue, Oct 17, 2023 at 8:26 AM Shung-Hsi Yu <shung-hsi.yu@xxxxxxxx> wrote:
>
> >
> > Sounds good, thank you for looking into it! Let me know if you need me
> > to test a patch :)
>
> Patch based on Andrii's analysis.
>
> Given that both BPF_END and BPF_NEG always operates on dst_reg itself
> and that bt_is_reg_set(bt, dreg) was already checked I believe we can
> just return with no futher action.
>
> ---
> kernel/bpf/verifier.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 9cdba4ce23d2..7e396288aaf0 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -3418,7 +3418,9 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, int subseq_idx,
> if (class == BPF_ALU || class == BPF_ALU64) {
> if (!bt_is_reg_set(bt, dreg))
> return 0;
> - if (opcode == BPF_MOV) {
> + if (opcode == BPF_END || opcode == BPF_NEG) {
> + return 0;
> + } else if (opcode == BPF_MOV) {
lgtm. Pls send an official patch with a selftest.
