Re: [PATCH bpf-next v2 7/7] bpf: print full verifier states on infinite loop detection

Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> · Sat, 21 Oct 2023 21:28:36 -0700

On Sat, Oct 21, 2023 at 6:08 PM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
>
> Additional logging in is_state_visited(): if infinite loop is detected
> print full verifier state for both current and equivalent states.
>
> Signed-off-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
> ---
>  kernel/bpf/verifier.c | 4 ++++
>  1 file changed, 4 insertions(+)
>

Great, thanks!

Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>

> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index baf31b61b3ff..a91aa8638dba 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -16927,6 +16927,10 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
>                             !iter_active_depths_differ(&sl->state, cur)) {
>                                 verbose_linfo(env, insn_idx, "; ");
>                                 verbose(env, "infinite loop detected at insn %d\n", insn_idx);
> +                               verbose(env, "cur state:");
> +                               print_verifier_state(env, cur->frame[cur->curframe], true);
> +                               verbose(env, "old state:");
> +                               print_verifier_state(env, sl->state.frame[cur->curframe], true);
>                                 return -EINVAL;
>                         }
>                         /* if the verifier is processing a loop, avoid adding new state
> --
> 2.42.0
>