In bpf_validate, when it checks whether the divisor in a BPF_DIV instruction
is a constant 0, it does
case BPF_DIV:
/*
* Check for constant division by 0.
*/
if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
return 0;
break;
BPF_RVAL() is the macro to get the return value of a RET instruction; it
extracts the 0x18 bits. The BPF_DIV opcode is 0x30, which has the 0x10 bit
set; a BPF_DIV instruction with a constant 0 as the divisor would be
BPF_DIV|BPF_K, which is 0x30; BPF_RVAL(p->code) would be 0x10, which isn't
equal to BPF_K, which is 0x00.
The macro to get the source argument of an arithmetic instruction is
BPF_SRC(), which extracts only the 0x08 bit; BPF_SRC(p->code) would be 0x00,
which is equal to BPF_K, so it should be doing
case BPF_DIV:
/*
* Check for constant division by 0.
*/
if (BPF_SRC(p->code) == BPF_K && p->k == 0)
return 0;
break;
