On 22/08/17 16:50, Edward Cree wrote:
> On 22/08/17 16:24, Alexei Starovoitov wrote:
>> Do you have a test case for this by any chance?
> I think something like
> if (cond)
> r0=0;
> if (cond)
> r0=0;
> return r0;
> might tickle the bug, but I'm not sure.
It turns out that (cond) has to be constructed not to alter our knowledge
of whatever register we're testing, but apart from that, this works.
{
"liveness pruning and write screening",
.insns = {
/* Get an unknown value */
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0),
/* branch conditions teach us nothing about R2 */
BPF_JMP_IMM(BPF_JGE, BPF_REG_2, 0, 1),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JGE, BPF_REG_2, 0, 1),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.errstr = "R0 !read_ok",
.result = REJECT,
.prog_type = BPF_PROG_TYPE_LWT_IN,
},
This test fails on net-next, but passes with my patch.
I'll include it in the next spin of the series.
- [PATCH net-next 0/4] bpf: verifier fixes Edward Cree
- [PATCH net-next 1/4] selftests/bpf: add a test for... Edward Cree
- [PATCH net-next 2/4] bpf/verifier: remove varlen_m... Edward Cree
- Re: [PATCH net-next 2/4] bpf/verifier: remove ... Alexei Starovoitov
- [PATCH net-next 3/4] bpf/verifier: when pruning a ... Edward Cree
- Re: [PATCH net-next 3/4] bpf/verifier: when pr... Alexei Starovoitov
- Re: [PATCH net-next 3/4] bpf/verifier: whe... Edward Cree
- Re: [PATCH net-next 3/4] bpf/verifier:... Edward Cree
- Re: [PATCH net-next 3/4] bpf/veri... Alexei Starovoitov
- [PATCH net-next 4/4] bpf/verifier: document livene... Edward Cree
- Re: [PATCH net-next 4/4] bpf/verifier: documen... Alexei Starovoitov
- Re: [PATCH net-next 4/4] bpf/verifier: doc... Edward Cree
- Re: [PATCH net-next 4/4] bpf/verifier:... Alexei Starovoitov
