diff options
author | Alexei Starovoitov <ast@plumgrid.com> | 2014-10-20 14:54:57 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-10-21 21:43:46 -0400 |
commit | 32bf08a6257b9c7380dcd040af3c0858eee3ef05 (patch) | |
tree | b5928993937cb9bc095f6c3e0393eb63f6471308 /samples/bpf | |
parent | 78fd1d0ab072d4d9b5f0b7c14a1516665170b565 (diff) | |
download | op-kernel-dev-32bf08a6257b9c7380dcd040af3c0858eee3ef05.zip op-kernel-dev-32bf08a6257b9c7380dcd040af3c0858eee3ef05.tar.gz |
bpf: fix bug in eBPF verifier
while comparing for verifier state equivalency the comparison
was missing a check for uninitialized register.
Make sure it does so and add a testcase.
Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier")
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'samples/bpf')
-rw-r--r-- | samples/bpf/test_verifier.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/samples/bpf/test_verifier.c b/samples/bpf/test_verifier.c index f44ef11..eb4bec0 100644 --- a/samples/bpf/test_verifier.c +++ b/samples/bpf/test_verifier.c @@ -209,6 +209,17 @@ static struct bpf_test tests[] = { .result = REJECT, }, { + "program doesn't init R0 before exit in all branches", + .insns = { + BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, 1), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2), + BPF_EXIT_INSN(), + }, + .errstr = "R0 !read_ok", + .result = REJECT, + }, + { "stack out of bounds", .insns = { BPF_ST_MEM(BPF_DW, BPF_REG_10, 8, 0), |