diff options
| author | Andrii Nakryiko <andrii@kernel.org> | 2023-11-10 03:26:37 +0300 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2023-11-10 07:11:20 +0300 |
| commit | 4bb7ea946a370707315ab774432963ce47291946 (patch) | |
| tree | c4aeda8d7dec289c11b5e7799567e07da7bf612d /tools | |
| parent | 3feb263bb516ee7e1da0acd22b15afbb9a7daa19 (diff) | |
| download | linux-4bb7ea946a370707315ab774432963ce47291946.tar.xz | |
bpf: fix precision backtracking instruction iteration
Fix an edge case in __mark_chain_precision() which prematurely stops
backtracking instructions in a state if it happens that state's first
and last instruction indexes are the same. This situations doesn't
necessarily mean that there were no instructions simulated in a state,
but rather that we starting from the instruction, jumped around a bit,
and then ended up at the same instruction before checkpointing or
marking precision.
To distinguish between these two possible situations, we need to consult
jump history. If it's empty or contain a single record "bridging" parent
state and first instruction of processed state, then we indeed
backtracked all instructions in this state. But if history is not empty,
we are definitely not done yet.
Move this logic inside get_prev_insn_idx() to contain it more nicely.
Use -ENOENT return code to denote "we are out of instructions"
situation.
This bug was exposed by verifier_loop1.c's bounded_recursion subtest, once
the next fix in this patch set is applied.
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Fixes: b5dc0163d8fd ("bpf: precise scalar_value tracking")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20231110002638.4168352-3-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions