• Jakub Kicinski's avatar
    bpf: verifier: propagate liveness on all frames · 83d16312
    Jakub Kicinski authored
    Commit 7640ead9 ("bpf: verifier: make sure callees don't prune
    with caller differences") connected up parentage chains of all
    frames of the stack.  It didn't, however, ensure propagate_liveness()
    propagates all liveness information along those chains.
    
    This means pruning happening in the callee may generate explored
    states with incomplete liveness for the chains in lower frames
    of the stack.
    
    The included selftest is similar to the prior one from commit
    7640ead9 ("bpf: verifier: make sure callees don't prune with
    caller differences"), where callee would prune regardless of the
    difference in r8 state.
    
    Now we also initialize r9 to 0 or 1 based on a result from get_random().
    r9 is never read so the walk with r9 = 0 gets pruned (correctly) after
    the walk with r9 = 1 completes.
    
    The selftest is so arranged that the pruning will happen in the
    callee.  Since callee does not propagate read marks of r8, the
    explored state at the pruning point prior to the callee will
    now ignore r8.
    
    Propagate liveness on all frames of the stack when pruning.
    
    Fixes: f4d7e40a ("bpf: introduce function calls (verification)")
    Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    83d16312
calls.c 57.9 KB