bpf: teach verifier to recognize imm += ptr pattern
authorAlexei Starovoitov <ast@fb.com>
Fri, 20 May 2016 01:17:14 +0000 (18:17 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 20 May 2016 23:53:03 +0000 (19:53 -0400)
commit1b9b69ecb3a5236d4d3da0f0fa11af916371841e
tree1f5773cda4c0b535c4432f12a633ff304d11a004
parentd91b28ed42de99217efb2e8cb0357263d6fb737c
bpf: teach verifier to recognize imm += ptr pattern

Humans don't write C code like:
  u8 *ptr = skb->data;
  int imm = 4;
  imm += ptr;
but from llvm backend point of view 'imm' and 'ptr' are registers and
imm += ptr may be preferred vs ptr += imm depending which register value
will be used further in the code, while verifier can only recognize ptr += imm.
That caused small unrelated changes in the C code of the bpf program to
trigger rejection by the verifier. Therefore teach the verifier to recognize
both ptr += imm and imm += ptr.
For example:
when R6=pkt(id=0,off=0,r=62) R7=imm22
after r7 += r6 instruction
will be R6=pkt(id=0,off=0,r=62) R7=pkt(id=0,off=22,r=62)

Fixes: 969bf05eb3ce ("bpf: direct packet access")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
kernel/bpf/verifier.c