bpf: fix bug in eBPF verifier

while comparing for verifier state equivalency the comparison was missing a check for uninitialized register. Make sure it does so and add a testcase. Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier") Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Alexei Starovoitov <ast@plumgrid.com> 2014-10-20 14:54:57 -0700
committer: David S. Miller <davem@davemloft.net> 2014-10-21 21:43:46 -0400
commit: 32bf08a6257b9c7380dcd040af3c0858eee3ef05 (patch)
tree: b5928993937cb9bc095f6c3e0393eb63f6471308 /samples
parent: 78fd1d0ab072d4d9b5f0b7c14a1516665170b565 (diff)
download: linux-32bf08a6257b9c7380dcd040af3c0858eee3ef05.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/samples/bpf/test_verifier.c b/samples/bpf/test_verifier.c
index f44ef11f65a7..eb4bec0ad8af 100644
--- a/samples/bpf/test_verifier.c
+++ b/samples/bpf/test_verifier.c
@@ -209,6 +209,17 @@ static struct bpf_test tests[] = {
 		.result = REJECT,
 	},
 	{
+		"program doesn't init R0 before exit in all branches",
+		.insns = {
+			BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 2),
+			BPF_MOV64_IMM(BPF_REG_0, 1),
+			BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2),
+			BPF_EXIT_INSN(),
+		},
+		.errstr = "R0 !read_ok",
+		.result = REJECT,
+	},
+	{
 		"stack out of bounds",
 		.insns = {
 			BPF_ST_MEM(BPF_DW, BPF_REG_10, 8, 0),
author	Alexei Starovoitov <ast@plumgrid.com>	2014-10-20 14:54:57 -0700
committer	David S. Miller <davem@davemloft.net>	2014-10-21 21:43:46 -0400
commit	32bf08a6257b9c7380dcd040af3c0858eee3ef05 (patch)
tree	b5928993937cb9bc095f6c3e0393eb63f6471308 /samples
parent	78fd1d0ab072d4d9b5f0b7c14a1516665170b565 (diff)
download	linux-32bf08a6257b9c7380dcd040af3c0858eee3ef05.tar.gz