On Mon, 2025-11-03 at 14:31 +0800, KaFai Wan wrote: > Add test cases to verify the correctness of the BPF verifier's branch analysis > when conditional jumps are performed on the same scalar register. And make > sure > that JGT does not trigger verifier BUG. > > Signed-off-by: KaFai Wan <[email protected]> > ---
Thank you for adding these. Acked-by: Eduard Zingerman <[email protected]> (but a comment needs a fix) [...] > +SEC("socket") > +__description("jset on same register, scalar value unknown branch 3") > +__msg("4: (b7) r0 = 0 {{.*}} R0=0") > +__msg("6: (b7) r0 = 1 {{.*}} R0=1") > +__success __log_level(2) > +__flag(BPF_F_TEST_REG_INVARIANTS) > +__naked void jset_on_same_register_5(void *ctx) > +{ > + asm volatile(" \ > + /* range [-1;-1] */ \ ^^ Typo, should be [-1;1]. > + call %[bpf_get_prandom_u32]; \ > + r0 &= 0x2; \ > + r0 -= 1; \ > + if r0 & r0 goto l1_%=; \ > +l0_%=: r0 = 0; \ > + exit; \ > +l1_%=: r0 = 1; \ > + exit; \ > +" : > + : __imm(bpf_get_prandom_u32) > + : __clobber_all); > +} > + > char _license[] SEC("license") = "GPL";
