Re: [PATCH net-next] bpf: fix range propagation on direct packet access

From: Daniel Borkmann Date: Thu, 8 Sep 2016 01:03:42 +0200 > LLVM can generate code that tests for direct packet access via > skb->data/data_end in a way that currently gets rejected by the > verifier, example: ... > The reason why this gets rejected despite a proper test is that we > currently

[PATCH net-next] bpf: fix range propagation on direct packet access

LLVM can generate code that tests for direct packet access via skb->data/data_end in a way that currently gets rejected by the verifier, example: [...] 7: (61) r3 = *(u32 *)(r6 +80) 8: (61) r9 = *(u32 *)(r6 +76) 9: (bf) r2 = r9 10: (07) r2 += 54 11: (3d) if r3 >= r2 goto pc+12 R1