From: Edward Cree <ecree@solarflare.com>
Date: Wed, 23 Aug 2017 15:10:03 +0100
Subject: bpf/verifier: when pruning a branch, ignore its write marks
Patch-mainline: v4.14-rc1
Git-commit: 63f45f840634ab5fd71bbc07acff915277764068
References: bsc#1056787
The fact that writes occurred in reaching the continuation state does
not screen off its reads from us, because we're not really its parent.
So detect 'not really the parent' in do_propagate_liveness, and ignore
write marks in that case.
Fixes: dc503a8ad984 ("bpf/verifier: track liveness for pruning")
Signed-off-by: Edward Cree <ecree@solarflare.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
---
kernel/bpf/verifier.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3431,6 +3431,7 @@ out_free:
static bool do_propagate_liveness(const struct bpf_verifier_state *state,
struct bpf_verifier_state *parent)
{
+ bool writes = parent == state->parent; /* Observe write marks */
bool touched = false; /* any changes made? */
int i;
@@ -3442,7 +3443,9 @@ static bool do_propagate_liveness(const
for (i = 0; i < BPF_REG_FP; i++) {
if (parent->regs[i].live & REG_LIVE_READ)
continue;
- if (state->regs[i].live == REG_LIVE_READ) {
+ if (writes && (state->regs[i].live & REG_LIVE_WRITTEN))
+ continue;
+ if (state->regs[i].live & REG_LIVE_READ) {
parent->regs[i].live |= REG_LIVE_READ;
touched = true;
}
@@ -3455,7 +3458,9 @@ static bool do_propagate_liveness(const
continue;
if (parent->spilled_regs[i].live & REG_LIVE_READ)
continue;
- if (state->spilled_regs[i].live == REG_LIVE_READ) {
+ if (writes && (state->spilled_regs[i].live & REG_LIVE_WRITTEN))
+ continue;
+ if (state->spilled_regs[i].live & REG_LIVE_READ) {
parent->spilled_regs[i].live |= REG_LIVE_READ;
touched = true;
}