bpf: enhance verifier to tolerate certain obfuscated stack addr
We have a use case where clang generates code like below:
....
440: (b7) r1 = 15
441: (05) goto pc+73
515: (79) r6 = *(u64 *)(r10 -152)
516: (bf) r7 = r10
517: (07) r7 += -112
518: (bf) r2 = r7
519: (0f) r2 += r1
520: (71) r1 = *(u8 *)(r8 +0)
521: (73) *(u8 *)(r2 +45) = r1
....
and the verifier complains "R2 invalid mem access 'inv'" for
insn #521. This is because verifier marks register r2
as unknown value after #519 where r2 is a stack pointer and
r1 holds a constant value.
This issue is addressed by permitting
"stack_ptr + imm" and "stack_ptr + reg with const val",
and the result will be a stack pointer with a new offset.
Signed-off-by: Yonghong Song <yhs@fb.com>
2 files changed
