3 Nov
2025
3 Nov
'25
6:14 p.m.
On Mon, 2025-11-03 at 14:31 +0800, KaFai Wan wrote:
Add test cases to verify the correctness of the BPF verifier's branch analysis when conditional jumps are performed on the same scalar register. And make sure that JGT does not trigger verifier BUG.
Signed-off-by: KaFai Wan kafai.wan@linux.dev
Thank you for adding these.
Acked-by: Eduard Zingerman eddyz87@gmail.com
(but a comment needs a fix)
[...]
+SEC("socket") +__description("jset on same register, scalar value unknown branch 3") +__msg("4: (b7) r0 = 0 {{.*}} R0=0") +__msg("6: (b7) r0 = 1 {{.*}} R0=1") +__success __log_level(2) +__flag(BPF_F_TEST_REG_INVARIANTS) +__naked void jset_on_same_register_5(void *ctx) +{
- asm volatile(" \
- /* range [-1;-1] */ \
^^ Typo, should be [-1;1].
- call %[bpf_get_prandom_u32]; \
- r0 &= 0x2; \
- r0 -= 1; \
- if r0 & r0 goto l1_%=; \
+l0_%=: r0 = 0; \
- exit; \
+l1_%=: r0 = 1; \
- exit; \
+" :
- : __imm(bpf_get_prandom_u32)
- : __clobber_all);
+}
char _license[] SEC("license") = "GPL";