This patch set aims to remove opcode checks in BPF verifier that have become redundant since commit 5e581dad4fec ("bpf: make unknown opcode handling more robust"), either remove them entirely, or turn them into comments in places where the redundancy may not be clear.
The exceptions here are opcode check for BPF_LD_{ABS,IND} and BPF_JMP_{JA,CALL,EXIT}; they cover opcode validation not done in bpf_opcode_in_insntable() so is not removed.
After apply the patch set test_verifier passes and does not need further modification: Summary: 1348 PASSED, 635 SKIPPED, 0 FAILED
Also, add comments at places that I find confusing while working on the removal, namely:
1. resolve_pseudo_ldimm64() also validates opcode 2. BPF_SIZE check in check_ld_imm() guards against JMP to the 2nd BPF_LD_IMM64 instruction 3. reason behind why ld_imm64 test cases should be rejected by the verifier
Shung-Hsi Yu (4): bpf: verifier: update resolve_pseudo_ldimm64() comment bpf: verifier: explain opcode check in check_ld_imm() bpf: verifier: remove redundant opcode checks selftests/bpf: add reason of rejection in ld_imm64
kernel/bpf/verifier.c | 33 ++++++++----------- .../testing/selftests/bpf/verifier/ld_imm64.c | 20 ++++++----- 2 files changed, 25 insertions(+), 28 deletions(-)
base-commit: 68084a13642001b73aade05819584f18945f3297