When doing BPF filter program conversion, a common way
to zero a register in single instruction is:
xor r7,r7
The BPF validator would not allow this because the value of
r7 was undefined. But after this operation it always zero so
allow it as a special case.
Cc: Konstantin Ananyev <konstantin.anan...@intel.com>
Signed-off-by: Stephen Hemminger <step...@networkplumber.org>
---
lib/bpf/bpf_validate.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/bpf/bpf_validate.c b/lib/bpf/bpf_validate.c
index 7b1291b382e9..7647a7454dc2 100644
--- a/lib/bpf/bpf_validate.c
+++ b/lib/bpf/bpf_validate.c
@@ -661,8 +661,12 @@ eval_alu(struct bpf_verifier *bvf, const struct ebpf_insn
*ins)
op = BPF_OP(ins->code);
- err = eval_defined((op != EBPF_MOV) ? rd : NULL,
- (op != BPF_NEG) ? &rs : NULL);
+ /* Allow self-xor as way to zero register */
+ if (op == BPF_XOR && ins->src_reg == ins->dst_reg)
+ err = NULL;
+ else
+ err = eval_defined((op != EBPF_MOV) ? rd : NULL,
+ (op != BPF_NEG) ? &rs : NULL);
if (err != NULL)
return err;
--
2.30.2
