> When the BPF program was starting with a conditional jump only one
> (true) execution branch of the program was evaluated. Any instructions
> jumped over were not evaluated and could contain invalid operations.
> The root cause was using zero instruction index as a signal for ending
> evaluation when backtracking.
>
> Switch from using previous instruction index for tracking execution
> history to a previous instruction pointer. First instruction will not
> have it set, and therefore backtracking _from_ it will end evaluation,
> not backtracking _to_ it like before.
>
> Add two tests demonstrating the problem:
> * test_jump_over_invalid_first: loads BPF program with
> conditional jump over the invalid operation, should not succeed;
> * test_jump_over_invalid_non_first: same program with one extra
> instruction at the start to demonstrate that it is indeed invalid
> (and also guard against another kind of regression);
>
> Fixes: 6e12ec4c4d6d ("bpf: add more checks")
>
> Signed-off-by: Marat Khalili <[email protected]>
> ---
Acked-by: Konstantin Ananyev <[email protected]>
Tested-by: Konstantin Ananyev <[email protected]>
> --
> 2.43.0
