From: Edward Cree <ec...@solarflare.com> Date: Thu, 14 Sep 2017 18:53:17 +0100
> Is BPF_END supposed to only be used with BPF_ALU, never with BPF_ALU64? > In kernel/bpf/core.c:___bpf_prog_run(), there are only jump table targets > for the BPF_ALU case, not for the BPF_ALU64 case (opcodes 0xd7 and 0xdf). > But the verifier doesn't enforce this; by crafting a program that uses > these opcodes I can get a WARN when they're run (without JIT; it looks > like the x86 JIT, at least, won't like it either). > Proposed patch below the cut; build-tested only. Good catch. A really neat test would be a program that uploads random BPF programs into the kernel, in a syzkaller'ish way. It might have triggered this (eventually).
