From: Konstantin Ananyev <konstantin.ananyev@huawei.com>
To: Marat Khalili <marat.khalili@huawei.com>,
"stephen@networkplumber.org" <stephen@networkplumber.org>,
"jerinjacobk@gmail.com" <jerinjacobk@gmail.com>,
"mb@smartsharesystems.com" <mb@smartsharesystems.com>,
Ferruh Yigit <ferruh.yigit@amd.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>, "stable@dpdk.org" <stable@dpdk.org>
Subject: RE: [PATCH v3 6/6] bpf: fix BPF validation w/ conditional jump first
Date: Thu, 8 Jan 2026 11:10:32 +0000 [thread overview]
Message-ID: <cb639605b9ae44f58ec9dc2254465b18@huawei.com> (raw)
In-Reply-To: <20251217180141.60227-7-marat.khalili@huawei.com>
> When the BPF program was starting with a conditional jump only one
> (true) execution branch of the program was evaluated. Any instructions
> jumped over were not evaluated and could contain invalid operations.
> The root cause was using zero instruction index as a signal for ending
> evaluation when backtracking.
>
> Switch from using previous instruction index for tracking execution
> history to a previous instruction pointer. First instruction will not
> have it set, and therefore backtracking _from_ it will end evaluation,
> not backtracking _to_ it like before.
>
> Add two tests demonstrating the problem:
> * test_jump_over_invalid_first: loads BPF program with
> conditional jump over the invalid operation, should not succeed;
> * test_jump_over_invalid_non_first: same program with one extra
> instruction at the start to demonstrate that it is indeed invalid
> (and also guard against another kind of regression);
>
> Fixes: 6e12ec4c4d6d ("bpf: add more checks")
>
> Signed-off-by: Marat Khalili <marat.khalili@huawei.com>
> ---
Acked-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@huawei.com>
> --
> 2.43.0
prev parent reply other threads:[~2026-01-08 11:10 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20251110153046.63518-1-marat.khalili@huawei.com>
2025-12-16 18:20 ` [PATCH v2 0/5] bpf: simple tests and fixes Marat Khalili
2025-12-16 18:20 ` [PATCH v2 1/5] eal: variable first arguments of RTE_SHIFT_VALxx Marat Khalili
2025-12-17 9:25 ` Morten Brørup
2025-12-16 18:20 ` [PATCH v2 2/5] bpf: fix signed shift overflows in ARM JIT Marat Khalili
2025-12-17 9:49 ` Morten Brørup
2025-12-16 18:20 ` [PATCH v2 3/5] bpf: disallow empty program Marat Khalili
2025-12-18 0:54 ` Stephen Hemminger
2025-12-17 8:58 ` Marat Khalili
2025-12-16 18:20 ` [PATCH v2 4/5] bpf: make add/subtract one program validate Marat Khalili
2025-12-16 18:20 ` [PATCH v2 5/5] bpf: fix BPF validation w/ conditional jump first Marat Khalili
2025-12-17 18:01 ` [PATCH v3 0/6] bpf: simple tests and fixes Marat Khalili
2025-12-17 18:01 ` [PATCH v3 1/6] eal: variable first arguments of RTE_SHIFT_VALxx Marat Khalili
2025-12-19 13:06 ` Konstantin Ananyev
2025-12-17 18:01 ` [PATCH v3 2/6] bpf: fix signed shift overflows in ARM JIT Marat Khalili
2025-12-19 13:13 ` Konstantin Ananyev
2025-12-17 18:01 ` [PATCH v3 3/6] bpf: mark ARM opcodes with UINT32_C Marat Khalili
2025-12-19 13:14 ` Konstantin Ananyev
2025-12-17 18:01 ` [PATCH v3 4/6] bpf: disallow empty program Marat Khalili
2025-12-17 18:01 ` [PATCH v3 5/6] bpf: make add/subtract one program validate Marat Khalili
2025-12-17 18:01 ` [PATCH v3 6/6] bpf: fix BPF validation w/ conditional jump first Marat Khalili
2026-01-08 11:10 ` Konstantin Ananyev [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cb639605b9ae44f58ec9dc2254465b18@huawei.com \
--to=konstantin.ananyev@huawei.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@amd.com \
--cc=jerinjacobk@gmail.com \
--cc=marat.khalili@huawei.com \
--cc=mb@smartsharesystems.com \
--cc=stable@dpdk.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).