From: Konstantin Ananyev <konstantin.anan...@huawei.com> Verifier might left some register-state values uninitialized while evaluating MOV instructions. Add explicit initialization.
Fixes: 8021917293d0 ("bpf: add extra validation for input BPF program") Cc: sta...@dpdk.org Signed-off-by: Konstantin Ananyev <konstantin.anan...@huawei.com> Acked-by: Morten Brørup <m...@smartsharesystems.com> --- lib/bpf/bpf_validate.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/bpf/bpf_validate.c b/lib/bpf/bpf_validate.c index 79be5e917d..11344fff4d 100644 --- a/lib/bpf/bpf_validate.c +++ b/lib/bpf/bpf_validate.c @@ -636,14 +636,14 @@ eval_alu(struct bpf_verifier *bvf, const struct ebpf_insn *ins) { uint64_t msk; uint32_t op; - size_t opsz; + size_t opsz, sz; const char *err; struct bpf_eval_state *st; struct bpf_reg_val *rd, rs; - opsz = (BPF_CLASS(ins->code) == BPF_ALU) ? + sz = (BPF_CLASS(ins->code) == BPF_ALU) ? sizeof(uint32_t) : sizeof(uint64_t); - opsz = opsz * CHAR_BIT; + opsz = sz * CHAR_BIT; msk = RTE_LEN2MASK(opsz, uint64_t); st = bvf->evst; @@ -652,8 +652,10 @@ eval_alu(struct bpf_verifier *bvf, const struct ebpf_insn *ins) if (BPF_SRC(ins->code) == BPF_X) { rs = st->rv[ins->src_reg]; eval_apply_mask(&rs, msk); - } else + } else { + rs = (struct bpf_reg_val){.v = {.size = sz,},}; eval_fill_imm(&rs, msk, ins->imm); + } eval_apply_mask(rd, msk); -- 2.35.3