From: Konstantin Ananyev <konstantin.anan...@huawei.com>
Verifier might left some register-state values uninitialized while
evaluating MOV instructions.
Add explicit initialization.
Fixes: 8021917293d0 ("bpf: add extra validation for input BPF program")
Cc: sta...@dpdk.org
Signed-off-by: Konstantin Ananyev <konstantin.anan...@huawei.com>
Acked-by: Morten Brørup <m...@smartsharesystems.com>
---
lib/bpf/bpf_validate.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/bpf/bpf_validate.c b/lib/bpf/bpf_validate.c
index 79be5e917d..11344fff4d 100644
--- a/lib/bpf/bpf_validate.c
+++ b/lib/bpf/bpf_validate.c
@@ -636,14 +636,14 @@ eval_alu(struct bpf_verifier *bvf, const struct ebpf_insn
*ins)
{
uint64_t msk;
uint32_t op;
- size_t opsz;
+ size_t opsz, sz;
const char *err;
struct bpf_eval_state *st;
struct bpf_reg_val *rd, rs;
- opsz = (BPF_CLASS(ins->code) == BPF_ALU) ?
+ sz = (BPF_CLASS(ins->code) == BPF_ALU) ?
sizeof(uint32_t) : sizeof(uint64_t);
- opsz = opsz * CHAR_BIT;
+ opsz = sz * CHAR_BIT;
msk = RTE_LEN2MASK(opsz, uint64_t);
st = bvf->evst;
@@ -652,8 +652,10 @@ eval_alu(struct bpf_verifier *bvf, const struct ebpf_insn
*ins)
if (BPF_SRC(ins->code) == BPF_X) {
rs = st->rv[ins->src_reg];
eval_apply_mask(&rs, msk);
- } else
+ } else {
+ rs = (struct bpf_reg_val){.v = {.size = sz,},};
eval_fill_imm(&rs, msk, ins->imm);
+ }
eval_apply_mask(rd, msk);
--
2.35.3
