On Thu, Dec 13, 2018 at 12:00:59PM +0100, Alexander Potapenko wrote: > Hi BPF maintainers, > > some time ago KMSAN found an issue in BPF code which we decided to > suppress at that point, but now I'd like to bring it to your > attention. > Namely, some BPF programs may contain instructions that XOR a register > with itself. > This effectively results in the following C code: > regs[BPF_REG_A] = regs[BPF_REG_A] ^ regs[BPF_REG_A]; > or > regs[BPF_REG_X] = regs[BPF_REG_X] ^ regs[BPF_REG_X]; > being executed. > > According to the C11 standard this is undefined behavior, so KMSAN > reports an error in this case.
Can you quote the part of the standard saying this is undefined behavior? I couldn't find anything else than If the value being stored in an object is read from another object that overlaps in any way the storage of the first object, then the overlap shall be exact and the two objects shall have qualified or unqualified versions of a compatible type; otherwise, the behavior is undefined. (but I only have a draft for obvious reasons). I'm not sure what exactly they mean by "exact overlap" and the standard doesn't seem to define the term but if the two objects are actually the same, they certainly have compatible types. > > Do you think it's feasible to explicitly initialize the register > values like it's done here: > https://github.com/google/kmsan/commit/813c0f3d45ebfa321d70b4b06cc054518dd1d90d > ? Wouldn't that mean we still end up with undefined behavior whenever a cBPF program explicitly uses the xor with itself to zero a register? Michal Kubecek
