bpf: allow self-xor operation

Some BPF programs may use XOR of a register with itself
as a way to zero register in one instruction.
The BPF filter converter generates this in the prolog
to the generated code.

The BPF validator would not allow this because the value of
register was undefined. But after this operation it always zero.

Fixes: 8021917293d0 ("bpf: add extra validation for input BPF program")
Cc: stable@dpdk.org
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

diff --git a/lib/bpf/bpf_validate.c b/lib/bpf/bpf_validate.c
index 7b1291b..853279f 100644 (file)
--- a/lib/bpf/bpf_validate.c
+++ b/lib/bpf/bpf_validate.c
@@ -661,8 +661,15 @@ eval_alu(struct bpf_verifier *bvf, const struct ebpf_insn *ins)
 
        op = BPF_OP(ins->code);
 
+       /* Allow self-xor as way to zero register */
+       if (op == BPF_XOR && BPF_SRC(ins->code) == BPF_X &&
+           ins->src_reg == ins->dst_reg) {
+               eval_fill_imm(&rs, UINT64_MAX, 0);
+               eval_fill_imm(rd, UINT64_MAX, 0);
+       }
+
        err = eval_defined((op != EBPF_MOV) ? rd : NULL,
-                       (op != BPF_NEG) ? &rs : NULL);
+                          (op != BPF_NEG) ? &rs : NULL);
        if (err != NULL)
                return err;