Skip to content

bpf verifier: not able to store an immediate number into a register memory if reg type is PTR_TO_CTX #95

Description

@QiongwenXu

bpf verifier:
not able to store an immediate number into a register memory if reg type is PTR_TO_CTX
but storing a register value is legal
eg:

*(u32*)(r1+0) = r2 -> legal
*(u32*)(r1+0) = 0  -> illegal

where r1 is the input of BPF program

reference:
https://github.com/torvalds/linux/blob/a8205e310011f09cc73cd577d7b0074c57b9bb54/kernel/bpf/verifier.c
key information:
1.

 * At the start of BPF program the register R1 contains a pointer to bpf_context
 * and has type PTR_TO_CTX.
			if (is_ctx_reg(env, insn->dst_reg)) {
				verbose(env, "BPF_ST stores into R%d %s is not allowed\n",
					insn->dst_reg,
					reg_type_str[reg_state(env, insn->dst_reg)->type]);
				return -EACCES;
			}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions