bpf verifier: not able to store an immediate number into a register memory if reg type is PTR_TO_CTX #95
Description
bpf verifier:
not able to store an immediate number into a register memory if reg type is PTR_TO_CTX
but storing a register value is legal
eg:
*(u32*)(r1+0) = r2 -> legal
*(u32*)(r1+0) = 0 -> illegal
where r1 is the input of BPF program
reference:
https://github.com/torvalds/linux/blob/a8205e310011f09cc73cd577d7b0074c57b9bb54/kernel/bpf/verifier.c
key information:
1.
* At the start of BPF program the register R1 contains a pointer to bpf_context
* and has type PTR_TO_CTX.
if (is_ctx_reg(env, insn->dst_reg)) {
verbose(env, "BPF_ST stores into R%d %s is not allowed\n",
insn->dst_reg,
reg_type_str[reg_state(env, insn->dst_reg)->type]);
return -EACCES;
}