Revision 2006b4e155d07cec9446b3acfc600c1003ec0880 authored by Maxim Mikityanskiy on 16 March 2024, 01:40:06 UTC, committed by Maxim Mikityanskiy on 18 March 2024, 16:10:25 UTC
Code generation when Clang 17 changed, and it generates some code that is problematic for the verifier, even though it should be correct logically. More specifically, when nodeport_lb6 calls lb6_extract_tuple, which calls ipv6_hdrlen_offset, the latter might return an error, in which case l4_off in nodeport_lb6 remains non-initialized. If that happens, nodeport_lb6 returns early. The error code when it can possibly continue is DROP_UNSUPP_SERVICE_PROTO, but it's only returned by lb6_extract_tuple after l4_off is initialized, so we are safe here. Moreover, is_svc_proto is set to false in this case, which blocks further l4_off access. However, Clang 17 generates code which jumps to a common chunk after lb6_extract_tuple returns, and this chunk starts from spilling R2 to the stack: `*(u32 *)(r10 -176) = r2`. R2 stores l4_off, but only after it has been assigned, otherwise it's not initialized, and this is what the verifier complains for, even though it's not used afterwards on errors. Work around it by always assiging l4_off in lb6_extract_tuple. Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
1 parent 2c03721
File | Mode | Size |
---|---|---|
.devcontainer | ||
.github | ||
.nvim | ||
.vscode | ||
Documentation | ||
api | ||
bpf | ||
bugtool | ||
cilium-dbg | ||
cilium-health | ||
clustermesh-apiserver | ||
contrib | ||
daemon | ||
examples | ||
hack | ||
hubble-relay | ||
images | ||
install | ||
operator | ||
pkg | ||
plugins | ||
test | ||
tools | ||
vendor | ||
.authors.aux | -rw-r--r-- | 416 bytes |
.clang-format | -rw-r--r-- | 7.6 KB |
.clomonitor.yml | -rw-r--r-- | 984 bytes |
.gitattributes | -rw-r--r-- | 887 bytes |
.gitignore | -rw-r--r-- | 1.8 KB |
.golangci.yaml | -rw-r--r-- | 4.1 KB |
.mailmap | -rw-r--r-- | 6.5 KB |
.openvex.json | -rw-r--r-- | 4.6 KB |
AUTHORS | -rw-r--r-- | 48.7 KB |
CODEOWNERS | -rw-r--r-- | 27.6 KB |
CODE_OF_CONDUCT.md | -rw-r--r-- | 2.2 KB |
CONTRIBUTING.md | -rw-r--r-- | 691 bytes |
FURTHER_READINGS.rst | -rw-r--r-- | 6.4 KB |
LICENSE | -rw-r--r-- | 11.1 KB |
MAINTAINERS.md | -rw-r--r-- | 4.6 KB |
Makefile | -rw-r--r-- | 26.7 KB |
Makefile.defs | -rw-r--r-- | 7.3 KB |
Makefile.docker | -rw-r--r-- | 7.1 KB |
Makefile.kind | -rw-r--r-- | 16.7 KB |
Makefile.quiet | -rw-r--r-- | 818 bytes |
README.rst | -rw-r--r-- | 19.6 KB |
SECURITY-INSIGHTS.yml | -rw-r--r-- | 2.1 KB |
SECURITY.md | -rw-r--r-- | 1.0 KB |
USERS.md | -rw-r--r-- | 33.7 KB |
VERSION | -rw-r--r-- | 11 bytes |
Vagrantfile | -rw-r--r-- | 14.9 KB |
go.mod | -rw-r--r-- | 13.3 KB |
go.sum | -rw-r--r-- | 97.0 KB |
netlify.toml | -rw-r--r-- | 92 bytes |
stable.txt | -rw-r--r-- | 8 bytes |
vagrant_box_defaults.rb | -rw-r--r-- | 334 bytes |
Computing file changes ...