Work around bpf verifier limit
New clang-r437112 generates optimized code that
older bpf verifier cannot tell if the returned
value is always 1 or 0.
Test: TH boot test on wembley
Bug: 204131517
Bug: 201432564
Change-Id: I463ab177667a26088b8eecb5b8b7d85057980866
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index bac393c..0d5a976 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -270,7 +270,12 @@
uint32_t mapSettingKey = CURRENT_STATS_MAP_CONFIGURATION_KEY;
uint8_t* selectedMap = bpf_configuration_map_lookup_elem(&mapSettingKey);
+
+ // Use asm("%0 &= 1" : "+r"(match)) before return match,
+ // to help kernel's bpf verifier, so that it can be 100% certain
+ // that the returned value is always BPF_NOMATCH(0) or BPF_MATCH(1).
if (!selectedMap) {
+ asm("%0 &= 1" : "+r"(match));
return match;
}
@@ -281,6 +286,7 @@
update_stats_with_config(skb, direction, &key, *selectedMap);
update_app_uid_stats_map(skb, direction, &uid);
+ asm("%0 &= 1" : "+r"(match));
return match;
}