Work around bpf verifier limit New clang-r437112 generates optimized code that older bpf verifier cannot tell if the returned value is always 1 or 0. Test: TH boot test on wembley Bug: 204131517 Bug: 201432564 Change-Id: I463ab177667a26088b8eecb5b8b7d85057980866

commit: 87145b41c31e1e375de8288d287f283b5391a2f2 [log] [tgz]
author: Chih-Hung Hsieh <chh@google.com> Thu Nov 11 12:21:05 2021 -0800
committer: Chih-Hung Hsieh <chh@google.com> Fri Nov 12 11:15:11 2021 -0800
tree: e3e473ab1067356e6d8535c396dff0d0d4650fdb
parent: e401037f0a0bcf5bd984565639aa3f7deb54ae45 [diff]
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index bac393c..0d5a976 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c

@@ -270,7 +270,12 @@
 
     uint32_t mapSettingKey = CURRENT_STATS_MAP_CONFIGURATION_KEY;
     uint8_t* selectedMap = bpf_configuration_map_lookup_elem(&mapSettingKey);
+
+    // Use asm("%0 &= 1" : "+r"(match)) before return match,
+    // to help kernel's bpf verifier, so that it can be 100% certain
+    // that the returned value is always BPF_NOMATCH(0) or BPF_MATCH(1).
     if (!selectedMap) {
+        asm("%0 &= 1" : "+r"(match));
         return match;
     }
 
@@ -281,6 +286,7 @@
 
     update_stats_with_config(skb, direction, &key, *selectedMap);
     update_app_uid_stats_map(skb, direction, &uid);
+    asm("%0 &= 1" : "+r"(match));
     return match;
 }
commit	87145b41c31e1e375de8288d287f283b5391a2f2	[log] [tgz]
author	Chih-Hung Hsieh <chh@google.com>	Thu Nov 11 12:21:05 2021 -0800
committer	Chih-Hung Hsieh <chh@google.com>	Fri Nov 12 11:15:11 2021 -0800
tree	e3e473ab1067356e6d8535c396dff0d0d4650fdb
parent	e401037f0a0bcf5bd984565639aa3f7deb54ae45 [diff]