Since bounded loop are now allowed in ebpf programs https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=2589726d12a1b12eaaa93c7f1ea64287e383c7a5 does the verifier still check in the first pass if the program control flow is a Direct Acyclic Graph?
1 Answers
4
votes
Yes, it still does, and rejects programs with back-edges in two cases:
- If the program is loaded by an unprivileged user. The
env->allow_ptr_leaksboolean indicates a privileged user. - If the back-edge is performed using a call. Only normal jumps can make bounded loops (which doesn't mean you can't do a bpf-to-bpf call inside a bounded loop).
