bpf: Properly mark live registers for indirect jumps

For a `gotox rX` instruction the rX register should be marked as used in the compute_insn_live_regs() function. Fix this. Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com> Link: https://lore.kernel.org/r/20260114162544.83253-2-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Anton Protopopov <a.s.protopopov@gmail.com> 2026-01-14 16:25:43 +0000
committer: Alexei Starovoitov <ast@kernel.org> 2026-01-14 19:08:09 -0800
commit: d1aab1ca576c90192ba961094d51b0be6355a4d6 (patch)
tree: 5bc7060283a04e33124abebd90e3bb3304763850 /kernel
parent: e3d0dbb3b5e8983d3be780199af1e5134c8a9c17 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 62ad7c79ce2d..7a375f608263 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -24848,6 +24848,12 @@ static void compute_insn_live_regs(struct bpf_verifier_env *env,
 	case BPF_JMP32:
 		switch (code) {
 		case BPF_JA:
+			def = 0;
+			if (BPF_SRC(insn->code) == BPF_X)
+				use = dst;
+			else
+				use = 0;
+			break;
 		case BPF_JCOND:
 			def = 0;
 			use = 0;
author	Anton Protopopov <a.s.protopopov@gmail.com>	2026-01-14 16:25:43 +0000
committer	Alexei Starovoitov <ast@kernel.org>	2026-01-14 19:08:09 -0800
commit	d1aab1ca576c90192ba961094d51b0be6355a4d6 (patch)
tree	5bc7060283a04e33124abebd90e3bb3304763850 /kernel
parent	e3d0dbb3b5e8983d3be780199af1e5134c8a9c17 (diff)