bpf: print full verifier states on infinite loop detection

commit b4d8239534fddc036abe4a0fdbf474d9894d4641 upstream.

Additional logging in is_state_visited(): if infinite loop is detected
print full verifier state for both current and equivalent states.

Acked-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20231024000917.12153-8-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index bf0f032..9a30d73 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -16540,6 +16540,10 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
                            !iter_active_depths_differ(&sl->state, cur)) {
                                verbose_linfo(env, insn_idx, "; ");
                                verbose(env, "infinite loop detected at insn %d\n", insn_idx);
+                               verbose(env, "cur state:");
+                               print_verifier_state(env, cur->frame[cur->curframe], true);
+                               verbose(env, "old state:");
+                               print_verifier_state(env, sl->state.frame[cur->curframe], true);
                                return -EINVAL;
                        }
                        /* if the verifier is processing a loop, avoid adding new state