On Mon, Jul 14, 2025 at 7:31 AM Cinthya Celina Tamayo Gonzalez
<cinthya.tgonzalez@xxxxxxxxxxx> wrote:
>
> The detailed description:
>
> During my academic research, I discovered a way to reconstruct a cyclic eBPF program at the LLVM level that is incorrectly accepted by the verifier, even though such a program should be rejected. I have included the relevant code samples and the commands used to reproduce the behavior below.
>
> This is the source code in C, which I saved this program as ''forprogram.c'':
>
> #include <linux/bpf.h>
> #include <bpf/bpf_helpers.h>
> SEC("tracepoint/syscalls/sys_enter_openat")
> int trace_for_loop(void *ctx) {
> int i = 0;
> int sum = 0;
>
> while (i <= 10) {
> sum += i;
> i++;
> }
>
> return sum;
> }
I see nothing wrong with the program. The loop terminates and
the verifier sees it.
Why do you think it should be rejected?
