From: Puranjay Mohan <puranjay@kernel.org>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <martin.lau@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>,
Xu Kuohai <xukuohai@huaweicloud.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
kernel-team@meta.com
Subject: Re: [PATCH bpf-next] bpf: arm64: fix BPF_ST into arena memory
Date: Thu, 30 Oct 2025 12:21:29 +0000 [thread overview]
Message-ID: <mb61p3470twae.fsf@kernel.org> (raw)
In-Reply-To: <20251030120146.50417-1-puranjay@kernel.org>
Puranjay Mohan <puranjay@kernel.org> writes:
There is a build issue in this version, I have sent v2 with fix. please
review that one instead: https://lore.kernel.org/bpf/20251030121715.55214-1-puranjay@kernel.org/
Sorry for the noise.
Thanks,
Puranjay
> The arm64 JIT supports BPF_ST with BPF_PROBE_MEM32 (arena) by using the
> tmp2 register to hold the dst + arena_vm_base value and using tmp2 as the
> new dst register. But this is broken because in case is_lsi_offset()
> returns false the tmp2 will be clobbered by emit_a64_mov_i(1, tmp2, off,
> ctx); and hence the emitted store instruction will be of the form:
>
> strb w10, [x11, x11]
>
> Fix this by using the third temporary register to hold the dst +
> arena_vm_base.
>
> Fixes: 339af577ec05 ("bpf: Add arm64 JIT support for PROBE_MEM32 pseudo instructions.")
> Signed-off-by: Puranjay Mohan <puranjay@kernel.org>
> ---
> arch/arm64/net/bpf_jit_comp.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
> index ab83089c3d8f..348540b8e02d 100644
> --- a/arch/arm64/net/bpf_jit_comp.c
> +++ b/arch/arm64/net/bpf_jit_comp.c
> @@ -785,6 +785,7 @@ static int emit_lse_atomic(const struct bpf_insn *insn, struct jit_ctx *ctx)
> const u8 src = bpf2a64[insn->src_reg];
> const u8 tmp = bpf2a64[TMP_REG_1];
> const u8 tmp2 = bpf2a64[TMP_REG_2];
> + const u8 tmp3 = bpf2a64[TMP_REG_3];
> const bool isdw = BPF_SIZE(code) == BPF_DW;
> const bool arena = BPF_MODE(code) == BPF_PROBE_ATOMIC;
> const s16 off = insn->off;
> @@ -1757,8 +1758,8 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx,
> case BPF_ST | BPF_PROBE_MEM32 | BPF_W:
> case BPF_ST | BPF_PROBE_MEM32 | BPF_DW:
> if (BPF_MODE(insn->code) == BPF_PROBE_MEM32) {
> - emit(A64_ADD(1, tmp2, dst, arena_vm_base), ctx);
> - dst = tmp2;
> + emit(A64_ADD(1, tmp3, dst, arena_vm_base), ctx);
> + dst = tmp3;
> }
> if (dst == fp) {
> dst_adj = ctx->priv_sp_used ? priv_sp : A64_SP;
> --
> 2.47.3
prev parent reply other threads:[~2025-10-30 12:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-30 12:01 [PATCH bpf-next] bpf: arm64: fix BPF_ST into arena memory Puranjay Mohan
2025-10-30 12:21 ` Puranjay Mohan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mb61p3470twae.fsf@kernel.org \
--to=puranjay@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=catalin.marinas@arm.com \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=kernel-team@meta.com \
--cc=martin.lau@kernel.org \
--cc=will@kernel.org \
--cc=xukuohai@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.