* amr64 jit ctx.offset[-1] access
@ 2020-09-07 14:39 Yauheni Kaliuta
0 siblings, 0 replies; only message in thread
From: Yauheni Kaliuta @ 2020-09-07 14:39 UTC (permalink / raw)
To: Zi Shen Lim; +Cc: bpf
Hi!
I have a qustion about arm64 bpf jit implementation.
The problem I observe is "taken loop with back jump to 1st insn"
verifier test, the subprogram is:
BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_1),
BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 1),
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, -3),
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
BPF_EXIT_INSN(),
Jitting the program causes invokation of bpf2a64_offset(-1, 2, ctx)
from
jmp_offset = bpf2a64_offset(i + off, i, ctx);
which does ctx->offset[-1] then (and works by accident when it
returns 0).
As far as I see, the offset[] keeps actually offsets of the next
instruction:
ret = build_insn(insn, ctx, extra_pass);
if (ret > 0) {
i++;
if (ctx->image == NULL)
ctx->offset[i] = ctx->idx;
continue;
}
if (ctx->image == NULL)
ctx->offset[i] = ctx->idx;
ctx->idx is updated by build_insn() already.
How is that supposed to work?
--
WBR,
Yauheni Kaliuta
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-09-07 16:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-07 14:39 amr64 jit ctx.offset[-1] access Yauheni Kaliuta
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.