[PATCH bpf-next v2] bpftool: Enable aarch64 ISA extensions for JIT disassembly

[PATCH bpf-next v2] bpftool: Enable aarch64 ISA extensions for JIT disassembly

[Puranjay Mohan]

The LLVM disassembler needs ISA extension features enabled to correctly
decode instructions from those extensions. On aarch64, without these
features, instructions like LSE atomics (e.g. ldaddal) are silently
decoded as incorrect instructions and disassembly is truncated.

Use LLVMCreateDisasmCPUFeatures() with "+all" features for aarch64
targets so that the disassembler can handle any instruction the kernel
JIT might emit.

Before:

int bench_trigger_uprobe(void * ctx):
bpf_prog_538c6a43d1c6b84c_bench_trigger_uprobe:
; int cpu = bpf_get_smp_processor_id();
   0:   mov     x9, x30
   4:   nop
   8:   stp     x29, x30, [sp, #-16]!
   c:   mov     x29, sp
  10:   stp     xzr, x26, [sp, #-16]!
  14:   mov     x26, sp
  18:   mrs     x10, SP_EL0
  1c:   ldr     w7, [x10, #16]
; __sync_add_and_fetch(&hits[cpu & CPU_MASK].value, 1);
  20:   and     w7, w7, #0xff
; __sync_add_and_fetch(&hits[cpu & CPU_MASK].value, 1);
  24:   lsl     x7, x7, #7
  28:   mov     x0, #-281474976710656
  2c:   movk    x0, #32768, lsl #32
  30:   movk    x0, #35407, lsl #16
  34:   add     x0, x0, x7
  38:   mov     x1, #1
; __sync_add_and_fetch(&hits[cpu & CPU_MASK].value, 1);
  3c:   mov     x1, #1

After:

int bench_trigger_uprobe(void * ctx):
bpf_prog_538c6a43d1c6b84c_bench_trigger_uprobe:
; int cpu = bpf_get_smp_processor_id();
   0:   mov     x9, x30
   4:   nop
   8:   stp     x29, x30, [sp, #-16]!
   c:   mov     x29, sp
  10:   stp     xzr, x26, [sp, #-16]!
  14:   mov     x26, sp
  18:   mrs     x10, SP_EL0
  1c:   ldr     w7, [x10, #16]
; __sync_add_and_fetch(&hits[cpu & CPU_MASK].value, 1);
  20:   and     w7, w7, #0xff
; __sync_add_and_fetch(&hits[cpu & CPU_MASK].value, 1);
  24:   lsl     x7, x7, #7
  28:   mov     x0, #-281474976710656
  2c:   movk    x0, #32768, lsl #32
  30:   movk    x0, #35407, lsl #16
  34:   add     x0, x0, x7
  38:   mov     x1, #1
; __sync_add_and_fetch(&hits[cpu & CPU_MASK].value, 1);
  3c:   ldaddal x1, x1, [x0]
; return 0;
  40:   mov     w7, #0
  44:   ldp     xzr, x26, [sp], #16
  48:   ldp     x29, x30, [sp], #16
  4c:   mov     x0, x7
  50:   ret
  54:   nop
  58:   ldr     x10, #8
  5c:   br      x10

Signed-off-by: Puranjay Mohan <puranjay@kernel.org>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
---
Changelog:
v1: https://lore.kernel.org/all/20260306163906.2870529-1-puranjay@kernel.org/
Changes in v2:
- Fix coding style issue (Quentin)
- Use strncmp() in place of strstr() for detecting aarch64 in triple. (Quentin)
---
 tools/bpf/bpftool/jit_disasm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tools/bpf/bpftool/jit_disasm.c b/tools/bpf/bpftool/jit_disasm.c
index 8895b4e1f690..6063fdcce6bd 100644
--- a/tools/bpf/bpftool/jit_disasm.c
+++ b/tools/bpf/bpftool/jit_disasm.c
@@ -93,7 +93,16 @@ init_context(disasm_ctx_t *ctx, const char *arch,
 		p_err("Failed to retrieve triple");
 		return -1;
 	}
-	*ctx = LLVMCreateDisasm(triple, NULL, 0, NULL, symbol_lookup_callback);
+
+	/*
+	 * Enable all aarch64 ISA extensions so the disassembler can handle any
+	 * instruction the kernel JIT might emit (e.g. ARM64 LSE atomics).
+	 */
+	if (strncmp(triple, "aarch64", 7))
+		*ctx = LLVMCreateDisasmCPUFeatures(triple, "", "+all", NULL, 0, NULL,
+						   symbol_lookup_callback);
+	else
+		*ctx = LLVMCreateDisasm(triple, NULL, 0, NULL, symbol_lookup_callback);
 	LLVMDisposeMessage(triple);
 
 	if (!*ctx) {

base-commit: 0c55d4817aff454cfaded4f161ab13f2049758a9
-- 
2.52.0

Re: [PATCH bpf-next v2] bpftool: Enable aarch64 ISA extensions for JIT disassembly

[bot+bpf-ci]

[-- Attachment #1: Type: text/plain, Size: 1682 bytes --]

> diff --git a/tools/bpf/bpftool/jit_disasm.c b/tools/bpf/bpftool/jit_disasm.c
> --- a/tools/bpf/bpftool/jit_disasm.c
> +++ b/tools/bpf/bpftool/jit_disasm.c
> @@ -93,7 +93,16 @@ init_context(disasm_ctx_t *ctx, const char *arch,
>  		p_err("Failed to retrieve triple");
>  		return -1;
>  	}
> -	*ctx = LLVMCreateDisasm(triple, NULL, 0, NULL, symbol_lookup_callback);
> +
> +	/*
> +	 * Enable all aarch64 ISA extensions so the disassembler can handle any
> +	 * instruction the kernel JIT might emit (e.g. ARM64 LSE atomics).
> +	 */
> +	if (strncmp(triple, "aarch64", 7))
> +		*ctx = LLVMCreateDisasmCPUFeatures(triple, "", "+all", NULL, 0, NULL,
> +						   symbol_lookup_callback);
> +	else
> +		*ctx = LLVMCreateDisasm(triple, NULL, 0, NULL, symbol_lookup_callback);

Isn't this condition inverted? strncmp() returns 0 when the
strings match, so when triple starts with "aarch64" the condition
is false and the else branch runs, which calls the old
LLVMCreateDisasm() without any features enabled.

Conversely, for non-aarch64 targets (e.g. x86_64), strncmp()
returns non-zero, making the condition true, and
LLVMCreateDisasmCPUFeatures() with "+all" gets called on the
wrong architecture.

It looks like this should be:

	if (!strncmp(triple, "aarch64", 7))

The v1 of this patch used strstr(triple, "aarch64") which has the
correct polarity (returns non-NULL on match). The switch to
strncmp() for v2 appears to have lost the negation.


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/22927610334

Re: [PATCH bpf-next v2] bpftool: Enable aarch64 ISA extensions for JIT disassembly

[Yonghong Song]

On 3/10/26 4:05 PM, bot+bpf-ci@kernel.org wrote:
>> diff --git a/tools/bpf/bpftool/jit_disasm.c b/tools/bpf/bpftool/jit_disasm.c
>> --- a/tools/bpf/bpftool/jit_disasm.c
>> +++ b/tools/bpf/bpftool/jit_disasm.c
>> @@ -93,7 +93,16 @@ init_context(disasm_ctx_t *ctx, const char *arch,
>>   		p_err("Failed to retrieve triple");
>>   		return -1;
>>   	}
>> -	*ctx = LLVMCreateDisasm(triple, NULL, 0, NULL, symbol_lookup_callback);
>> +
>> +	/*
>> +	 * Enable all aarch64 ISA extensions so the disassembler can handle any
>> +	 * instruction the kernel JIT might emit (e.g. ARM64 LSE atomics).
>> +	 */
>> +	if (strncmp(triple, "aarch64", 7))
>> +		*ctx = LLVMCreateDisasmCPUFeatures(triple, "", "+all", NULL, 0, NULL,
>> +						   symbol_lookup_callback);
>> +	else
>> +		*ctx = LLVMCreateDisasm(triple, NULL, 0, NULL, symbol_lookup_callback);
> Isn't this condition inverted? strncmp() returns 0 when the
> strings match, so when triple starts with "aarch64" the condition
> is false and the else branch runs, which calls the old
> LLVMCreateDisasm() without any features enabled.
>
> Conversely, for non-aarch64 targets (e.g. x86_64), strncmp()
> returns non-zero, making the condition true, and
> LLVMCreateDisasmCPUFeatures() with "+all" gets called on the
> wrong architecture.
>
> It looks like this should be:
>
> 	if (!strncmp(triple, "aarch64", 7))
>
> The v1 of this patch used strstr(triple, "aarch64") which has the
> correct polarity (returns non-NULL on match). The switch to
> strncmp() for v2 appears to have lost the negation.

AI is correct. The condition should be
	if (strncmp(triple, "aarch64", 7) == 0)

>
>
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
>
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/22927610334

Re: [PATCH bpf-next v2] bpftool: Enable aarch64 ISA extensions for JIT disassembly

[Leon Hwang]

Yonghong Song wrote:
> 
> 
> On 3/10/26 4:05 PM, bot+bpf-ci@kernel.org wrote:
>>> diff --git a/tools/bpf/bpftool/jit_disasm.c b/tools/bpf/bpftool/
>>> jit_disasm.c
>>> --- a/tools/bpf/bpftool/jit_disasm.c
>>> +++ b/tools/bpf/bpftool/jit_disasm.c
>>> @@ -93,7 +93,16 @@ init_context(disasm_ctx_t *ctx, const char *arch,
>>>           p_err("Failed to retrieve triple");
>>>           return -1;
>>>       }
>>> -    *ctx = LLVMCreateDisasm(triple, NULL, 0, NULL,
>>> symbol_lookup_callback);
>>> +
>>> +    /*
>>> +     * Enable all aarch64 ISA extensions so the disassembler can
>>> handle any
>>> +     * instruction the kernel JIT might emit (e.g. ARM64 LSE atomics).
>>> +     */
>>> +    if (strncmp(triple, "aarch64", 7))
>>> +        *ctx = LLVMCreateDisasmCPUFeatures(triple, "", "+all", NULL,
>>> 0, NULL,
>>> +                           symbol_lookup_callback);
>>> +    else
>>> +        *ctx = LLVMCreateDisasm(triple, NULL, 0, NULL,
>>> symbol_lookup_callback);
>> Isn't this condition inverted? strncmp() returns 0 when the
>> strings match, so when triple starts with "aarch64" the condition
>> is false and the else branch runs, which calls the old
>> LLVMCreateDisasm() without any features enabled.
>>
>> Conversely, for non-aarch64 targets (e.g. x86_64), strncmp()
>> returns non-zero, making the condition true, and
>> LLVMCreateDisasmCPUFeatures() with "+all" gets called on the
>> wrong architecture.
>>
>> It looks like this should be:
>>
>>     if (!strncmp(triple, "aarch64", 7))
>>
>> The v1 of this patch used strstr(triple, "aarch64") which has the
>> correct polarity (returns non-NULL on match). The switch to
>> strncmp() for v2 appears to have lost the negation.
> 
> AI is correct. The condition should be
>     if (strncmp(triple, "aarch64", 7) == 0)
> 

Agreed.

After addressing it,

Acked-by: Leon Hwang <leon.hwang@linux.dev>

[...]