* [PATCH bpf-next 0/2] bpf: Live registers computation with gotox
@ 2026-01-14 11:33 Anton Protopopov
2026-01-14 11:33 ` [PATCH bpf-next 1/2] bpf: Properly mark used registers for indirect jumps Anton Protopopov
2026-01-14 11:33 ` [PATCH bpf-next 2/2] selftests/bpf: Extend live regs tests with a test for gotox Anton Protopopov
0 siblings, 2 replies; 4+ messages in thread
From: Anton Protopopov @ 2026-01-14 11:33 UTC (permalink / raw)
To: bpf, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann,
Eduard Zingerman, Yonghong Song
Cc: Anton Protopopov
While adding a selftest for live registers computation with gotox,
I've noticed that the code is actually incomplete. Namely, the
destination register rX in `gotox rX` wasn't actually considered
as used. Fix this and add a selftest.
Anton Protopopov (2):
bpf: Properly mark live registers for indirect jumps
selftests/bpf: Extend live regs tests with a test for gotox
kernel/bpf/verifier.c | 6 +++
.../bpf/progs/compute_live_registers.c | 37 +++++++++++++++++++
2 files changed, 43 insertions(+)
--
2.34.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH bpf-next 1/2] bpf: Properly mark used registers for indirect jumps
2026-01-14 11:33 [PATCH bpf-next 0/2] bpf: Live registers computation with gotox Anton Protopopov
@ 2026-01-14 11:33 ` Anton Protopopov
2026-01-14 11:33 ` [PATCH bpf-next 2/2] selftests/bpf: Extend live regs tests with a test for gotox Anton Protopopov
1 sibling, 0 replies; 4+ messages in thread
From: Anton Protopopov @ 2026-01-14 11:33 UTC (permalink / raw)
To: bpf, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann,
Eduard Zingerman, Yonghong Song
Cc: Anton Protopopov
For a `gotox rX` instruction the rX register should be marked as used
in the compute_insn_live_regs() function. Fix this.
Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>
---
kernel/bpf/verifier.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index faa1ecc1fe9d..fdd65107a9e2 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -24843,6 +24843,12 @@ static void compute_insn_live_regs(struct bpf_verifier_env *env,
case BPF_JMP32:
switch (code) {
case BPF_JA:
+ def = 0;
+ if (BPF_SRC(insn->code) == BPF_X)
+ use = dst;
+ else
+ use = 0;
+ break;
case BPF_JCOND:
def = 0;
use = 0;
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH bpf-next 2/2] selftests/bpf: Extend live regs tests with a test for gotox
2026-01-14 11:33 [PATCH bpf-next 0/2] bpf: Live registers computation with gotox Anton Protopopov
2026-01-14 11:33 ` [PATCH bpf-next 1/2] bpf: Properly mark used registers for indirect jumps Anton Protopopov
@ 2026-01-14 11:33 ` Anton Protopopov
2026-01-14 12:24 ` Anton Protopopov
1 sibling, 1 reply; 4+ messages in thread
From: Anton Protopopov @ 2026-01-14 11:33 UTC (permalink / raw)
To: bpf, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann,
Eduard Zingerman, Yonghong Song
Cc: Anton Protopopov
Add a test which checks that the destination register of a gotox
instruction is marked as used and that the union of jump targets
is considered as live.
Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>
---
.../bpf/progs/compute_live_registers.c | 37 +++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/tools/testing/selftests/bpf/progs/compute_live_registers.c b/tools/testing/selftests/bpf/progs/compute_live_registers.c
index 6884ab99a421..fad91c599095 100644
--- a/tools/testing/selftests/bpf/progs/compute_live_registers.c
+++ b/tools/testing/selftests/bpf/progs/compute_live_registers.c
@@ -431,6 +431,43 @@ __naked void subprog1(void)
::: __clobber_all);
}
+SEC("socket")
+__log_level(2)
+__msg("2: .1........ (07) r1 += 8")
+__msg("3: .1........ (79) r2 = *(u64 *)(r1 +0)")
+__msg("4: ..2....... (b7) r3 = 1")
+__msg("5: ..23...... (b7) r4 = 2")
+__msg("6: ..234..... (0d) gotox r2")
+__msg("7: ...3...... (bf) r0 = r3")
+__msg("8: 0......... (95) exit")
+__msg("9: ....4..... (bf) r0 = r4")
+__msg("10: 0......... (95) exit")
+__naked
+void gotox(void)
+{
+ asm volatile (
+ ".pushsection .jumptables,\"\",@progbits;"
+"jt0_%=: .quad l0_%= - socket;"
+ ".quad l1_%= - socket;"
+ ".size jt0_%=, 16;"
+ ".global jt0_%=;"
+ ".popsection;"
+
+ "r1 = jt0_%= ll;"
+ "r1 += 8;"
+ "r2 = *(u64 *)(r1 + 0);"
+ "r3 = 1;"
+ "r4 = 2;"
+ ".8byte %[gotox_r2];"
+"l0_%=: r0 = r3;"
+ "exit;"
+"l1_%=: r0 = r4;"
+ "exit;"
+ :
+ : __imm_insn(gotox_r2, BPF_RAW_INSN(BPF_JMP | BPF_JA | BPF_X, BPF_REG_2, BPF_REG_0, 0, 0))
+ : __clobber_all);
+}
+
/* to retain debug info for BTF generation */
void kfunc_root(void)
{
--
2.34.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH bpf-next 2/2] selftests/bpf: Extend live regs tests with a test for gotox
2026-01-14 11:33 ` [PATCH bpf-next 2/2] selftests/bpf: Extend live regs tests with a test for gotox Anton Protopopov
@ 2026-01-14 12:24 ` Anton Protopopov
0 siblings, 0 replies; 4+ messages in thread
From: Anton Protopopov @ 2026-01-14 12:24 UTC (permalink / raw)
To: bpf, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann,
Eduard Zingerman, Yonghong Song
On 26/01/14 11:33AM, Anton Protopopov wrote:
> Add a test which checks that the destination register of a gotox
> instruction is marked as used and that the union of jump targets
> is considered as live.
>
> Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>
> ---
> .../bpf/progs/compute_live_registers.c | 37 +++++++++++++++++++
> 1 file changed, 37 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/compute_live_registers.c b/tools/testing/selftests/bpf/progs/compute_live_registers.c
> index 6884ab99a421..fad91c599095 100644
> --- a/tools/testing/selftests/bpf/progs/compute_live_registers.c
> +++ b/tools/testing/selftests/bpf/progs/compute_live_registers.c
> @@ -431,6 +431,43 @@ __naked void subprog1(void)
> ::: __clobber_all);
> }
>
> +SEC("socket")
> +__log_level(2)
> +__msg("2: .1........ (07) r1 += 8")
> +__msg("3: .1........ (79) r2 = *(u64 *)(r1 +0)")
> +__msg("4: ..2....... (b7) r3 = 1")
> +__msg("5: ..23...... (b7) r4 = 2")
> +__msg("6: ..234..... (0d) gotox r2")
> +__msg("7: ...3...... (bf) r0 = r3")
> +__msg("8: 0......... (95) exit")
> +__msg("9: ....4..... (bf) r0 = r4")
> +__msg("10: 0......... (95) exit")
> +__naked
> +void gotox(void)
> +{
> + asm volatile (
> + ".pushsection .jumptables,\"\",@progbits;"
> +"jt0_%=: .quad l0_%= - socket;"
> + ".quad l1_%= - socket;"
> + ".size jt0_%=, 16;"
> + ".global jt0_%=;"
> + ".popsection;"
> +
> + "r1 = jt0_%= ll;"
> + "r1 += 8;"
> + "r2 = *(u64 *)(r1 + 0);"
> + "r3 = 1;"
> + "r4 = 2;"
> + ".8byte %[gotox_r2];"
> +"l0_%=: r0 = r3;"
> + "exit;"
> +"l1_%=: r0 = r4;"
> + "exit;"
> + :
> + : __imm_insn(gotox_r2, BPF_RAW_INSN(BPF_JMP | BPF_JA | BPF_X, BPF_REG_2, BPF_REG_0, 0, 0))
> + : __clobber_all);
> +}
> +
> /* to retain debug info for BTF generation */
> void kfunc_root(void)
> {
> --
> 2.34.1
>
Ah, this fails on s390x. I will send a fix later today.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-01-14 12:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-14 11:33 [PATCH bpf-next 0/2] bpf: Live registers computation with gotox Anton Protopopov
2026-01-14 11:33 ` [PATCH bpf-next 1/2] bpf: Properly mark used registers for indirect jumps Anton Protopopov
2026-01-14 11:33 ` [PATCH bpf-next 2/2] selftests/bpf: Extend live regs tests with a test for gotox Anton Protopopov
2026-01-14 12:24 ` Anton Protopopov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox