Re: [PATCH bpf-next v9 2/3] bpf: Fix s16 truncation for large bpf-to-bpf call offsets

BPF List
 help / color / mirror / Atom feed

From: Quentin Monnet <qmo@kernel.org>
To: Yazhou Tang <tangyazhou@zju.edu.cn>,
	Xu Kuohai <xukuohai@huaweicloud.com>,
	bpf@vger.kernel.org, ast@kernel.org, eddyz87@gmail.com,
	emil@etsalapatis.com, puranjay@kernel.org
Cc: daniel@iogearbox.net, john.fastabend@gmail.com,
	andrii@kernel.org, martin.lau@linux.dev, song@kernel.org,
	yonghong.song@linux.dev, kpsingh@kernel.org, sdf@fomichev.me,
	haoluo@google.com, jolsa@kernel.org, tangyazhou518@outlook.com,
	shenghaoyuan0928@163.com, ziye@zju.edu.cn
Subject: Re: [PATCH bpf-next v9 2/3] bpf: Fix s16 truncation for large bpf-to-bpf call offsets
Date: Thu, 30 Apr 2026 16:25:21 +0100	[thread overview]
Message-ID: <c801c51e-70d5-4bdd-8f83-d1f71f84186d@kernel.org> (raw)
In-Reply-To: <6fc310e8-f929-4b1a-b298-71f2445e3c6e@zju.edu.cn>

2026-04-30 23:00 UTC+0800 ~ Yazhou Tang <tangyazhou@zju.edu.cn>
> Hi Kuohai,
> 
> Thanks for your review and the Acked-by tag.
> 
> On 4/30/26 11:29, Xu Kuohai wrote:
>> On 4/30/2026 1:19 AM, Yazhou Tang wrote:
> 
> [...]
> 
>>> diff --git a/kernel/bpf/fixups.c b/kernel/bpf/fixups.c
>>> index 300e4e251931..8947ef74f6a8 100644
>>> --- a/kernel/bpf/fixups.c
>>> +++ b/kernel/bpf/fixups.c
>>> @@ -1250,9 +1250,9 @@ static int jit_subprogs(struct bpf_verifier_env
>>> *env)
>>>           }
>>>           if (!bpf_pseudo_call(insn))
>>>               continue;
>>> -        insn->off = env->insn_aux_data[i].call_imm;
>>> -        subprog = bpf_find_subprog(env, i + insn->off + 1);
>>> -        insn->imm = subprog;
>>> +        insn->imm = env->insn_aux_data[i].call_imm;
>>> +        subprog = bpf_find_subprog(env, i + insn->imm + 1);
>>> +        insn->off = subprog;
>>>       }
>>>       prog->jited = 1;
>>> diff --git a/tools/bpf/bpftool/cfg.c b/tools/bpf/bpftool/cfg.c
>>> index e3785f9a697d..df43a0e0023f 100644
>>> --- a/tools/bpf/bpftool/cfg.c
>>> +++ b/tools/bpf/bpftool/cfg.c
>>> @@ -142,7 +142,7 @@ static bool cfg_partition_funcs(struct cfg *cfg,
>>> struct bpf_insn *cur,
>>>               continue;
>>>           if (cur->src_reg != BPF_PSEUDO_CALL)
>>>               continue;
>>> -        func = cfg_append_func(cfg, cur + cur->off + 1);
>>> +        func = cfg_append_func(cfg, cur + cur->imm + 1);
>>
>> Do we need to matain backward compatibility with the old bpftool here?
>> I suspect not, but I'm not entirely sure.
> 
> I agree. Since bpftool is maintained in-tree, it should be enough to just
> keep it in sync with the current kernel tree.

Hi, bpftool is also mirrored on GitHub at
https://github.com/libbpf/bpftool
and many people build it from there, so yes, it should be backward
compatible if possible at all.

Thanks,
Quentin

next prev parent reply	other threads:[~2026-04-30 15:25 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-29 17:19 [PATCH bpf-next v9 0/3] bpf: Fix call offset truncation and OOB read in bpf_patch_call_args() Yazhou Tang
2026-04-29 17:19 ` [PATCH bpf-next v9 1/3] bpf: Fix out-of-bounds " Yazhou Tang
2026-04-30  3:29   ` Xu Kuohai
2026-04-30 14:50     ` Yazhou Tang
2026-04-29 17:19 ` [PATCH bpf-next v9 2/3] bpf: Fix s16 truncation for large bpf-to-bpf call offsets Yazhou Tang
2026-04-29 21:10   ` sashiko-bot
2026-04-30 14:47     ` Yazhou Tang
2026-04-30  3:29   ` Xu Kuohai
2026-04-30 15:00     ` Yazhou Tang
2026-04-30 15:25       ` Quentin Monnet [this message]
2026-05-01  7:35         ` Yazhou Tang
2026-05-01  7:53           ` Alexei Starovoitov
2026-05-03  6:55             ` Yazhou Tang
2026-04-29 17:19 ` [PATCH bpf-next v9 3/3] selftests/bpf: Add test for large offset bpf-to-bpf call Yazhou Tang
2026-04-30  3:30   ` Xu Kuohai

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c801c51e-70d5-4bdd-8f83-d1f71f84186d@kernel.org \
    --to=qmo@kernel.org \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=emil@etsalapatis.com \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=puranjay@kernel.org \
    --cc=sdf@fomichev.me \
    --cc=shenghaoyuan0928@163.com \
    --cc=song@kernel.org \
    --cc=tangyazhou518@outlook.com \
    --cc=tangyazhou@zju.edu.cn \
    --cc=xukuohai@huaweicloud.com \
    --cc=yonghong.song@linux.dev \
    --cc=ziye@zju.edu.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox