* bpftool generated jited has unpreventable jump addresses
@ 2026-03-05 13:54 Farbod Shahinfar
2026-03-09 17:25 ` Quentin Monnet
0 siblings, 1 reply; 3+ messages in thread
From: Farbod Shahinfar @ 2026-03-05 13:54 UTC (permalink / raw)
To: bpf
Hi,
I want to prepare a CFG for a jited eBPF program. The output of
`bpftool prog dump jited id xx` reports jumps with kernel memory
address (e.g., `ja 0xffffffffc013ad2a`) and it seems impossible
to infer where the destination of the jump is. I thought maybe by
knowing the base address of the program, I can manually convert jump
destinations to relative addresses, but the base address is not known
by bpftool (As far as I understood looking at the code).
My questions are:
1. Is this a real problem or am I missing something (I might be
because the bpftool already reports CFG for xlated version)
2. If it is a limitation, how do you suggest to address the problem
(if it is of interest to others of course). My initial guess is to
return the load address of the program in the `bpf_prog_info` when
doing `bpf_prog_get_info_by_fd`
Sincerely
Farbod
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: bpftool generated jited has unpreventable jump addresses
2026-03-05 13:54 bpftool generated jited has unpreventable jump addresses Farbod Shahinfar
@ 2026-03-09 17:25 ` Quentin Monnet
2026-03-12 10:53 ` Farbod Shahinfar
0 siblings, 1 reply; 3+ messages in thread
From: Quentin Monnet @ 2026-03-09 17:25 UTC (permalink / raw)
To: Farbod Shahinfar, bpf
2026-03-05 14:54 UTC+0100 ~ Farbod Shahinfar <fshahinfar1@gmail.com>
> Hi,
>
> I want to prepare a CFG for a jited eBPF program. The output of
> `bpftool prog dump jited id xx` reports jumps with kernel memory
> address (e.g., `ja 0xffffffffc013ad2a`) and it seems impossible
> to infer where the destination of the jump is. I thought maybe by
> knowing the base address of the program, I can manually convert jump
> destinations to relative addresses, but the base address is not known
> by bpftool (As far as I understood looking at the code).
Hi, if I remember correctly you may be able to get the base address for
the image from /proc/kallsyms, depending on your privileges and your
sysctl configuration, see:
https://docs.kernel.org/admin-guide/sysctl/net.html#bpf-jit-kallsyms
> My questions are:
> 1. Is this a real problem or am I missing something (I might be
> because the bpftool already reports CFG for xlated version)
As far as I'm aware, there hasn't been much interest so far in
generating the CFG for the JITed program, knowing that it's already
available for xlated instructions indeed.
> 2. If it is a limitation, how do you suggest to address the problem
> (if it is of interest to others of course). My initial guess is to
> return the load address of the program in the `bpf_prog_info` when
> doing `bpf_prog_get_info_by_fd`
If the sysctl knob is turned off, I'm not sure allowing the extraction
of image addresses through bpftool is a good idea.
Quentin
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: bpftool generated jited has unpreventable jump addresses
2026-03-09 17:25 ` Quentin Monnet
@ 2026-03-12 10:53 ` Farbod Shahinfar
0 siblings, 0 replies; 3+ messages in thread
From: Farbod Shahinfar @ 2026-03-12 10:53 UTC (permalink / raw)
To: Quentin Monnet; +Cc: bpf
On Mon, Mar 9, 2026 at 6:25 PM Quentin Monnet <qmo@kernel.org> wrote:
>
> 2026-03-05 14:54 UTC+0100 ~ Farbod Shahinfar <fshahinfar1@gmail.com>
> > Hi,
> >
> > I want to prepare a CFG for a jited eBPF program. The output of
> > `bpftool prog dump jited id xx` reports jumps with kernel memory
> > address (e.g., `ja 0xffffffffc013ad2a`) and it seems impossible
> > to infer where the destination of the jump is. I thought maybe by
> > knowing the base address of the program, I can manually convert jump
> > destinations to relative addresses, but the base address is not known
> > by bpftool (As far as I understood looking at the code).
>
>
> Hi, if I remember correctly you may be able to get the base address for
> the image from /proc/kallsyms, depending on your privileges and your
> sysctl configuration, see:
>
> https://docs.kernel.org/admin-guide/sysctl/net.html#bpf-jit-kallsyms
>
>
> > My questions are:
> > 1. Is this a real problem or am I missing something (I might be
> > because the bpftool already reports CFG for xlated version)
>
>
> As far as I'm aware, there hasn't been much interest so far in
> generating the CFG for the JITed program, knowing that it's already
> available for xlated instructions indeed.
>
>
> > 2. If it is a limitation, how do you suggest to address the problem
> > (if it is of interest to others of course). My initial guess is to
> > return the load address of the program in the `bpf_prog_info` when
> > doing `bpf_prog_get_info_by_fd`
>
>
> If the sysctl knob is turned off, I'm not sure allowing the extraction
> of image addresses through bpftool is a good idea.
>
> Quentin
Using the address in `/proc/kallsyms` things work. That solves my issue.
Thanks a lot.
Sincerely,
Farbod
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-12 10:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-05 13:54 bpftool generated jited has unpreventable jump addresses Farbod Shahinfar
2026-03-09 17:25 ` Quentin Monnet
2026-03-12 10:53 ` Farbod Shahinfar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox