[DPDK/core Bug 1959] BPF JIT produces bad code

DPDK-dev Archive on lore.kernel.org
 help / color / mirror / Atom feed

* [DPDK/core Bug 1959] BPF JIT produces bad code
@ 2026-06-18 19:52 bugzilla
  0 siblings, 0 replies; only message in thread
From: bugzilla @ 2026-06-18 19:52 UTC (permalink / raw)
  To: dev

http://bugs.dpdk.org/show_bug.cgi?id=1959

            Bug ID: 1959
           Summary: BPF JIT produces bad code
           Product: DPDK
           Version: 22.03
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: major
          Priority: Normal
         Component: core
          Assignee: dev@dpdk.org
          Reporter: stephen@networkplumber.org
  Target Milestone: ---

While testing bpf convert code for capture; discovered that the following BPF
instructions are JIT'd in a way that causes a SEGV when executed.

bpf convert for "ether[0] & 1 = 0 and ip[16] >= 224" produced:
cBPF program (8 insns)
(000) ldb      [0]
(001) jset     #0x1             jt 7    jf 2
(002) ldh      [12]
(003) jeq      #0x800           jt 4    jf 7
(004) ldb      [30]
(005) jge      #0xe0            jt 6    jf 7
(006) ret      #262144
(007) ret      #0

eBPF program (14 insns)
 L0:    xor r0, r0
 L1:    xor r7, r7
 L2:    mov r6, r1
 L3:    ldb r0, [0]
 L4:    jset r0, #0x1, L12
 L5:    ldh r0, [12]
 L6:    jne r0, #0x800, L12
 L7:    ldb r0, [30]
 L8:    jge r0, #0xe0, L10
 L9:    ja L12
 L10:   mov32 r0, #0x40000
 L11:   exit
 L12:   mov32 r0, #0x0
 L13:   exit
JIT code at [0x7fb6dbebf000], len=340
00000000: 48 83 EC 18 48 89 5C 24 00 4C 89 6C 24 08 48 89 | H...H.\$.L.l$.H.
00000010: 6C 24 10 48 89 E5 48 83 EC 08 48 83 E4 F0 48 31 | l$.H..H...H...H1
00000020: C0 4D 31 ED 48 89 FB 48 31 F6 48 0F B7 53 28 48 | .M1.H..H1.H..S(H
00000030: 29 F2 48 83 FA 01 7C 11 48 0F B7 53 10 48 8B 43 | ).H...|.H..S.H.C
00000040: 00 48 01 D0 48 01 F0 EB 26 48 C7 C2 01 00 00 00 | .H..H...&H......
00000050: 48 89 E9 48 83 E9 08 48 89 DF 48 B8 30 7E C6 A5 | H..H...H..H.0~..
00000060: 01 56 00 00 FF D0 48 85 C0 0F 84 CA 00 00 00 48 | .V....H........H
00000070: 0F B6 40 00 48 F7 C0 01 0F 85 D2 00 00 00 48 C7 | ..@.H.........H.
00000080: C6 0C 00 00 00 48 0F B7 53 28 48 29 F2 48 83 FA | .....H..S(H).H..
00000090: 02 7C 11 48 0F B7 53 10 48 8B 43 00 48 01 D0 48 | .|.H..S.H.C.H..H
000000A0: 01 F0 EB 22 48 C7 C2 02 00 00 00 48 89 E9 48 83 | ..."H......H..H.
000000B0: E9 08 48 89 DF 48 B8 30 7E C6 A5 01 56 00 00 FF | ..H..H.0~...V...
000000C0: D0 48 85 C0 74 73 48 0F B7 40 00 66 C1 C8 08 0F | .H..tsH..@.f....
000000D0: B7 C0 48 81 F8 00 08 00 00 75 75 48 C7 C6 1E 00 | ..H......uuH....
000000E0: 00 00 48 0F B7 53 28 48 29 F2 48 83 FA 01 7C 11 | ..H..S(H).H...|.
000000F0: 48 0F B7 53 10 48 8B 43 00 48 01 D0 48 01 F0 EB | H..S.H.C.H..H...
00000100: 22 48 C7 C2 01 00 00 00 48 89 E9 48 83 E9 08 48 | "H......H..H...H
00000110: 89 DF 48 B8 30 7E C6 A5 01 56 00 00 FF D0 48 85 | ..H.0~...V....H.
00000120: C0 74 16 48 0F B6 40 00 48 81 F8 E0 00 00 00 73 | .t.H..@.H......s
00000130: 02 EB 1D C7 C0 00 00 04 00 48 89 EC 48 8B 5C 24 | .........H..H.\$
00000140: 00 4C 8B 6C 24 08 48 8B 6C 24 10 48 83 C4 18 C3 | .L.l$.H.l$.H....
00000150: 31 C0 EB E5                                     | 1...
Segmentation fault         DPDK_TEST=bpf_convert_autotest ./build/app/dpdk-test

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-18 19:52 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-18 19:52 [DPDK/core Bug 1959] BPF JIT produces bad code bugzilla

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox