Hi!
I have a qustion about arm64 bpf jit implementation.
The problem I observe is "taken loop with back jump to 1st insn"
verifier test, the subprogram is:
BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_1),
BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 1),
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, -3),
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
BPF_EXIT_INSN(),
Jitting the program causes invokation of bpf2a64_offset(-1, 2, ctx)
from
jmp_offset = bpf2a64_offset(i + off, i, ctx);
which does ctx->offset[-1] then (and works by accident when it
returns 0).
As far as I see, the offset[] keeps actually offsets of the next
instruction:
ret = build_insn(insn, ctx, extra_pass);
if (ret > 0) {
i++;
if (ctx->image == NULL)
ctx->offset[i] = ctx->idx;
continue;
}
if (ctx->image == NULL)
ctx->offset[i] = ctx->idx;
ctx->idx is updated by build_insn() already.
How is that supposed to work?
--
WBR,
Yauheni Kaliuta
