On Wed, Nov 23, 2022 at 6:24 AM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: > > > static int fixup_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn, > > struct bpf_insn *insn_buf, int insn_idx, int *cnt) > > { > > @@ -15181,6 +15200,15 @@ static int fixup_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn, > > return -EINVAL; > > } > > > > + if (resolve_prog_type(env->prog) == BPF_PROG_TYPE_XDP) { > > + int imm = fixup_xdp_kfunc_call(env, insn->imm); > > + > > + if (imm) { > > + insn->imm = imm; > > + return 0; > > This needs to also set *cnt = 0 before returning; otherwise the verifier > can do some really weird instruction rewriting that leads to the JIT > barfing on invalid instructions (as I just found out while trying to > test this). Oops, that was me not paying too much attention during the merge.. Yonghong actually did some kfunc unrolling, yay :-)