[DTrace-devel] [PATCH] Handle unlabeled BPF_NOP instructions

Kris Van Hees kris.van.hees at oracle.com
Mon Jan 4 14:18:12 PST 2021 

On Fri, Dec 11, 2020 at 06:41:04PM -0500, eugene.loh at oracle.com wrote:
> From: Eugene Loh <eugene.loh at oracle.com>
> 
> Although BPF jump instructions take a relative distance, we emit BPF
> code that jumps to 1-based labels, which are relocated to relative
> distances later, during dt_as()'s second pass.
> 
> A special case is BPF_NOP instructions, which are jumps of 0 distance.
> These targets are interpreted by dt_as() as "label 0", which does not
> exist, which leads to incorrect code and possibly BPF verifier failures.
> 
> The problem has not been an issue so far since we have only emitted
> BPF_NOP instructions that are themselves labeled, and that particular
> case has been handled specially (by eliminating these NOPs during
> dt_as's first pass).

I think that the paragraph above are confusing and do not really add
information for the tiny commit.

> Add code to exclude BPF_NOP (jump 0) from jump-target relocation.

I would just write this as a short paragraph explaining that we emit all
branches with a label id stored in the offset field, to be resolved during
assembly.  Since "jmp 0" is used to encode a NOP in BPF, we need to exclude
jumps with offset 0 from the jump-target relocation.

> Signed-off-by: Eugene Loh <eugene.loh at oracle.com>
> Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
>  libdtrace/dt_as.c  | 6 +++++-
>  libdtrace/dt_dis.c | 2 +-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/libdtrace/dt_as.c b/libdtrace/dt_as.c
> index 437a2d86..e33d40a5 100644
> --- a/libdtrace/dt_as.c
> +++ b/libdtrace/dt_as.c
> @@ -330,7 +330,7 @@ fail:
>  
>  	/*
>  	 * Make a second pass through the instructions, relocating each branch
> -	 * label to the index of the final instruction in the buffer and noting
> +	 * label to be a jump relative to the following instruction and noting
>  	 * any other instruction-specific DIFO flags such as dtdo_destructive.

Hm, I do not think this is correct.  Well, the original comment wasn't quite
accurate either of course.  I think it ought to be:

	Make a second pass through the instructions, relocating each branch
	target (a label ID) to the location of the label and noting
	any instruction-specific DIFO flags such as dtdo_destructive.

>  	 */
>  	for (i = 0; i < dp->dtdo_len; i++) {
> @@ -341,6 +341,10 @@ fail:
>  		if (BPF_CLASS(instr.code) != BPF_JMP)
>  			continue;
>  
> +		/* We ignore NOP (jmp 0). */
> +		if (BPF_IS_NOP(instr))
> +			continue;
> +

Good.

>  		/* We ignore function calls and function exits. */
>  		if (op == BPF_CALL || op == BPF_EXIT)
>  			continue;
> diff --git a/libdtrace/dt_dis.c b/libdtrace/dt_dis.c
> index d047bde3..27e98c30 100644
> --- a/libdtrace/dt_dis.c
> +++ b/libdtrace/dt_dis.c
> @@ -346,7 +346,7 @@ dt_dis_jump(const dtrace_difo_t *dp, const char *name, uint_t addr,
>  	    const struct bpf_insn *in, const char *rname, FILE *fp)
>  {
>  	if (in->off == 0)
> -		fprintf(fp, "nop");
> +		fprintf(fp, "nop\n");

Good catch.  Never notived because we never generated NOPs that made it into
the final assembled code.

>  	else {
>  		int	n;
>  
> -- 
> 2.18.4
> 
> 
> _______________________________________________
> DTrace-devel mailing list
> DTrace-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/dtrace-devel

More information about the DTrace-devel mailing list