Closed Officeyutong closed 1 year ago
Thanks for the report!
I can reproduce. We're having an issue with the division. Here's how clang
translated your modulo operation:
mov64 r7, r5 // r7 = i
div64 r7, r0 // r7 = r7 / j -> This instruction causes the crash
mul64 r7, r0 // r7 = r7 * j
mov64 r6, r5 // r6 = i
sub64 r6, r7 // r6 = i - i/j*j
The generated eBPF code looks correct. Playing with the code from the JIT compiler, we're having an issue with this line: removing the generation of the instructions to handle divisions-by-zero in this if {}
make the instruction pass.
Looking further, the offset we use for the emit_direct_jcc(mem, 0x85, 7)
is incorrect in your case. Why then does it work for all the existing tests? This is because some instruction may convert to 2 or 3 bytes, depending on the register we use. With r7
, it's 3 bytes; whereas the existing tests usually use the lower registers. Given that the offset is incorrect, we don't jump correctly, causing the segfault.
Addressing the offset (based on the same check done in the instructions that emits a variable number of bytes) fixes the issue. I'm preparing a PR.
Segmentation fault when executing the jitted ebpf program
Description
Segmentation fault when executting the jitted ebpf program. But the same program works well when using intepreter mode.
Cargo.toml
Rust program
ebpf program
prime.bpf.bin.zip
It was zipped, since github does not support uploading
*.bin
files.The ebpf program was compiled from the following C source using
clang 14.0.6
, then the.text
segment was extracted usingllvm-objcopy
How to trigger
Expected behavior
Program successfully exited with no exception
Environment