Cilium program parsing fails due to relocation map bug

[jetafese]

The verifier is not able to properly parse the following program from the cilium project: bpf_overlay.c. For example, running the verifier on section tc gives:

Unresolved external symbol test_cilium_calls_65535 in section tc at location 122
Unresolved external symbol test_cilium_calls_65535 in section tc at location 130
Unresolved external symbol test_cilium_calls_65535 in section tc at location 138
Unresolved external symbol test_cilium_calls_65535 in section tc at location 184
Unresolved external symbol test_cilium_calls_65535 in section tc at location 90
Unresolved external symbol test_cilium_calls_65535 in section tc at location 99
Unresolved external symbol test_cilium_calls_65535 in section tc at location 176
error: There are relocations in section but no maps sections in file bpf_overlay.o
Make sure to inline all function calls.

Looking deeper into this, we notice that test_cilium_calls_65535 is not a function/symbol that exists in the original c file. Therefore, we ran the preprocessor to see where the symbol gets introduced. Doing so showed us that it corresponds to struct bpf_elf_map and it's macro defines a section: "maps" rather than ".maps"

Further investigation shows that the issue lies at INST_SIZE_MASK where we suspect an immediate load is the culprit, where the parser fails to resolve the immediate number to an offset in a different section.

[jetafese]

an even smaller smaller example is the tc section of bpf_network.o