This is an archive of the discontinued LLVM Phabricator instance.

Differential D125185

[BPF] Mark FI_ri as isPseudo to avoid assertion during disassembly
ClosedPublic

Authored by eddyz87 on May 8 2022, 6:52 AM.

Details

Reviewers
ast
yonghong-song
Commits
rG256a18997e41: [BPF] Add a test for making FI_ri as isPseudo
rG8a63326150ee: [BPF] Mark FI_ri as isPseudo to avoid assertion during disassembly
Summary

When a specific sequence of bytes is present in the file during
disassembly the disassembler fails with the following assertion:

...
     0:	18 20 00 00 00 00 00 00	lea
... Assertion `idx < size()' failed.
...
llvm::SmallVectorTemplateCommon<...>::operator[](...) ...
llvm::MCInst::getOperand(unsigned int) ...
llvm::BPFInstPrinter::printOperand(...) ...
llvm::BPFInstPrinter::printInstruction() ...
llvm::BPFInstPrinter::printInst(...) ...
...

The byte sequence causing the error is (little endian):

18 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The issue could be reproduced using the program bellow:

test.ir:

@G = constant
       [16 x i8]
       [i8 u0x18, i8 u0x20, i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00,
        i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00, i8 u0x00],
       section "foo", align 8

Compiled and disassembled as follows:

cat test.ir | llc -march=bpfel -filetype=obj -o - \
            | llvm-objdump --arch=bpfel --section=foo -d -

This byte sequence corresponds to FI_ri instruction declared in the
BPFInstrInfo.td as follows:

def FI_ri
    : TYPE_LD_ST<BPF_IMM.Value, BPF_DW.Value,
                 (outs GPR:$dst),
                 (ins MEMri:$addr),
                 "lea\t$dst, $addr",
                 [(set i64:$dst, FIri:$addr)]> {
  // This is a tentative instruction, and will be replaced
  // with MOV_rr and ADD_ri in PEI phase
  let Inst{51-48} = 0;
  let Inst{55-52} = 2;
  let Inst{47-32} = 0;
  let Inst{31-0} = 0;
  let BPFClass = BPF_LD;
}

Notes:

  • First byte (opcode) is formed as follows:
    • BPF_IMM.Value is 0x00
    • BPF_DW.Value is 0x18
    • BPF_LD is 0x00
  • Second byte (registers) is formed as follows:
    • let Inst{55-52} = 2;
    • let Inst{51-48} = 0;

The FI_ri instruction is always replaced by MOV_rr ADD_ri instructions
pair in the BPFRegisterInfo::eliminateFrameIndex method. Thus, this
instruction should be invisible to disassembler. This patch achieves
this by adding "isPseudo" flag for this instruction.

The bug was found by decompiling of one of the BPF tests from Linux
kernel (llvm-objdump -D tools/testing/selftests/bpf/bpf_iter_sockmap.o)

Diff Detail

Event Timeline

eddyz87 created this revision.May 8 2022, 6:52 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 8 2022, 6:52 AM
Herald added a subscriber: hiraditya. · View Herald Transcript
eddyz87 updated this revision to Diff 427932.May 8 2022, 6:57 AM
eddyz87 edited the summary of this revision. (Show Details)

Commit message fixes for better formatting

eddyz87 added a reviewer: ast.May 8 2022, 7:14 AM
eddyz87 updated this revision to Diff 427936.May 8 2022, 7:26 AM
This comment was removed by eddyz87.
Harbormaster completed remote builds in B163379: Diff 427936.May 8 2022, 10:00 AM
eddyz87 published this revision for review.May 8 2022, 11:23 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 8 2022, 11:23 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
eddyz87 added a comment.May 9 2022, 2:43 PM

The following tests are passing with this patch:

  • LLVM unit and regression tests (ninja check-all)
  • BPF selftests (linux/tools/testing/selftests/bpf/vmtest.sh, bpf-next kernel repository, commit 20b87e7c29df)
yonghong-song accepted this revision.May 10 2022, 7:49 AM
yonghong-song added a subscriber: yonghong-song.

The change looks good to me. Do you have write permission to merge into llvm-project main repo? If not, I can do the merge for you.

This revision is now accepted and ready to land.May 10 2022, 7:49 AM
eddyz87 added a comment.May 10 2022, 8:09 AM
In D125185#3503586, @yonghong-song wrote:

The change looks good to me. Do you have write permission to merge into llvm-project main repo? If not, I can do the merge for you.

Thank you,
I don't have the write permission, please merge it for me.

yonghong-song added a comment.May 10 2022, 11:03 AM

Could you provide proper "<Name> <Email Address>" so I can change author to you when I push the commit to the main branch?

eddyz87 added a comment.May 10 2022, 11:24 AM
In D125185#3504146, @yonghong-song wrote:

Could you provide proper "<Name> <Email Address>" so I can change author to you when I push the commit to the main branch?

Eduard Zingerman eddyz87@gmail.com

Closed by commit rG8a63326150ee: [BPF] Mark FI_ri as isPseudo to avoid assertion during disassembly (authored by eddyz87, committed by yonghong-song). · Explain WhyMay 10 2022, 5:08 PM
This revision was automatically updated to reflect the committed changes.
yonghong-song added a commit: rG8a63326150ee: [BPF] Mark FI_ri as isPseudo to avoid assertion during disassembly.
ast added a comment.May 10 2022, 5:20 PM

a test got lost?

yonghong-song added a comment.May 10 2022, 5:41 PM
In D125185#3505000, @ast wrote:

a test got lost?

My fault. Forgot to git add the file before the push. Will push the test shortly with a separate commit.

yonghong-song added a commit: rG256a18997e41: [BPF] Add a test for making FI_ri as isPseudo.May 10 2022, 5:46 PM

Revision Contents

PathSize
llvm/
lib/
Target/
BPF/
1 line

Diff 428539

llvm/lib/Target/BPF/BPFInstrInfo.td

Show First 20 LinesShow All 366 Lines▼ Show 20 Lines : TYPE_LD_ST<BPF_IMM.Value, BPF_DW.Value,
[(set i64:$dst, FIri:$addr)]> { [(set i64:$dst, FIri:$addr)]> {
// This is a tentative instruction, and will be replaced // This is a tentative instruction, and will be replaced
// with MOV_rr and ADD_ri in PEI phase // with MOV_rr and ADD_ri in PEI phase
let Inst{51-48} = 0; let Inst{51-48} = 0;
let Inst{55-52} = 2; let Inst{55-52} = 2;
let Inst{47-32} = 0; let Inst{47-32} = 0;
let Inst{31-0} = 0; let Inst{31-0} = 0;
let BPFClass = BPF_LD; let BPFClass = BPF_LD;
bit isPseudo = true;
} }
def LD_pseudo def LD_pseudo
: TYPE_LD_ST<BPF_IMM.Value, BPF_DW.Value, : TYPE_LD_ST<BPF_IMM.Value, BPF_DW.Value,
(outs GPR:$dst), (outs GPR:$dst),
(ins i64imm:$pseudo, u64imm:$imm), (ins i64imm:$pseudo, u64imm:$imm),
"ld_pseudo\t$dst, $pseudo, $imm", "ld_pseudo\t$dst, $pseudo, $imm",
[(set GPR:$dst, (int_bpf_pseudo imm:$pseudo, imm:$imm))]> { [(set GPR:$dst, (int_bpf_pseudo imm:$pseudo, imm:$imm))]> {
▲ Show 20 LinesShow All 612 LinesShow Last 20 Lines