
<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - BPF target: code generation with shifts around ptr types"

   href="https://bugs.llvm.org/show_bug.cgi?id=33369">33369</a>

          </td>

        </tr>


        <tr>

          <th>Summary</th>

          <td>BPF target: code generation with shifts around ptr types

          </td>

        </tr>


        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>


        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>


        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>


        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>


        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>


        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>


        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>


        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>


        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>


        <tr>

          <th>Reporter</th>

          <td>daniel@iogearbox.net

          </td>

        </tr>


        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>We've seen code generated for the BPF ctx (XDP in this case) that looks as

follows:


[...]

; new_dst.p4 |= svc->rev_nat_index;

     704:       r3 <<= 8

     705:       r3 |= r4

; if (svc->rev_nat_index)

     706:       r2 |= r3

; memcpy(ptr, from, len);

     707:       *(u8 *)(r1 + 50) = r2

     708:       r2 >>= 8

     709:       *(u8 *)(r1 + 51) = r2

     710:       r2 = *(u32 *)(r6 + 4)   ; XDP data_end (rewrite to ptr load)

     711:       r1 = *(u32 *)(r6 + 0)   ; XDP data (rewrite to ptr load)


LBB0_107:

     712:       r3 = 4294967142ll

; void *end = (void *)(long) xdp->data_end;

     714:       r2 <<= 32               ; buggy (destroys ptr)

     715:       r2 >>= 32               ; buggy

; void *data = (void *)(long) xdp->data;

     716:       r1 <<= 32               ; buggy (destroys ptr)

     717:       r1 >>= 32               ; buggy

; if (data + sizeof(*ptr) > end)

     718:       r4 = r1

     719:       r4 += 2

     720:       if r4 > r2 goto 3

; *(__u16 *) data = 1;//csum;

     721:       r2 = 1

     722:       *(u16 *)(r1 + 0) = r2

     723:       r3 = 0

[...]


$ clang --version

clang version 5.0.0 (<a href="https://github.com/llvm-mirror/clang.git">https://github.com/llvm-mirror/clang.git</a>

91d84ed65dd3629b4536cf393850ecfdfd3f1be5)

(<a href="https://github.com/llvm-mirror/llvm.git">https://github.com/llvm-mirror/llvm.git</a>

2385754c5e1ce0689b4295a3e13e1a47215b850d)

Target: x86_64-unknown-linux-gnu

Thread model: posix

InstalledDir: /usr/local/bin</pre>

        </div>

      </p>


      <hr>

      <span>You are receiving this mail because:</span>


      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>