Re: [PATCH bpf-next v2] bpf: Fix unaligned interpreter panic on JIT fallback path

[Tiezhu Yang]

On 2026/6/12 下午8:37, Xu Kuohai wrote:
> On 6/11/2026 6:12 PM, Tiezhu Yang wrote:
> > When an architecture implements bpf_jit_inlines_helper_call(), such
> > as LoongArch, ARM64, and RISC-V, the BPF verifier skips rewriting
> > the helper call offset (insn->imm) during the bpf_do_misc_fixups()
> > phase if the helper is expected to be inlined by the JIT compiler.
> > As a result, insn->imm remains as the raw helper enum ID.

...

> > +static void bpf_fixup_fallback_inline_helpers(struct bpf_verifier_env 
> > *env, struct bpf_prog *fp)
>
> The function name is a bit long for a static function

If there are no objections, I will shorten the static function
name to bpf_fixup_inline_helpers() in v4.

> > +{
> > +    struct bpf_insn *insn = fp->insnsi;
> > +    const struct bpf_func_proto *fn;
> > +    int i;
> > +
> > +    if (!env || !env->ops->get_func_proto)
> > +        return;
> > +
> > +    for (i = 0; i < fp->len; i++, insn++) {
> > +        if (insn->code == (BPF_JMP | BPF_CALL) && insn->src_reg == 0) {
> > +            /* Filter out already-patched address offsets. */
> > +            if (insn->imm >= __BPF_FUNC_MAX_ID)
>
> The check is redundant, since bpf_jit_inlines_helper_call() already
> filters out insn->imm numbers that is not a valid helper id.

Yes, I see your point. If insn->imm is an invalid helper ID,
bpf_jit_inlines_helper_call() will hit the default branch and
return false, making the prior check redundant. I will clean
this up.

> > +                continue;
> > +
> > +            if (bpf_jit_inlines_helper_call(insn->imm)) {
> > +                fn = env->ops->get_func_proto(insn->imm, env->prog);
> > +                if (fn && fn->func)
> > +                    insn->imm = fn->func - __bpf_call_base;
> > +            }
> > +        }
> > +    }
> > +}
> > +
> >   struct bpf_prog *__bpf_prog_select_runtime(struct bpf_verifier_env 
> > *env, struct bpf_prog *fp,
> >                          int *err)
> >   {
> > @@ -2643,6 +2668,9 @@ struct bpf_prog 
> > *__bpf_prog_select_runtime(struct bpf_verifier_env *env, struct
> >               *err = -ENOTSUPP;
> >               return fp;
> >           }
> > +
> > +        if (!fp->jited)
> > +            bpf_fixup_fallback_inline_helpers(env, fp);
> >       } else {
> >           *err = bpf_prog_offload_compile(fp);
> >           if (*err)
>
> I tested it on arm64 and the patch works.
>
> Tested-by: Xu Kuohai <xukuohai@xxxxxxxxxx>

Thanks for your review and the Tested-by tag.

Thanks,
Tiezhu