Re: [RFC bpf-next 8/9] libbpf: support llvm-generated indirect jumps

Eduard Zingerman <eddyz87@xxxxxxxxx> · Tue, 08 Jul 2025 01:30:04 -0700

On Mon, 2025-07-07 at 12:07 -0700, Eduard Zingerman wrote:
> On Thu, 2025-07-03 at 11:21 -0700, Eduard Zingerman wrote:
> 
> [...]
> 
> > > > >   .jumptables
> > > > >     <subprog-rel-off-0>
> > > > >     <subprog-rel-off-1> | <--- jump table #1 symbol:
> > > > >     <subprog-rel-off-2> |        .size = 2   // number of entries in the jump table
> > > > >     ...                          .value = 1  // offset within .jumptables
> > > > >     <subprog-rel-off-N>                          ^
> > > > >                                                  |
> > > > >   .text                                          |
> > > > >     ...                                          |
> > > > >     <insn-N>     <------ relocation referencing -'
> > > > >     ...                  jump table #1 symbol
> 
> [...]
> 
> I think I got it working in:
> https://github.com/eddyz87/llvm-project/tree/separate-jumptables-section
> 
> Changes on top of Yonghong's work.
> An example is in the attachment the gist is:
> 
> -------------------------------
> 
> $ clang --target=bpf -c -o jump-table-test.o jump-table-test.c
> There are 8 section headers, starting at offset 0xaa0:
> 
> Section Headers:
>   [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
>   ...
>   [ 4] .jumptables       PROGBITS        0000000000000000 000220 000260 00      0   0  1
>   ...
> 
> Symbol table '.symtab' contains 8 entries:
>    Num:    Value          Size Type    Bind   Vis       Ndx Name
>      ...
>      3: 0000000000000000   256 NOTYPE  LOCAL  DEFAULT     4 .BPF.JT.0.0
>      4: 0000000000000100   352 NOTYPE  LOCAL  DEFAULT     4 .BPF.JT.0.1
>      ...
> 
> $ llvm-objdump --no-show-raw-insn -Sdr jump-table-test.o
> jump-table-test.o:      file format elf64-bpf
> 
> Disassembly of section .text:
> 
> 0000000000000000 <foo>:
>        ...
>        6:       r2 <<= 0x3
>        7:       r1 = 0x0 ll
>                 0000000000000038:  R_BPF_64_64  .jumptables

I just realized that this relocation references a wrong symbol.
Instead of .BPF.JT.0.0 it references jump table itself.
Need more time to investigate.

>        9:       r1 += r2
>       10:       r1 = *(u64 *)(r1 + 0x0)
>       11:       gotox r1

Adding a relocation here requires to bend over backwards a little bit.
Need more time to figure this out.

>       ...
>       34:       r2 <<= 0x3
>       35:       r1 = 0x100 ll
>                 0000000000000118:  R_BPF_64_64  .jumptables
>       37:       r1 += r2
>       38:       r1 = *(u64 *)(r1 + 0x0)
>       39:       gotox r1
>       ...
> 
> -------------------------------
> 
> The changes only touch BPF backend. Can be simplified a bit if I move
> MachineFunction::getJTISymbol to TargetLowering in the shared LLVM
> parts.