No subject
Wed Jan 14 23:30:03 AEDT 2026
bpf_frame_size points to the caller's frame. But func_frame_offset equals
(bpf_dummy_frame_size + bpf_frame_size), which points into the caller's frame
itself. Loading from that address returns the caller's back chain (pointing
to the grandparent frame), not a pointer to the caller's frame.
This appears to cause the subsequent load at [_R4 - 8] to read the grandparent's
tail_call_info rather than the caller's. Would loading from [_R1 + bpf_frame_size]
give the correct pointer to the caller's frame?
For comparison, the subprogram prologue in bpf_jit_build_prologue() uses
[_R1 + 0] to get the back chain pointing to its caller, which seems like
the right pattern.
> +
> + /*
> + * Setting the tail_call_info in trampoline's frame
> + * depending on if previous frame had value or reference.
> + */
> + EMIT(PPC_RAW_CMPLWI(_R3, MAX_TAIL_CALL_CNT));
> + PPC_COND_BRANCH(COND_GT, CTX_NIA(ctx) + 8);
> + EMIT(PPC_RAW_ADDI(_R3, _R4, bpf_jit_stack_tailcallinfo_offset(ctx)));
[ ... ]
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/20993216190
--===============3401074341333993029==--
More information about the Linuxppc-dev
mailing list