Commit 7dd62566 authored May 22, 2026 by KP Singh Committed by Alexei Starovoitov May 23, 2026

libbpf: fix off-by-one in emit_signature_match jump offset



The offset for the cleanup-label jump is computed before the MOV R7
instruction is emitted, but the JMP lands after it. Account for the
extra insn in the offset calculation (-2 instead of -1). Drop the
redundant self-loop in the else branch; gen->error = -ERANGE already
marks the generation as failed.

Fixes: fb2b0e29 ("libbpf: Update light skeleton for signing")
Signed-off-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20260522215337.662271-2-kpsingh@kernel.org


Signed-off-by: Alexei Starovoitov <ast@kernel.org>

parent 49b18315

tools/lib/bpf/gen_loader.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -592,13 +592,12 @@ static void emit_signature_match(struct bpf_gen *gen)
		gen->hash_insn_offset[i] = gen->insn_cur - gen->insn_start;
		emit2(gen, BPF_LD_IMM64_RAW_FULL(BPF_REG_3, 0, 0, 0, 0, 0));

		off = -(gen->insn_cur - gen->insn_start - gen->cleanup_label) / 8 - 1;
		off = -(gen->insn_cur - gen->insn_start - gen->cleanup_label) / 8 - 2;
		if (is_simm16(off)) {
		emit(gen, BPF_MOV64_IMM(BPF_REG_7, -EINVAL));
		emit(gen, BPF_JMP_REG(BPF_JNE, BPF_REG_2, BPF_REG_3, off));
		} else {
		gen->error = -ERANGE;
		emit(gen, BPF_JMP_IMM(BPF_JA, 0, 0, -1));
		}
		}
		}