Question about stx instructions and offsets

[rjenkins]

Hiya @bolinfest. Thanks for the great blog post and this repository. I've found your section on annotated byte code to be quite helpful in understanding disassembled eBPF programs. I have a question about the stx instructions/two's complement 16-bit offset, and was hoping you might be able to provide some insight. For example, in https://github.com/bolinfest/rust-ebpf-demo#instruction-2 you mention mention the 0x7b or stxdw [dst+off], src, instruction which does a wide store (8 bytes) is passed an offset of -24 and is expected. Why is -24 expected in this case?

While I understand we're subtracting an offset from the frame pointer to allocate space on the stack, it's not clear to me how the offset is calculated. For example a more simple eBPF which only prints the single character a yields the following bytecode.

Disassembly of section .bpf.fn.trace_entry:
trace_entry:
; { // Line  18
   0:	b7 01 00 00 61 0a 00 00 	r1 = 2657
; ({ char _fmt[] = "a\n"; bpf_trace_printk_(_fmt, sizeof(_fmt)); }); // Line  20
   1:	6b 1a fc ff 00 00 00 00 	*(u16 *)(r10 - 4) = r1
   2:	b7 01 00 00 00 00 00 00 	r1 = 0
   3:	73 1a fe ff 00 00 00 00 	*(u8 *)(r10 - 2) = r1
   4:	bf a1 00 00 00 00 00 00 	r1 = r10
   5:	07 01 00 00 fc ff ff ff 	r1 += -4
   6:	b7 02 00 00 03 00 00 00 	r2 = 3
   7:	85 00 00 00 06 00 00 00 	call 6
; return 0; // Line  21
   8:	b7 00 00 00 00 00 00 00 	r0 = 0
   9:	95 00 00 00 00 00 00 00 	exit

In this case instruction 0: 0xb7 stores imm in r0 and then instruction 1: 0x6b performs a stxh [dst+off], src (2 bytes) at an address -4 bytes relative to the stack pointer, yet our value is only 2 bytes wide.