From: Peter Robinson <pbrobinson@gmail.com>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
netdev@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
labbott@redhat.com
Subject: Re: [offlist] Re: Crash in netlink/sk_filter_trim_cap on ARMv7 on 4.18rc1
Date: Tue, 26 Jun 2018 13:23:04 +0100 [thread overview]
Message-ID: <CALeDE9MykqKyk5hJKn2OxZx2USW76ySm8Wxsw3eVgxa2g7PKXg@mail.gmail.com> (raw)
In-Reply-To: <CALeDE9OOrZUnaNpzkYPU30iN=4HFQaqEomjf14EO5EtcnHu8OQ@mail.gmail.com>
Hi Daniel,
>>> On 06/24/2018 11:24 AM, Peter Robinson wrote:
>>>>>> I'm seeing this netlink/sk_filter_trim_cap crash on ARMv7 across quite
>>>>>> a few ARMv7 platforms on Fedora with 4.18rc1. I've tested RPi2/RPi3
>>>>>> (doesn't happen on aarch64), AllWinner H3, BeagleBone and a few
>>>>>> others, both LPAE/normal kernels.
>>>
>>> So this is arm32 right?
>>
>> Correct.
>>
>>>>>> I'm a bit out of my depth in this part of the kernel but I'm wondering
>>>>>> if it's known, I couldn't find anything that looked obvious on a few
>>>>>> mailing lists.
>>>>>>
>>>>>> Peter
>>>>>
>>>>> Hi Peter
>>>>>
>>>>> Could you provide symbolic information ?
>>>>
>>>> I passed in through scripts/decode_stacktrace.sh is that what you were after:
>>>>
>>>> [ 8.673880] Internal error: Oops: a06 [#10] SMP ARM
>>>> [ 8.673949] ---[ end trace 049df4786ea3140a ]---
>>>> [ 8.678754] Modules linked in:
>>>> [ 8.678766] CPU: 1 PID: 206 Comm: systemd-udevd Tainted: G D
>>>> 4.18.0-0.rc1.git0.1.fc29.armv7hl+lpae #1
>>>> [ 8.678769] Hardware name: Allwinner sun8i Family
>>>> [ 8.678781] PC is at sk_filter_trim_cap ()
>>>> [ 8.678790] LR is at (null)
>>>> [ 8.709463] pc : lr : psr: 60000013 ()
>>>> [ 8.715722] sp : c996bd60 ip : 00000000 fp : 00000000
>>>> [ 8.720939] r10: ee79dc00 r9 : c12c9f80 r8 : 00000000
>>>> [ 8.726157] r7 : 00000000 r6 : 00000001 r5 : f1648000 r4 : 00000000
>>>> [ 8.732674] r3 : 00000007 r2 : 00000000 r1 : 00000000 r0 : 00000000
>>>> [ 8.739193] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
>>>> [ 8.746318] Control: 30c5387d Table: 6e7bc880 DAC: ffe75ece
>>>> [ 8.752055] Process systemd-udevd (pid: 206, stack limit = 0x(ptrval))
>>>> [ 8.758574] Stack: (0xc996bd60 to 0xc996c000)
>>>
>>> Do you have BPF JIT enabled or disabled? Does it happen with disabled?
>>
>> Enabled, I can test with it disabled, BPF configs bits are:
>> CONFIG_BPF_EVENTS=y
>> # CONFIG_BPFILTER is not set
>> CONFIG_BPF_JIT_ALWAYS_ON=y
>> CONFIG_BPF_JIT=y
>> CONFIG_BPF_STREAM_PARSER=y
>> CONFIG_BPF_SYSCALL=y
>> CONFIG_BPF=y
>> CONFIG_CGROUP_BPF=y
>> CONFIG_HAVE_EBPF_JIT=y
>> CONFIG_IPV6_SEG6_BPF=y
>> CONFIG_LWTUNNEL_BPF=y
>> # CONFIG_NBPFAXI_DMA is not set
>> CONFIG_NET_ACT_BPF=m
>> CONFIG_NET_CLS_BPF=m
>> CONFIG_NETFILTER_XT_MATCH_BPF=m
>> # CONFIG_TEST_BPF is not set
>>
>>> I can see one bug, but your stack trace seems unrelated.
>>>
>>> Anyway, could you try with this?
>>
>> Build in process.
>>
>>> diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
>>> index 6e8b716..f6a62ae 100644
>>> --- a/arch/arm/net/bpf_jit_32.c
>>> +++ b/arch/arm/net/bpf_jit_32.c
>>> @@ -1844,7 +1844,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>> /* there are 2 passes here */
>>> bpf_jit_dump(prog->len, image_size, 2, ctx.target);
>>>
>>> - set_memory_ro((unsigned long)header, header->pages);
>>> + bpf_jit_binary_lock_ro(header);
>>> prog->bpf_func = (void *)ctx.target;
>>> prog->jited = 1;
>>> prog->jited_len = image_size;
>
> So with that and the other fix there was no improvement, with those
> and the BPF JIT disabled it works, I'm not sure if the two patches
> have any effect with the JIT disabled though.
>
> Will look at the other patches shortly, there's been some other issue
> introduced between rc1 and rc2 which I have to work out before I can
> test those though.
Quick update, with linus's head as of yesterday, basically rc2 plus
davem's network fixes it works if the JIT is disabled IE:
# CONFIG_BPF_JIT_ALWAYS_ON is not set
# CONFIG_BPF_JIT is not set
If I enable it the boot breaks even worse than the errors above in
that I get no console output at all, even with earlycon, so we've gone
backwards since rc1 somehow.
I'll try the above two reverted unless you have any other suggestions.
Peter
WARNING: multiple messages have this Message-ID (diff)
From: pbrobinson@gmail.com (Peter Robinson)
To: linux-arm-kernel@lists.infradead.org
Subject: [offlist] Re: Crash in netlink/sk_filter_trim_cap on ARMv7 on 4.18rc1
Date: Tue, 26 Jun 2018 13:23:04 +0100 [thread overview]
Message-ID: <CALeDE9MykqKyk5hJKn2OxZx2USW76ySm8Wxsw3eVgxa2g7PKXg@mail.gmail.com> (raw)
In-Reply-To: <CALeDE9OOrZUnaNpzkYPU30iN=4HFQaqEomjf14EO5EtcnHu8OQ@mail.gmail.com>
Hi Daniel,
>>> On 06/24/2018 11:24 AM, Peter Robinson wrote:
>>>>>> I'm seeing this netlink/sk_filter_trim_cap crash on ARMv7 across quite
>>>>>> a few ARMv7 platforms on Fedora with 4.18rc1. I've tested RPi2/RPi3
>>>>>> (doesn't happen on aarch64), AllWinner H3, BeagleBone and a few
>>>>>> others, both LPAE/normal kernels.
>>>
>>> So this is arm32 right?
>>
>> Correct.
>>
>>>>>> I'm a bit out of my depth in this part of the kernel but I'm wondering
>>>>>> if it's known, I couldn't find anything that looked obvious on a few
>>>>>> mailing lists.
>>>>>>
>>>>>> Peter
>>>>>
>>>>> Hi Peter
>>>>>
>>>>> Could you provide symbolic information ?
>>>>
>>>> I passed in through scripts/decode_stacktrace.sh is that what you were after:
>>>>
>>>> [ 8.673880] Internal error: Oops: a06 [#10] SMP ARM
>>>> [ 8.673949] ---[ end trace 049df4786ea3140a ]---
>>>> [ 8.678754] Modules linked in:
>>>> [ 8.678766] CPU: 1 PID: 206 Comm: systemd-udevd Tainted: G D
>>>> 4.18.0-0.rc1.git0.1.fc29.armv7hl+lpae #1
>>>> [ 8.678769] Hardware name: Allwinner sun8i Family
>>>> [ 8.678781] PC is at sk_filter_trim_cap ()
>>>> [ 8.678790] LR is at (null)
>>>> [ 8.709463] pc : lr : psr: 60000013 ()
>>>> [ 8.715722] sp : c996bd60 ip : 00000000 fp : 00000000
>>>> [ 8.720939] r10: ee79dc00 r9 : c12c9f80 r8 : 00000000
>>>> [ 8.726157] r7 : 00000000 r6 : 00000001 r5 : f1648000 r4 : 00000000
>>>> [ 8.732674] r3 : 00000007 r2 : 00000000 r1 : 00000000 r0 : 00000000
>>>> [ 8.739193] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
>>>> [ 8.746318] Control: 30c5387d Table: 6e7bc880 DAC: ffe75ece
>>>> [ 8.752055] Process systemd-udevd (pid: 206, stack limit = 0x(ptrval))
>>>> [ 8.758574] Stack: (0xc996bd60 to 0xc996c000)
>>>
>>> Do you have BPF JIT enabled or disabled? Does it happen with disabled?
>>
>> Enabled, I can test with it disabled, BPF configs bits are:
>> CONFIG_BPF_EVENTS=y
>> # CONFIG_BPFILTER is not set
>> CONFIG_BPF_JIT_ALWAYS_ON=y
>> CONFIG_BPF_JIT=y
>> CONFIG_BPF_STREAM_PARSER=y
>> CONFIG_BPF_SYSCALL=y
>> CONFIG_BPF=y
>> CONFIG_CGROUP_BPF=y
>> CONFIG_HAVE_EBPF_JIT=y
>> CONFIG_IPV6_SEG6_BPF=y
>> CONFIG_LWTUNNEL_BPF=y
>> # CONFIG_NBPFAXI_DMA is not set
>> CONFIG_NET_ACT_BPF=m
>> CONFIG_NET_CLS_BPF=m
>> CONFIG_NETFILTER_XT_MATCH_BPF=m
>> # CONFIG_TEST_BPF is not set
>>
>>> I can see one bug, but your stack trace seems unrelated.
>>>
>>> Anyway, could you try with this?
>>
>> Build in process.
>>
>>> diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
>>> index 6e8b716..f6a62ae 100644
>>> --- a/arch/arm/net/bpf_jit_32.c
>>> +++ b/arch/arm/net/bpf_jit_32.c
>>> @@ -1844,7 +1844,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>>> /* there are 2 passes here */
>>> bpf_jit_dump(prog->len, image_size, 2, ctx.target);
>>>
>>> - set_memory_ro((unsigned long)header, header->pages);
>>> + bpf_jit_binary_lock_ro(header);
>>> prog->bpf_func = (void *)ctx.target;
>>> prog->jited = 1;
>>> prog->jited_len = image_size;
>
> So with that and the other fix there was no improvement, with those
> and the BPF JIT disabled it works, I'm not sure if the two patches
> have any effect with the JIT disabled though.
>
> Will look at the other patches shortly, there's been some other issue
> introduced between rc1 and rc2 which I have to work out before I can
> test those though.
Quick update, with linus's head as of yesterday, basically rc2 plus
davem's network fixes it works if the JIT is disabled IE:
# CONFIG_BPF_JIT_ALWAYS_ON is not set
# CONFIG_BPF_JIT is not set
If I enable it the boot breaks even worse than the errors above in
that I get no console output at all, even with earlycon, so we've gone
backwards since rc1 somehow.
I'll try the above two reverted unless you have any other suggestions.
Peter
next prev parent reply other threads:[~2018-06-26 12:23 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-22 11:19 Crash in netlink/sk_filter_trim_cap on ARMv7 on 4.18rc1 Peter Robinson
2018-06-22 11:19 ` Peter Robinson
2018-06-22 12:55 ` Eric Dumazet
2018-06-22 12:55 ` Eric Dumazet
2018-06-24 9:24 ` Peter Robinson
2018-06-24 9:24 ` Peter Robinson
2018-06-25 8:48 ` Daniel Borkmann
2018-06-25 8:48 ` Daniel Borkmann
2018-06-25 12:03 ` Peter Robinson
2018-06-25 12:03 ` Peter Robinson
[not found] ` <ad98d60c-bd60-b495-c4bd-507fc29c8bcd@iogearbox.net>
[not found] ` <CALeDE9PBZWJBp8KB0mB4zoNXqscmzxWzz+LnuqRA-z4t1e9T8g@mail.gmail.com>
2018-06-25 16:41 ` [offlist] " Peter Robinson
2018-06-25 16:41 ` Peter Robinson
2018-06-26 12:23 ` Peter Robinson [this message]
2018-06-26 12:23 ` Peter Robinson
2018-06-26 12:52 ` Daniel Borkmann
2018-06-26 12:52 ` Daniel Borkmann
2018-07-04 7:33 ` Peter Robinson
2018-07-04 7:33 ` Peter Robinson
2018-07-04 23:10 ` Daniel Borkmann
2018-07-04 23:10 ` Daniel Borkmann
2018-07-04 23:41 ` Russell King - ARM Linux
2018-07-04 23:41 ` Russell King - ARM Linux
2018-07-05 7:31 ` Russell King - ARM Linux
2018-07-05 7:31 ` Russell King - ARM Linux
2018-07-05 7:46 ` Daniel Borkmann
2018-07-05 7:46 ` Daniel Borkmann
2018-08-16 20:35 ` Marc Haber
2018-08-16 20:35 ` Marc Haber
2018-08-16 22:58 ` Russell King - ARM Linux
2018-08-16 22:58 ` Russell King - ARM Linux
2018-08-17 12:25 ` Peter Robinson
2018-08-17 12:25 ` Peter Robinson
2018-08-17 12:40 ` Daniel Borkmann
2018-08-17 12:40 ` Daniel Borkmann
2018-08-17 14:32 ` Peter Robinson
2018-08-17 14:32 ` Peter Robinson
2018-08-17 16:17 ` Russell King - ARM Linux
2018-08-17 16:17 ` Russell King - ARM Linux
2018-08-17 18:30 ` Daniel Borkmann
2018-08-17 18:30 ` Daniel Borkmann
2018-08-17 18:51 ` Stefan Wahren
2018-08-17 18:51 ` Stefan Wahren
2018-08-17 21:15 ` Peter Robinson
2018-08-17 21:15 ` Peter Robinson
2018-08-17 21:13 ` Peter Robinson
2018-08-17 21:13 ` Peter Robinson
2018-08-17 22:06 ` Daniel Borkmann
2018-08-17 22:06 ` Daniel Borkmann
2018-08-17 21:12 ` Peter Robinson
2018-08-17 21:12 ` Peter Robinson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CALeDE9MykqKyk5hJKn2OxZx2USW76ySm8Wxsw3eVgxa2g7PKXg@mail.gmail.com \
--to=pbrobinson@gmail.com \
--cc=daniel@iogearbox.net \
--cc=eric.dumazet@gmail.com \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.