Linux-MIPS Archive on
 help / color / Atom feed
From: Daniel Borkmann <>
To: Paul Burton <>,, Ralf Baechle <>,
	James Hogan <>,
	Hassan Naveed <>,
	Matt Redfearn <>,
	David Daney <>
Subject: Fwd: [Bug 205459] New: mips: bpf: test_bpf failures, eBPF JIT on mips32 outputs invalid 64-bit insns
Date: Sat, 9 Nov 2019 00:42:34 +0100
Message-ID: <> (raw)
In-Reply-To: <>

[ Cc MIPS folks ]

Hassan, James, Paul, others, please take a look. Thanks!

-------- Forwarded Message --------
Subject: [Bug 205459] New: mips: bpf: test_bpf failures, eBPF JIT on mips32 outputs invalid 64-bit insns
Date: Thu, 07 Nov 2019 06:41:21 +0000

             Bug ID: 205459
            Summary: mips: bpf: test_bpf failures, eBPF JIT on mips32
                     outputs invalid 64-bit insns
            Product: Networking
            Version: 2.5
     Kernel Version: 5.2.17
           Hardware: Mips32
                 OS: Linux
               Tree: Mainline
             Status: NEW
           Severity: high
           Priority: P1
          Component: Other
         Regression: No

Created attachment 285809
EXCEPTION/failures: kernel 5.2.17/mips32 (Debian 10.1)


Linux 5.2.x added an eBPF JIT for MIPS32 (yay!). Based on discussion of the
original submission ( I
expected that:

   (1) all tests from module test_bpf.ko would pass, and
   (2) any previously JITed tests (i.e. cBPF) would still be JITed.

However, I can't reproduce the above based on my testing as per the attached

Point (2) doesn't stand since the first ~30 tests are not JITed, but were
previously cBPF JITed for the most part.

As for point (1), the full test set doesn't complete, but errors out early on
with a "Reserved instruction in kernel code[#1]" error. Manually hopping
through some of the tests yields the same error for many:

   #68 ALU_MOV_K: 0x0000ffffffff0000 = 0x00000000ffffffff jited:1
   #73 ALU_ADD_X: 1 + 2 = 3 jited:1
   #74 ALU_ADD_X: 1 + 4294967294 = 4294967295 jited:1
   #75 ALU_ADD_X: 2 + 4294967294 = 0 jited:1
   #79 ALU_ADD_K: 1 + 2 = 3 jited:1
   (.. and so on ...)

Disassembling the JITed code for test #68 shows incorrect MIPS64 instructions:

   24 03 00 20     li    v1,32
   34 05 ff ff     li    a1,0xffff
   00 05 2c 38     dsll  a1,a1,0x10      <=== MIPS64 insn
   34 a5 ff ff     ori   a1,a1,0xffff
   00 05 2c 38     dsll  a1,a1,0x10      <=== MIPS64 insn
   34 06 ff ff     li    a2,0xffff
   00 06 34 38     dsll  a2,a2,0x10      <=== MIPS64 insn
   34 c6 ff ff     ori   a2,a2,0xffff

Since this was tested in the past, I'm really hoping there's a simple solution
to these problems, or else a case of "operator error". A review by someone more
knowledgeable with the MIPS32 eBPF JIT would be appreciated.

Steps to Reproduce:

   # sysctl net.core.bpf_jit_enable=1
   # modprobe test_bpf
   <Kernel log with "Reserved instruction" exception>

Affected Systems Tested:

   Debian 10.1 on QEMU/malta(mips32_be) [distro kernel 5.2.17-1~bpo10+1

Kernel Logs:

Boot log with test results up to first failure is attached.

You are receiving this mail because:
You are watching the assignee of the bug.

           reply index

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <>]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-MIPS Archive on

Archives are clonable:
	git clone --mirror linux-mips/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-mips linux-mips/ \
	public-inbox-index linux-mips

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone