tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: ca4bbdaf171604841f77648a2877e2e43db69b71 commit: eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b bpf: Introduce bpf_per_cpu_ptr() date: 10 weeks ago config: mips-randconfig-r026-20201209 (attached as .config) compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project 1968804ac726e7674d5de22bc2204b45857da344) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install mips cross compiling tool for clang build # apt-get install binutils-mips-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot All warnings (new ones prefixed by >>): >> kernel/bpf/verifier.c:9689:12: warning: stack frame size of 1080 bytes in function 'resolve_pseudo_ldimm64' [-Wframe-larger-than=] static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env) ^ kernel/bpf/verifier.c:10747:12: warning: stack frame size of 1104 bytes in function 'fixup_bpf_calls' [-Wframe-larger-than=] static int fixup_bpf_calls(struct bpf_verifier_env *env) ^ kernel/bpf/verifier.c:9163:12: warning: stack frame size of 3032 bytes in function 'do_check' [-Wframe-larger-than=] static int do_check(struct bpf_verifier_env *env) ^ 3 warnings generated. vim +/resolve_pseudo_ldimm64 +9689 kernel/bpf/verifier.c b741f1630346de Roman Gushchin 2018-09-28 9681 4976b718c3551f Hao Luo 2020-09-29 9682 /* find and rewrite pseudo imm in ld_imm64 instructions: 4976b718c3551f Hao Luo 2020-09-29 9683 * 4976b718c3551f Hao Luo 2020-09-29 9684 * 1. if it accesses map FD, replace it with actual map pointer. 4976b718c3551f Hao Luo 2020-09-29 9685 * 2. if it accesses btf_id of a VAR, replace it with pointer to the var. 4976b718c3551f Hao Luo 2020-09-29 9686 * 4976b718c3551f Hao Luo 2020-09-29 9687 * NOTE: btf_vmlinux is required for converting pseudo btf_id. 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9688 */ 4976b718c3551f Hao Luo 2020-09-29 @9689 static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env) 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9690 { 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9691 struct bpf_insn *insn = env->prog->insnsi; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9692 int insn_cnt = env->prog->len; fdc15d388d600d Alexei Starovoitov 2016-09-01 9693 int i, j, err; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9694 f1f7714ea51c56 Daniel Borkmann 2017-01-13 9695 err = bpf_prog_calc_tag(env->prog); aafe6ae9cee32d Daniel Borkmann 2016-12-18 9696 if (err) aafe6ae9cee32d Daniel Borkmann 2016-12-18 9697 return err; aafe6ae9cee32d Daniel Borkmann 2016-12-18 9698 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9699 for (i = 0; i < insn_cnt; i++, insn++) { 9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9700 if (BPF_CLASS(insn->code) == BPF_LDX && d691f9e8d4405c Alexei Starovoitov 2015-06-04 9701 (BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) { 61bd5218eef349 Jakub Kicinski 2017-10-09 9702 verbose(env, "BPF_LDX uses reserved fields\n"); 9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9703 return -EINVAL; 9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9704 } 9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9705 d691f9e8d4405c Alexei Starovoitov 2015-06-04 9706 if (BPF_CLASS(insn->code) == BPF_STX && d691f9e8d4405c Alexei Starovoitov 2015-06-04 9707 ((BPF_MODE(insn->code) != BPF_MEM && d691f9e8d4405c Alexei Starovoitov 2015-06-04 9708 BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) { 61bd5218eef349 Jakub Kicinski 2017-10-09 9709 verbose(env, "BPF_STX uses reserved fields\n"); d691f9e8d4405c Alexei Starovoitov 2015-06-04 9710 return -EINVAL; d691f9e8d4405c Alexei Starovoitov 2015-06-04 9711 } d691f9e8d4405c Alexei Starovoitov 2015-06-04 9712 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9713 if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW)) { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9714 struct bpf_insn_aux_data *aux; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9715 struct bpf_map *map; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9716 struct fd f; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9717 u64 addr; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9718 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9719 if (i == insn_cnt - 1 || insn[1].code != 0 || 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9720 insn[1].dst_reg != 0 || insn[1].src_reg != 0 || 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9721 insn[1].off != 0) { 61bd5218eef349 Jakub Kicinski 2017-10-09 9722 verbose(env, "invalid bpf_ld_imm64 insn\n"); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9723 return -EINVAL; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9724 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9725 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9726 if (insn[0].src_reg == 0) 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9727 /* valid generic load 64-bit imm */ 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9728 goto next_insn; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9729 4976b718c3551f Hao Luo 2020-09-29 9730 if (insn[0].src_reg == BPF_PSEUDO_BTF_ID) { 4976b718c3551f Hao Luo 2020-09-29 9731 aux = &env->insn_aux_data[i]; 4976b718c3551f Hao Luo 2020-09-29 9732 err = check_pseudo_btf_id(env, insn, aux); 4976b718c3551f Hao Luo 2020-09-29 9733 if (err) 4976b718c3551f Hao Luo 2020-09-29 9734 return err; 4976b718c3551f Hao Luo 2020-09-29 9735 goto next_insn; 4976b718c3551f Hao Luo 2020-09-29 9736 } 4976b718c3551f Hao Luo 2020-09-29 9737 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9738 /* In final convert_pseudo_ld_imm64() step, this is d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9739 * converted into regular 64-bit imm load insn. d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9740 */ d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9741 if ((insn[0].src_reg != BPF_PSEUDO_MAP_FD && d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9742 insn[0].src_reg != BPF_PSEUDO_MAP_VALUE) || d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9743 (insn[0].src_reg == BPF_PSEUDO_MAP_FD && d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9744 insn[1].imm != 0)) { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9745 verbose(env, d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9746 "unrecognized bpf_ld_imm64 insn\n"); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9747 return -EINVAL; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9748 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9749 20182390c41344 Daniel Borkmann 2019-03-04 9750 f = fdget(insn[0].imm); c210129760a010 Daniel Borkmann 2015-10-29 9751 map = __bpf_map_get(f); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9752 if (IS_ERR(map)) { 61bd5218eef349 Jakub Kicinski 2017-10-09 9753 verbose(env, "fd %d is not pointing to valid bpf_map\n", 20182390c41344 Daniel Borkmann 2019-03-04 9754 insn[0].imm); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9755 return PTR_ERR(map); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9756 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9757 61bd5218eef349 Jakub Kicinski 2017-10-09 9758 err = check_map_prog_compatibility(env, map, env->prog); fdc15d388d600d Alexei Starovoitov 2016-09-01 9759 if (err) { fdc15d388d600d Alexei Starovoitov 2016-09-01 9760 fdput(f); fdc15d388d600d Alexei Starovoitov 2016-09-01 9761 return err; fdc15d388d600d Alexei Starovoitov 2016-09-01 9762 } fdc15d388d600d Alexei Starovoitov 2016-09-01 9763 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9764 aux = &env->insn_aux_data[i]; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9765 if (insn->src_reg == BPF_PSEUDO_MAP_FD) { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9766 addr = (unsigned long)map; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9767 } else { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9768 u32 off = insn[1].imm; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9769 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9770 if (off >= BPF_MAX_VAR_OFF) { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9771 verbose(env, "direct value offset of %u is not allowed\n", off); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9772 fdput(f); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9773 return -EINVAL; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9774 } d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9775 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9776 if (!map->ops->map_direct_value_addr) { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9777 verbose(env, "no direct value access support for this map type\n"); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9778 fdput(f); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9779 return -EINVAL; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9780 } d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9781 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9782 err = map->ops->map_direct_value_addr(map, &addr, off); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9783 if (err) { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9784 verbose(env, "invalid access to map value pointer, value_size=%u off=%u\n", d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9785 map->value_size, off); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9786 fdput(f); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9787 return err; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9788 } d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9789 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9790 aux->map_off = off; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9791 addr += off; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9792 } d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9793 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9794 insn[0].imm = (u32)addr; d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9795 insn[1].imm = addr >> 32; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9796 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9797 /* check whether we recorded this map already */ d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9798 for (j = 0; j < env->used_map_cnt; j++) { 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9799 if (env->used_maps[j] == map) { d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9800 aux->map_index = j; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9801 fdput(f); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9802 goto next_insn; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9803 } d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9804 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9805 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9806 if (env->used_map_cnt >= MAX_USED_MAPS) { 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9807 fdput(f); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9808 return -E2BIG; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9809 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9810 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9811 /* hold the map. If the program is rejected by verifier, 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9812 * the map will be released by release_maps() or it 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9813 * will be used by the valid program until it's unloaded ab7f5bf0928be2 Jakub Kicinski 2018-05-03 9814 * and all maps are released in free_used_maps() 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9815 */ 1e0bd5a091e5d9 Andrii Nakryiko 2019-11-17 9816 bpf_map_inc(map); d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9817 d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9818 aux->map_index = env->used_map_cnt; 92117d8443bc5a Alexei Starovoitov 2016-04-27 9819 env->used_maps[env->used_map_cnt++] = map; 92117d8443bc5a Alexei Starovoitov 2016-04-27 9820 b741f1630346de Roman Gushchin 2018-09-28 9821 if (bpf_map_is_cgroup_storage(map) && e47304232b3733 Daniel Borkmann 2019-12-17 9822 bpf_cgroup_storage_assign(env->prog->aux, map)) { b741f1630346de Roman Gushchin 2018-09-28 9823 verbose(env, "only one cgroup storage of each type is allowed\n"); de9cbbaadba5ad Roman Gushchin 2018-08-02 9824 fdput(f); de9cbbaadba5ad Roman Gushchin 2018-08-02 9825 return -EBUSY; de9cbbaadba5ad Roman Gushchin 2018-08-02 9826 } de9cbbaadba5ad Roman Gushchin 2018-08-02 9827 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9828 fdput(f); 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9829 next_insn: 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9830 insn++; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9831 i++; 5e581dad4fec0e Daniel Borkmann 2018-01-26 9832 continue; 5e581dad4fec0e Daniel Borkmann 2018-01-26 9833 } 5e581dad4fec0e Daniel Borkmann 2018-01-26 9834 5e581dad4fec0e Daniel Borkmann 2018-01-26 9835 /* Basic sanity check before we invest more work here. */ 5e581dad4fec0e Daniel Borkmann 2018-01-26 9836 if (!bpf_opcode_in_insntable(insn->code)) { 5e581dad4fec0e Daniel Borkmann 2018-01-26 9837 verbose(env, "unknown opcode %02x\n", insn->code); 5e581dad4fec0e Daniel Borkmann 2018-01-26 9838 return -EINVAL; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9839 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9840 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9841 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9842 /* now all pseudo BPF_LD_IMM64 instructions load valid 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9843 * 'struct bpf_map *' into a register instead of user map_fd. 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9844 * These pointers will be used later by verifier to validate map access. 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9845 */ 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9846 return 0; 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9847 } 0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9848 :::::: The code at line 9689 was first introduced by commit :::::: 4976b718c3551faba2c0616ef55ebeb74db1c5ca bpf: Introduce pseudo_btf_id :::::: TO: Hao Luo :::::: CC: Alexei Starovoitov --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org