From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 601FAC4167B for ; Thu, 8 Dec 2022 17:49:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229849AbiLHRtK (ORCPT ); Thu, 8 Dec 2022 12:49:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229561AbiLHRtG (ORCPT ); Thu, 8 Dec 2022 12:49:06 -0500 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5724775BD0; Thu, 8 Dec 2022 09:49:05 -0800 (PST) Received: by mail-ej1-x62d.google.com with SMTP id t17so5846859eju.1; Thu, 08 Dec 2022 09:49:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=vCUy2A8QkoNgKNjTy0YPJIsFUI9pgEyDcRhSPvn8O2o=; b=cg2u29RTlmTya3gy6M1iGhv6QB0BoOubx4J/4evpAvd/61UfJx/iG+xSNCkLTsi556 pcjokwQ1rVw5LoYxaNKwkkEMXUydpKvv5nfbmSg+nye/CaoLn0sG7Ah4nTSoqAgNM97P 6SmLWbxoyuZOJKPICtf8M8U82s30HZMlT62mvq/PSepW39/wSU6qXU50J6Q6LFbk3JTz 5MFmRQeUNea/S5uUjENQhCd4kL+JmdAp7wGIq8DmgNHVB+zMdNJq5fZaQVqwzF7MeOpZ ZRL7DspFX3tYJ9pP7XRB0+YtxR82Rf2SV18tWCp6jRA057UA6NJNZT01KdvE0kMgWXF1 Cyog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vCUy2A8QkoNgKNjTy0YPJIsFUI9pgEyDcRhSPvn8O2o=; b=22nvpxzS++GRDgKgxc01NqX7NmNyivt4j+N5l58Gkib6dQXRl74RdvwtrDBhdv1TKa /B6OlkfmSn8YMSeCT35EMPkpI0eOnRlE4MI57PSH8T2a4Ami/Mq+AYVqREJxY2QXbuJW XL6a5ymvT56eqSAJZh/WY6s692usqESG1v/1f0V8JeJVXPOHUeKMGEKLqKCKCQ2rEMju aZpkusxiOCim8GDzb2TnWCwyiwW4vEGm9eD9MaxuqeRapzlbeK4uPPMBnICsfyrcAMiN cTi9E/WWxgtkGWxjTcl1+BTM5ifDnpGbmoia8TrdOm0/62omoiohF/c5NeDhyWV73/kC oQqA== X-Gm-Message-State: ANoB5pkzH8SJTfbRpcad0UNwPd215itEdnEdz9DozQip56XxyBatw8/Q aS7sxtLX1uGDDM8LHhEazCHYcgk8KVLod1BR1rI= X-Google-Smtp-Source: AA0mqf7awQKl5+4hcqSd2fB4clEKH9QAibbQcSEDjPR9EyxIhmJvrp39aeGPMIsj6Y3m4eHZOCxa7fT5u8q3/sJIByg= X-Received: by 2002:a17:906:2ac3:b0:7ad:f2f9:2b49 with SMTP id m3-20020a1709062ac300b007adf2f92b49mr65036826eje.94.1670521743673; Thu, 08 Dec 2022 09:49:03 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Alexei Starovoitov Date: Thu, 8 Dec 2022 09:48:52 -0800 Message-ID: Subject: Re: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp To: Jiri Olsa Cc: Hao Sun , Peter Zijlstra , bpf , Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , David Miller , Jakub Kicinski , Jesper Dangaard Brouer , Linux Kernel Mailing List , netdev , Thorsten Leemhuis Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Dec 7, 2022 at 11:57 AM Alexei Starovoitov wrote: > > On Tue, Dec 6, 2022 at 7:18 AM Jiri Olsa wrote: > > > > On Tue, Dec 06, 2022 at 02:46:43PM +0800, Hao Sun wrote: > > > Hao Sun =E4=BA=8E2022=E5=B9=B412=E6=9C=886=E6= =97=A5=E5=91=A8=E4=BA=8C 11:28=E5=86=99=E9=81=93=EF=BC=9A > > > > > > > > Hi, > > > > > > > > The following crash can be triggered with the BPF prog provided. > > > > It seems the verifier passed some invalid progs. I will try to simp= lify > > > > the C reproducer, for now, the following can reproduce this: > > > > > > > > HEAD commit: ab0350c743d5 selftests/bpf: Fix conflicts with built-i= n > > > > functions in bpf_iter_ksym > > > > git tree: bpf-next > > > > console log: https://pastebin.com/raw/87RCSnCs > > > > kernel config: https://pastebin.com/raw/rZdWLcgK > > > > Syz reproducer: https://pastebin.com/raw/4kbwhdEv > > > > C reproducer: https://pastebin.com/raw/GFfDn2Gk > > > > > > > > > > Simplified C reproducer: https://pastebin.com/raw/aZgLcPvW > > > > > > Only two syscalls are required to reproduce this, seems it's an issue > > > in XDP test run. Essentially, the reproducer just loads a very simple > > > prog and tests run repeatedly and concurrently: > > > > > > r0 =3D bpf$PROG_LOAD(0x5, &(0x7f0000000640)=3D@base=3D{0x6, 0xb, > > > &(0x7f0000000500)}, 0x80) > > > bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)=3D{r0, 0x0, 0x0, 0x0, 0x= 0, > > > 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) > > > > > > Loaded prog: > > > 0: (18) r0 =3D 0x0 > > > 2: (18) r6 =3D 0x0 > > > 4: (18) r7 =3D 0x0 > > > 6: (18) r8 =3D 0x0 > > > 8: (18) r9 =3D 0x0 > > > 10: (95) exit > > > > hi, > > I can reproduce with your config.. it seems related to the > > recent static call change: > > c86df29d11df bpf: Convert BPF_DISPATCHER to use static_call() (not ft= race) > > > > I can't reproduce when I revert that commit.. Peter, any idea? > > Jiri, > > I see your tested-by tag on Peter's commit c86df29d11df. > I assume you're actually tested it, but > this syzbot oops shows that even empty bpf prog crashes, > so there is something wrong with that commit. > > What is the difference between this new kconfig and old one that > you've tested? > > I'm trying to understand the severity of the issues and > whether we need to revert that commit asap since the merge window > is about to start. Jiri, Peter, ping. cc-ing Thorsten, since he's tracking it now. The config has CONFIG_X86_KERNEL_IBT=3Dy. Is it related?