Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1444315rwb; Thu, 8 Dec 2022 10:41:55 -0800 (PST) X-Google-Smtp-Source: AA0mqf463ao4BP0kTFU5pZPqeIblIgLBZaS6v5KFHF6mvE7uXj3NSeM4T3WRre3rvorpha8yvQs5 X-Received: by 2002:aa7:db4b:0:b0:46a:c6d3:a237 with SMTP id n11-20020aa7db4b000000b0046ac6d3a237mr7484952edt.132.1670524914833; Thu, 08 Dec 2022 10:41:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670524914; cv=none; d=google.com; s=arc-20160816; b=RgV8o+rW4O29pTQGUTpGUIDy580DfqZpPXvzGQ+5pnUWkybR9aLieSGgklsQRW46uh WfTZrDVVz2nkJecZtB0Wg51VT6Lkfj1x4TqtyOyB2UYA/Y1WJA6Jfe1DZ4Pe5LZKvuMr JC9GUyYMG2HSJBoXzeX/0m33Sp0Vr3f7SAzqJUiFc0G1XQtmQAkdTmO5jNqTOzwsFaHZ 9vOW+rox260x0juo6VhQngSQJ9pZXg+92KeDvFrS9CRNNZrtYacWkRHEDft9QZLZ1gX0 4lzqL1N4N2uXJ8zSuBoJUwBxCJ8SCbhmLPS2XrqH0WBkuFY1XCWhfjH4kDkovag9HHLV 4C5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=vCUy2A8QkoNgKNjTy0YPJIsFUI9pgEyDcRhSPvn8O2o=; b=odYg19vhgDS92e3fQpcLZO3T8u6dxbEW7IR7g8D7rZZOiHkoSx7ubHAdB65AW1UTPI UF9VCpXlyRSfnMXGzJYViMaHCbmhkUcAaZySmJe7jdo/9VZJjQRBoOWNrXKSEduQXxYO TdVeDDqgvBfI6PMsi/SZ2tgw6an86zKet3+TiAH4FwHybDaskhyWTKNvrux9w8yqwoer A3D/kKmSiadj5d34rLpotxB3ydo9vRCiPTAEM4G+DTw+ywPlhEmOen1tD18hR5V0EJ+e HzMuOigQZ+RQ5WKx1M64f0RyIZ98oyAu4xR3iSxu/ZQqBE2lmVmeo6pGxGN8gvKAQl8m 21kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cg2u29RT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h14-20020a50cdce000000b004618cd22f7bsi7003634edj.142.2022.12.08.10.41.35; Thu, 08 Dec 2022 10:41:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cg2u29RT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229829AbiLHRtI (ORCPT + 72 others); Thu, 8 Dec 2022 12:49:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229561AbiLHRtG (ORCPT ); Thu, 8 Dec 2022 12:49:06 -0500 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5724775BD0; Thu, 8 Dec 2022 09:49:05 -0800 (PST) Received: by mail-ej1-x62d.google.com with SMTP id t17so5846859eju.1; Thu, 08 Dec 2022 09:49:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=vCUy2A8QkoNgKNjTy0YPJIsFUI9pgEyDcRhSPvn8O2o=; b=cg2u29RTlmTya3gy6M1iGhv6QB0BoOubx4J/4evpAvd/61UfJx/iG+xSNCkLTsi556 pcjokwQ1rVw5LoYxaNKwkkEMXUydpKvv5nfbmSg+nye/CaoLn0sG7Ah4nTSoqAgNM97P 6SmLWbxoyuZOJKPICtf8M8U82s30HZMlT62mvq/PSepW39/wSU6qXU50J6Q6LFbk3JTz 5MFmRQeUNea/S5uUjENQhCd4kL+JmdAp7wGIq8DmgNHVB+zMdNJq5fZaQVqwzF7MeOpZ ZRL7DspFX3tYJ9pP7XRB0+YtxR82Rf2SV18tWCp6jRA057UA6NJNZT01KdvE0kMgWXF1 Cyog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vCUy2A8QkoNgKNjTy0YPJIsFUI9pgEyDcRhSPvn8O2o=; b=22nvpxzS++GRDgKgxc01NqX7NmNyivt4j+N5l58Gkib6dQXRl74RdvwtrDBhdv1TKa /B6OlkfmSn8YMSeCT35EMPkpI0eOnRlE4MI57PSH8T2a4Ami/Mq+AYVqREJxY2QXbuJW XL6a5ymvT56eqSAJZh/WY6s692usqESG1v/1f0V8JeJVXPOHUeKMGEKLqKCKCQ2rEMju aZpkusxiOCim8GDzb2TnWCwyiwW4vEGm9eD9MaxuqeRapzlbeK4uPPMBnICsfyrcAMiN cTi9E/WWxgtkGWxjTcl1+BTM5ifDnpGbmoia8TrdOm0/62omoiohF/c5NeDhyWV73/kC oQqA== X-Gm-Message-State: ANoB5pkzH8SJTfbRpcad0UNwPd215itEdnEdz9DozQip56XxyBatw8/Q aS7sxtLX1uGDDM8LHhEazCHYcgk8KVLod1BR1rI= X-Received: by 2002:a17:906:2ac3:b0:7ad:f2f9:2b49 with SMTP id m3-20020a1709062ac300b007adf2f92b49mr65036826eje.94.1670521743673; Thu, 08 Dec 2022 09:49:03 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Alexei Starovoitov Date: Thu, 8 Dec 2022 09:48:52 -0800 Message-ID: Subject: Re: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp To: Jiri Olsa Cc: Hao Sun , Peter Zijlstra , bpf , Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , David Miller , Jakub Kicinski , Jesper Dangaard Brouer , Linux Kernel Mailing List , netdev , Thorsten Leemhuis Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Dec 7, 2022 at 11:57 AM Alexei Starovoitov wrote: > > On Tue, Dec 6, 2022 at 7:18 AM Jiri Olsa wrote: > > > > On Tue, Dec 06, 2022 at 02:46:43PM +0800, Hao Sun wrote: > > > Hao Sun =E4=BA=8E2022=E5=B9=B412=E6=9C=886=E6= =97=A5=E5=91=A8=E4=BA=8C 11:28=E5=86=99=E9=81=93=EF=BC=9A > > > > > > > > Hi, > > > > > > > > The following crash can be triggered with the BPF prog provided. > > > > It seems the verifier passed some invalid progs. I will try to simp= lify > > > > the C reproducer, for now, the following can reproduce this: > > > > > > > > HEAD commit: ab0350c743d5 selftests/bpf: Fix conflicts with built-i= n > > > > functions in bpf_iter_ksym > > > > git tree: bpf-next > > > > console log: https://pastebin.com/raw/87RCSnCs > > > > kernel config: https://pastebin.com/raw/rZdWLcgK > > > > Syz reproducer: https://pastebin.com/raw/4kbwhdEv > > > > C reproducer: https://pastebin.com/raw/GFfDn2Gk > > > > > > > > > > Simplified C reproducer: https://pastebin.com/raw/aZgLcPvW > > > > > > Only two syscalls are required to reproduce this, seems it's an issue > > > in XDP test run. Essentially, the reproducer just loads a very simple > > > prog and tests run repeatedly and concurrently: > > > > > > r0 =3D bpf$PROG_LOAD(0x5, &(0x7f0000000640)=3D@base=3D{0x6, 0xb, > > > &(0x7f0000000500)}, 0x80) > > > bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)=3D{r0, 0x0, 0x0, 0x0, 0x= 0, > > > 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) > > > > > > Loaded prog: > > > 0: (18) r0 =3D 0x0 > > > 2: (18) r6 =3D 0x0 > > > 4: (18) r7 =3D 0x0 > > > 6: (18) r8 =3D 0x0 > > > 8: (18) r9 =3D 0x0 > > > 10: (95) exit > > > > hi, > > I can reproduce with your config.. it seems related to the > > recent static call change: > > c86df29d11df bpf: Convert BPF_DISPATCHER to use static_call() (not ft= race) > > > > I can't reproduce when I revert that commit.. Peter, any idea? > > Jiri, > > I see your tested-by tag on Peter's commit c86df29d11df. > I assume you're actually tested it, but > this syzbot oops shows that even empty bpf prog crashes, > so there is something wrong with that commit. > > What is the difference between this new kconfig and old one that > you've tested? > > I'm trying to understand the severity of the issues and > whether we need to revert that commit asap since the merge window > is about to start. Jiri, Peter, ping. cc-ing Thorsten, since he's tracking it now. The config has CONFIG_X86_KERNEL_IBT=3Dy. Is it related?