[BUG] powerpc: test_progs -t for_each faults kernel

Jiri Olsa jolsa at redhat.com
Mon Jan 3 09:07:39 AEDT 2022 

hi,
when running 'test_progs -t for_each' on powerpc we are getting
the fault below

it seems that for some reason the function callback address passed
to bpf_for_each_array_elem is wrong.. I wonder it's the powerpc
function pointers magic ;-)

it's the latest bpf-next/master, I can send .config if needed

thanks,
jirka


---
[  114.362271] kernel tried to execute user page (100000000) - exploit attempt? (uid: 0)
[  114.362284] BUG: Unable to handle kernel instruction fetch
[  114.362288] Faulting instruction address: 0x100000000
[  114.362294] Oops: Kernel access of bad area, sig: 11 [#1]
[  114.362299] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
[  114.362309] Modules linked in: bpf_testmod(OE) bonding tls rfkill pseries_rng ibmveth crct10dif_vpmsum drm fuse i2c_core drm_panel_orientation_quirks zram ip_tables ibmvscsi scsi_transport_srp vmx_crypto crc32c_vpmsum
[  114.362339] CPU: 5 PID: 935 Comm: test_progs Tainted: G           OE     5.16.0-rc7+ #3
[  114.362345] NIP:  0000000100000000 LR: c000000000378a24 CTR: 0000000100000001
[  114.362350] REGS: c000000015ef36e0 TRAP: 0400   Tainted: G           OE      (5.16.0-rc7+)
[  114.362355] MSR:  800000004280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 88008248  XER: 20040000
[  114.362371] CFAR: c000000000378a20 IRQMASK: 0 
               GPR00: c0000000003789bc c000000015ef3980 c000000002890900 c00000000cbb0200 
               GPR04: c000000015ef39ec c00000000cbb0310 c000000015ef3a48 0000000000000000 
               GPR08: 00000001fd9a0000 0000000000000003 0000000000000000 0000000000002000 
               GPR12: 0000000100000001 c00000001ecab080 0000000000000000 0000000000000000 
               GPR16: 0000000000000000 0000000000000000 0000000000000000 c000000017a48400 
               GPR20: 0000000000000001 0000000000000000 c000000015ef3ac0 c000000015ef3b7c 
               GPR24: c000000015ef3b78 c008000002e40000 c008000002e40048 c000000015ef3a48 
               GPR28: c00000000cbb0310 0000000100000001 c00000000cbb0200 0000000000000001 
[  114.362431] NIP [0000000100000000] 0x100000000
[  114.362436] LR [c000000000378a24] bpf_for_each_array_elem+0xc4/0x1c0
[  114.362443] Call Trace:
[  114.362445] [c000000015ef3980] [c0000000003789bc] bpf_for_each_array_elem+0x5c/0x1c0 (unreliable)
[  114.362454] [c000000015ef3a20] [c0080000032267dc] bpf_prog_21bfb2cd0ec79d94_F+0xac/0x98d0
[  114.362461] [c000000015ef3a90] [c000000000f54308] bpf_test_run+0x208/0x420
[  114.362469] [c000000015ef3b50] [c000000000f551b8] bpf_prog_test_run_skb+0x368/0x7a0
[  114.362478] [c000000015ef3bf0] [c00000000034bf40] __sys_bpf+0xc20/0x2e20
[  114.362486] [c000000015ef3d90] [c00000000034e1dc] sys_bpf+0x2c/0x40
[  114.362495] [c000000015ef3db0] [c00000000002d478] system_call_exception+0x188/0x360
[  114.362505] [c000000015ef3e10] [c00000000000bfe8] system_call_vectored_common+0xe8/0x278
[  114.362514] --- interrupt: 3000 at 0x7fff813dc9fc
[  114.362520] NIP:  00007fff813dc9fc LR: 0000000000000000 CTR: 0000000000000000
[  114.362526] REGS: c000000015ef3e80 TRAP: 3000   Tainted: G           OE      (5.16.0-rc7+)
[  114.362532] MSR:  800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE>  CR: 48002848  XER: 00000000
[  114.362552] IRQMASK: 0 
               GPR00: 0000000000000169 00007fffe3429c10 00007fff814e6f00 000000000000000a 
               GPR04: 00007fffe3429cb8 0000000000000090 0000000000000000 0000000000000008 
               GPR08: 000000000000000a 0000000000000000 0000000000000000 0000000000000000 
               GPR12: 0000000000000000 00007fff8164b7d0 0000000000000000 0000000000000000 
               GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
               GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 
               GPR24: 00000000101baa4c 00007fffe342a520 000000001056f5d8 00007fff8163eb68 
               GPR28: 00007fffe342a6a8 00007fffe342a4f8 0000000000000004 00007fffe3429c10 
[  114.362626] NIP [00007fff813dc9fc] 0x7fff813dc9fc
[  114.362631] LR [0000000000000000] 0x0
[  114.362636] --- interrupt: 3000
[  114.362640] Instruction dump:
[  114.362646] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX 
[  114.362661] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX 
[  114.362675] ---[ end trace c044e1b381f36402 ]---

More information about the Linuxppc-dev mailing list