From: Anton Protopopov <aspsk@isovalent.com>
To: Eduard Zingerman <eddyz87@gmail.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next 0/5] Add fd_array_cnt attribute for BPF_PROG_LOAD
Date: Sun, 17 Nov 2024 21:22:31 +0000 [thread overview]
Message-ID: <ZzpelyMaubxXqttM@eis> (raw)
In-Reply-To: <7b957bf7ab4b64a06526c533d82bcc3f982353a1.camel@gmail.com>
On 24/11/15 07:06PM, Eduard Zingerman wrote:
> On Fri, 2024-11-15 at 00:46 +0000, Anton Protopopov wrote:
> > Add a new attribute to the bpf(BPF_PROG_LOAD) system call. If this
> > new attribute is non-zero, then the fd_array is considered to be a
> > continuous array of the fd_array_cnt length and to contain only
> > proper map file descriptors, or btf file descriptors, or zeroes.
> >
> > This change allows maps, which aren't referenced directly by a BPF
> > program, to be bound to the program _and_ also to be present during
> > the program verification (so BPF_PROG_BIND_MAP is not enough for this
> > use case).
> >
> > The primary reason for this change is that it is a prerequisite for
> > adding "instruction set" maps, which are both non-referenced by the
> > program and must be present during the program verification.
> >
> > The first three commits add the new functionality, the fourth adds
> > corresponding self-tests, and the last one is a small additional fix.
>
> When I apply this series on top of [1] (there is a small merge conflict),
> I get an error message from KASAN, the message is at the end of this email.
> Probably triggered by processing of preloaded BPF programs.
Thanks for pointing to this warning. Unluckily, I can't reproduce it locally,
and neither I have a conflict (I've rebased my branch on top of the current
master, which contains [1]). Could you please tell me which environment you
were using to trigger it? Is this BPF CI?
> Also added a few nits for individual patches.
Thanks for looking! I will reply there.
> [1] fab974e64874 ("libbpf: Fix memory leak in bpf_program__attach_uprobe_multi")
>
> ---
>
> [ 1.107455] ------------[ cut here ]------------
> [ 1.107545] Trying to vfree() nonexistent vm area (000000003f161725)
> [ 1.107640] WARNING: CPU: 6 PID: 1 at mm/vmalloc.c:3345 vfree (mm/vmalloc.c:3345 (discriminator 1) mm/vmalloc.c:3326 (discriminator 1))
> [ 1.107731] Modules linked in:
> [ 1.107922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014
> [ 1.108057] RIP: 0010:vfree (mm/vmalloc.c:3345 (discriminator 1) mm/vmalloc.c:3326 (discriminator 1))
> [ 1.108123] Code: ea 03 42 80 3c 22 00 0f 85 2d 04 00 00 48 8b 38 48 85 ff 0f 85 76 ff ff ff 0f 0b 4c 89 e6 48 c7 c7 60 47 94 83 e8 5e b2 83 ff <0f> 0b 48 83 c4 60 5b 5d 41 5c 41 5d 41 5e 41 5f e9 34 f8 dd 01 89
> All code
> ========
> 0: ea (bad)
> 1: 03 42 80 add -0x80(%rdx),%eax
> 4: 3c 22 cmp $0x22,%al
> 6: 00 0f add %cl,(%rdi)
> 8: 85 2d 04 00 00 48 test %ebp,0x48000004(%rip) # 0x48000012
> e: 8b 38 mov (%rax),%edi
> 10: 48 85 ff test %rdi,%rdi
> 13: 0f 85 76 ff ff ff jne 0xffffffffffffff8f
> 19: 0f 0b ud2
> 1b: 4c 89 e6 mov %r12,%rsi
> 1e: 48 c7 c7 60 47 94 83 mov $0xffffffff83944760,%rdi
> 25: e8 5e b2 83 ff call 0xffffffffff83b288
> 2a:* 0f 0b ud2 <-- trapping instruction
> 2c: 48 83 c4 60 add $0x60,%rsp
> 30: 5b pop %rbx
> 31: 5d pop %rbp
> 32: 41 5c pop %r12
> 34: 41 5d pop %r13
> 36: 41 5e pop %r14
> 38: 41 5f pop %r15
> 3a: e9 34 f8 dd 01 jmp 0x1ddf873
> 3f: 89 .byte 0x89
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: 48 83 c4 60 add $0x60,%rsp
> 6: 5b pop %rbx
> 7: 5d pop %rbp
> 8: 41 5c pop %r12
> a: 41 5d pop %r13
> c: 41 5e pop %r14
> e: 41 5f pop %r15
> 10: e9 34 f8 dd 01 jmp 0x1ddf849
> 15: 89 .byte 0x89
> [ 1.108379] RSP: 0018:ffff88810034f368 EFLAGS: 00010296
> [ 1.108459] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
> [ 1.108576] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
> [ 1.108682] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff08dfaa4
> [ 1.108791] R10: 0000000000000003 R11: ffffffff8475a8f0 R12: ffffc900001d6000
> [ 1.108896] R13: ffff888104e5064c R14: ffffc900001d49c0 R15: 0000000000000005
> [ 1.108999] FS: 0000000000000000(0000) GS:ffff88815b300000(0000) knlGS:0000000000000000
> [ 1.109104] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1.109234] CR2: 0000000000000000 CR3: 0000000004698000 CR4: 0000000000750ef0
> [ 1.109352] PKRU: 55555554
> [ 1.109397] Call Trace:
> [ 1.109442] <TASK>
> [ 1.109489] ? __warn.cold (kernel/panic.c:748)
> [ 1.109564] ? vfree (mm/vmalloc.c:3345 (discriminator 1) mm/vmalloc.c:3326 (discriminator 1))
> [ 1.109623] ? report_bug (lib/bug.c:180 lib/bug.c:219)
> [ 1.109710] ? handle_bug (arch/x86/kernel/traps.c:285)
> [ 1.109775] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))
> [ 1.109838] ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)
> [ 1.109914] ? vfree (mm/vmalloc.c:3345 (discriminator 1) mm/vmalloc.c:3326 (discriminator 1))
> [ 1.109982] ? vfree (mm/vmalloc.c:3345 (discriminator 1) mm/vmalloc.c:3326 (discriminator 1))
> [ 1.110047] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.110128] ? kfree (mm/slub.c:4579 (discriminator 3) mm/slub.c:4727 (discriminator 3))
> [ 1.110191] ? bpf_check (kernel/bpf/verifier.c:22799 (discriminator 1))
> [ 1.110252] ? bpf_check (kernel/bpf/verifier.c:22859)
> [ 1.110317] bpf_check (kernel/bpf/verifier.c:22861)
> [ 1.110382] ? kasan_save_stack (mm/kasan/common.c:49)
> [ 1.110443] ? kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))
> [ 1.110515] ? __pfx_bpf_check (kernel/bpf/verifier.c:22606)
> [ 1.110612] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.110690] ? kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))
> [ 1.110746] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.110820] ? __kasan_kmalloc (mm/kasan/common.c:377 mm/kasan/common.c:394)
> [ 1.110885] ? bpf_prog_load (kernel/bpf/syscall.c:2947)
> [ 1.110942] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.111015] bpf_prog_load (kernel/bpf/syscall.c:2947)
> [ 1.111073] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.111163] ? __pfx_bpf_prog_load (kernel/bpf/syscall.c:2735)
> [ 1.111240] ? lock_acquire (kernel/locking/lockdep.c:5798)
> [ 1.111315] ? __pfx_bpf_check_uarg_tail_zero (kernel/bpf/syscall.c:87)
> [ 1.111401] __sys_bpf (kernel/bpf/syscall.c:5759)
> [ 1.111464] ? __pfx___sys_bpf (kernel/bpf/syscall.c:5721)
> [ 1.111522] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.111610] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.111690] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.111766] ? kern_sys_bpf (kernel/bpf/syscall.c:5909)
> [ 1.111837] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.111912] ? skel_map_update_elem.constprop.0 (./tools/lib/bpf/skel_internal.h:239)
> [ 1.111989] ? __pfx_skel_map_update_elem.constprop.0 (./tools/lib/bpf/skel_internal.h:239)
> [ 1.112089] kern_sys_bpf (kernel/bpf/syscall.c:5909)
> [ 1.112156] ? __pfx_kern_sys_bpf (kernel/bpf/syscall.c:5909)
> [ 1.112226] bpf_load_and_run.constprop.0 (./tools/lib/bpf/skel_internal.h:342)
> [ 1.112303] ? __pfx_bpf_load_and_run.constprop.0 (./tools/lib/bpf/skel_internal.h:309)
> [ 1.112402] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.112480] ? kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1))
> [ 1.112550] load (kernel/bpf/preload/bpf_preload_kern.c:46 kernel/bpf/preload/bpf_preload_kern.c:78)
> [ 1.112614] ? __pfx_load (kernel/bpf/preload/bpf_preload_kern.c:75)
> [ 1.112673] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
> [ 1.112750] ? _raw_spin_unlock_irqrestore (./include/linux/spinlock_api_smp.h:152 (discriminator 3) kernel/locking/spinlock.c:194 (discriminator 3))
> [ 1.112837] ? __pfx_crypto_kfunc_init (kernel/bpf/crypto.c:374)
> [ 1.112920] ? __pfx_load (kernel/bpf/preload/bpf_preload_kern.c:75)
> [ 1.112981] do_one_initcall (init/main.c:1269)
> [ 1.113045] ? __pfx_do_one_initcall (init/main.c:1260)
> [ 1.113131] ? __kmalloc_noprof (./include/trace/events/kmem.h:54 (discriminator 2) mm/slub.c:4265 (discriminator 2) mm/slub.c:4276 (discriminator 2))
> [ 1.113191] ? kernel_init_freeable (init/main.c:1341 init/main.c:1366 init/main.c:1580)
> [ 1.113277] kernel_init_freeable (init/main.c:1330 (discriminator 3) init/main.c:1347 (discriminator 3) init/main.c:1366 (discriminator 3) init/main.c:1580 (discriminator 3))
> [ 1.113359] ? __pfx_kernel_init (init/main.c:1461)
> [ 1.113426] kernel_init (init/main.c:1471)
> [ 1.113486] ? __pfx_kernel_init (init/main.c:1461)
> [ 1.113554] ret_from_fork (arch/x86/kernel/process.c:147)
> [ 1.113616] ? __pfx_kernel_init (init/main.c:1461)
> [ 1.113677] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
> [ 1.113752] </TASK>
> [ 1.113796] irq event stamp: 168993
> [ 1.113857] hardirqs last enabled at (169001): __up_console_sem (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:97 ./arch/x86/include/asm/irqflags.h:155 kernel/printk/printk.c:344)
> [ 1.113992] hardirqs last disabled at (169008): __up_console_sem (kernel/printk/printk.c:342 (discriminator 3))
> [ 1.114128] softirqs last enabled at (168746): irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637 kernel/softirq.c:649)
> [ 1.114264] softirqs last disabled at (168741): irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637 kernel/softirq.c:649)
> [ 1.114399] ---[ end trace 0000000000000000 ]---
>
>
prev parent reply other threads:[~2024-11-17 21:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-15 0:46 [PATCH bpf-next 0/5] Add fd_array_cnt attribute for BPF_PROG_LOAD Anton Protopopov
2024-11-15 0:46 ` [PATCH bpf-next 1/5] bpf: add a __btf_get_by_fd helper Anton Protopopov
2024-11-15 0:46 ` [PATCH bpf-next 2/5] bpf: move map/prog compatibility checks Anton Protopopov
2024-11-15 0:46 ` [PATCH bpf-next 3/5] bpf: add fd_array_cnt attribute for prog_load Anton Protopopov
2024-11-16 3:06 ` Eduard Zingerman
2024-11-17 21:24 ` Anton Protopopov
2024-11-15 0:46 ` [PATCH bpf-next 4/5] selftests/bpf: Add tests for fd_array_cnt Anton Protopopov
2024-11-16 3:06 ` Eduard Zingerman
2024-11-17 21:30 ` Anton Protopopov
2024-11-15 0:46 ` [PATCH bpf-next 5/5] bpf: fix potential error return Anton Protopopov
2024-11-16 3:06 ` [PATCH bpf-next 0/5] Add fd_array_cnt attribute for BPF_PROG_LOAD Eduard Zingerman
2024-11-17 21:22 ` Anton Protopopov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzpelyMaubxXqttM@eis \
--to=aspsk@isovalent.com \
--cc=bpf@vger.kernel.org \
--cc=eddyz87@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.