All of lore.kernel.org
 help / color / mirror / Atom feed
From: Puranjay Mohan <puranjay@kernel.org>
To: Manu Bretelle <chantra@meta.com>,
	Daniel Borkmann <daniel@iogearbox.net>,
	KP Singh <kpsingh@kernel.org>
Cc: Andrii Nakryiko <andrii@kernel.org>,
	Eduard Zingerman <eddyz87@gmail.com>,
	Mykola Lysenko <mykolal@meta.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Song Liu <song@kernel.org>,
	Yonghong Song <yonghong.song@linux.dev>,
	"John Fastabend" <john.fastabend@gmail.com>,
	Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>, Shuah Khan <shuah@kernel.org>,
	"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
	"linux-kselftest@vger.kernel.org"
	<linux-kselftest@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Florent Revest <revest@google.com>
Subject: Re: [PATCH bpf] selftests/bpf: DENYLIST.aarch64: Remove fexit_sleep
Date: Thu, 11 Jul 2024 14:00:26 +0000	[thread overview]
Message-ID: <mb61p5xtcyqo5.fsf@kernel.org> (raw)
In-Reply-To: <SJ0PR15MB461564D3F7E7A763498CA6A8CBDB2@SJ0PR15MB4615.namprd15.prod.outlook.com>

[-- Attachment #1: Type: text/plain, Size: 1021 bytes --]


Hi,
I was able find the root cause of this bug and will send a fix soon!

> Unable to handle kernel paging request at virtual address ffff0000c2a80e68

We are running this test on Qemu with '-cpu max', this means 52-bit
virtual addresses are being used.

The trampolines generation code has the following two lines:

		emit_addr_mov_i64(A64_R(0), (const u64)im, ctx);
		emit_call((const u64)__bpf_tramp_enter, ctx);

here the address of struct bpf_tramp_image is moved to R0 and passed as
an argument to __bpf_tramp_enter().

emit_addr_mov_i64() assumes that the address passed to it is in the
vmalloc space and uses at most 48 bits. It sets all the remaining bits
to 1.

but struct bpf_tramp_image is allocated using kzalloc() and when 52-bit
VAs are used, its address is not guaranteed to be 48-bit, therefore we
see this bug, where  0xfff[0]0000c2a80e68 is converted to
0xfff[f]0000c2a80e68 when the trampoline is generated.

The fix would be use emit_a64_mov_i64() for moving this address into R0.

Thanks,
Puranjay

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 255 bytes --]

  parent reply	other threads:[~2024-07-11 14:00 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-05 14:50 [PATCH bpf] selftests/bpf: DENYLIST.aarch64: Remove fexit_sleep Puranjay Mohan
2024-07-08 14:52 ` Daniel Borkmann
2024-07-08 15:00   ` Puranjay Mohan
2024-07-08 15:26     ` KP Singh
2024-07-08 15:29       ` Daniel Borkmann
2024-07-08 15:31         ` Florent Revest
2024-07-08 15:35         ` Puranjay Mohan
2024-07-08 16:09           ` Daniel Borkmann
2024-07-08 16:42             ` KP Singh
2024-07-09 17:44               ` Daniel Borkmann
2024-07-09 19:06                 ` Manu Bretelle
2024-07-10  7:18                   ` Puranjay Mohan
2024-07-11 14:00                   ` Puranjay Mohan [this message]
2024-07-11 15:55                     ` Daniel Borkmann
2024-07-12 13:50                     ` Daniel Borkmann
2024-07-12 16:07                       ` Alexei Starovoitov
2024-07-12 16:19                         ` Daniel Borkmann
2024-07-15 16:31                       ` Puranjay Mohan
2024-07-15 17:07                         ` Alexei Starovoitov
2024-07-15 17:32                           ` Puranjay Mohan
2024-07-12 17:27                     ` Manu Bretelle
2024-07-12 18:08                       ` Puranjay Mohan
2024-07-12 19:59                         ` Manu Bretelle
2024-07-08 20:30 ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=mb61p5xtcyqo5.fsf@kernel.org \
    --to=puranjay@kernel.org \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=chantra@meta.com \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mykolal@meta.com \
    --cc=revest@google.com \
    --cc=sdf@google.com \
    --cc=shuah@kernel.org \
    --cc=song@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.