[PATCH v2 bpf] bpf/arena: fix softlockup in arena_map

BPF List
 help / color / mirror / Atom feed

* [PATCH v2 bpf] bpf/arena: fix softlockup in arena_map_free on 64k page kernel
@ 2025-02-05 17:00 Alan Maguire
  2025-02-06 11:50 ` patchwork-bot+netdevbpf
  0 siblings, 1 reply; 2+ messages in thread
From: Alan Maguire @ 2025-02-05 17:00 UTC (permalink / raw)
  To: ast
  Cc: daniel, andrii, martin.lau, eddyz87, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bpf, Alan Maguire,
	Colm Harrington

On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y (64k pages),
arena_htab tests cause a segmentation fault and soft lockup.

$ sudo ./test_progs -t arena_htab
Caught signal #11!
Stack trace:
./test_progs(crash_handler+0x1c)[0x7bd4d8]
linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb34a0968]
./test_progs[0x420f74]
./test_progs(htab_lookup_elem+0x3c)[0x421090]
./test_progs[0x421320]
./test_progs[0x421bb8]
./test_progs(test_arena_htab+0x40)[0x421c14]
./test_progs[0x7bda84]
./test_progs(main+0x65c)[0x7bf670]
/usr/lib64/libc.so.6(+0x2caa0)[0xffffb31ecaa0]
/usr/lib64/libc.so.6(__libc_start_main+0x98)[0xffffb31ecb78]
./test_progs(_start+0x30)[0x41b4f0]

Message from syslogd@bpfol9aarch64 at Feb  4 08:50:09 ...
 kernel:watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/u8:4:7589]

The same failure is not observed with 4k pages on aarch64.

Investigating further, it turns out arena_map_free() was calling
apply_to_existing_page_range() with the address returned by
bpf_arena_get_kern_vm_start().  If this address is not page-aligned -
as is the case for a 64k page kernel - we wind up calling apply_to_pte_range()
with that unaligned address.  The problem is apply_to_pte_range() implicitly
assumes that the addr passed in is page-aligned, specifically in this loop:

		do {
                        if (create || !pte_none(ptep_get(pte))) {
                                err = fn(pte++, addr, data);
                                if (err)
                                        break;
                        }
                } while (addr += PAGE_SIZE, addr != end);

If addr is _not_ page-aligned, it will never equal end exactly.

One solution is to round up GUARD_SZ to PAGE_SIZE << 1 so that the
division by 2 in bpf_arena_get_kern_vm_start() returns a page-aligned
value.  With that change in place, the test passes:

$ sudo ./test_progs -t arena_htab
Summary: 1/1 PASSED, 1 SKIPPED, 0 FAILED

Fixes: 317460317a02 ("bpf: Introduce bpf_arena.")
Reported-by: Colm Harrington <colm.harrington@oracle.com>
Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
---
 kernel/bpf/arena.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/arena.c b/kernel/bpf/arena.c
index 870aeb51d70a..095a9554e1de 100644
--- a/kernel/bpf/arena.c
+++ b/kernel/bpf/arena.c
@@ -39,7 +39,7 @@
  */

 /* number of bytes addressable by LDX/STX insn with 16-bit 'off' field */
-#define GUARD_SZ (1ull << sizeof_field(struct bpf_insn, off) * 8)
+#define GUARD_SZ round_up(1ull << sizeof_field(struct bpf_insn, off) * 8, PAGE_SIZE << 1)
 #define KERN_VM_SZ (SZ_4G + GUARD_SZ)

 struct bpf_arena {
-- 
2.43.5

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v2 bpf] bpf/arena: fix softlockup in arena_map_free on 64k page kernel
  2025-02-05 17:00 [PATCH v2 bpf] bpf/arena: fix softlockup in arena_map_free on 64k page kernel Alan Maguire
@ 2025-02-06 11:50 ` patchwork-bot+netdevbpf
  0 siblings, 0 replies; 2+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-02-06 11:50 UTC (permalink / raw)
  To: Alan Maguire
  Cc: ast, daniel, andrii, martin.lau, eddyz87, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bpf, colm.harrington

Hello:

This patch was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Wed,  5 Feb 2025 17:00:59 +0000 you wrote:
> On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y (64k pages),
> arena_htab tests cause a segmentation fault and soft lockup.
> 
> $ sudo ./test_progs -t arena_htab
> Caught signal #11!
> Stack trace:
> ./test_progs(crash_handler+0x1c)[0x7bd4d8]
> linux-vdso.so.1(__kernel_rt_sigreturn+0x0)[0xffffb34a0968]
> ./test_progs[0x420f74]
> ./test_progs(htab_lookup_elem+0x3c)[0x421090]
> ./test_progs[0x421320]
> ./test_progs[0x421bb8]
> ./test_progs(test_arena_htab+0x40)[0x421c14]
> ./test_progs[0x7bda84]
> ./test_progs(main+0x65c)[0x7bf670]
> /usr/lib64/libc.so.6(+0x2caa0)[0xffffb31ecaa0]
> /usr/lib64/libc.so.6(__libc_start_main+0x98)[0xffffb31ecb78]
> ./test_progs(_start+0x30)[0x41b4f0]
> 
> [...]

Here is the summary with links:
  - [v2,bpf] bpf/arena: fix softlockup in arena_map_free on 64k page kernel
    https://git.kernel.org/bpf/bpf/c/517e8a7835e8

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-02-06 11:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-05 17:00 [PATCH v2 bpf] bpf/arena: fix softlockup in arena_map_free on 64k page kernel Alan Maguire
2025-02-06 11:50 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox