[PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
@ 2025-12-19 14:29 Menglong Dong
  2025-12-19 20:10 ` patchwork-bot+netdevbpf
                   ` (4 more replies)
  0 siblings, 5 replies; 8+ messages in thread
From: Menglong Dong @ 2025-12-19 14:29 UTC (permalink / raw)
  To: ast, schwab
  Cc: daniel, andrii, martin.lau, eddyz87, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bjorn, pulehui,
	puranjay, pjw, palmer, aou, alex, bpf, linux-riscv, linux-kernel

The usage of BPF_TRAMP_F_ORIG_STACK in __arch_prepare_bpf_trampoline() is
wrong, and it should be BPF_TRAMP_F_CALL_ORIG, which caused crash as
Andreas reported:

  Insufficient stack space to handle exception!
  Task stack:     [0xff20000000010000..0xff20000000014000]
  Overflow stack: [0xff600000ffdad070..0xff600000ffdae070]
  CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
  Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
  epc : copy_from_kernel_nofault+0xa/0x198
   ra : bpf_probe_read_kernel+0x20/0x60
  epc : ffffffff802b732a ra : ffffffff801e6070 sp : ff2000000000ffe0
   gp : ffffffff82262ed0 tp : 0000000000000000 t0 : ffffffff80022320
   t1 : ffffffff801e6056 t2 : 0000000000000000 s0 : ff20000000010040
   s1 : 0000000000000008 a0 : ff20000000010050 a1 : ff60000083b3d320
   a2 : 0000000000000008 a3 : 0000000000000097 a4 : 0000000000000000
   a5 : 0000000000000000 a6 : 0000000000000021 a7 : 0000000000000003
   s2 : ff20000000010050 s3 : ff6000008459fc18 s4 : ff60000083b3d340
   s5 : ff20000000010060 s6 : 0000000000000000 s7 : ff20000000013aa8
   s8 : 0000000000000000 s9 : 0000000000008000 s10: 000000000058dcb0
   s11: 000000000058dca7 t3 : 000000006925116d t4 : ff6000008090f026
   t5 : 00007fff9b0cbaa8 t6 : 0000000000000016
  status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000005
  Kernel panic - not syncing: Kernel stack overflow
  CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
  Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
  Call Trace:
  [<ffffffff8001a1f8>] dump_backtrace+0x28/0x38
  [<ffffffff80002502>] show_stack+0x3a/0x50
  [<ffffffff800122be>] dump_stack_lvl+0x56/0x80
  [<ffffffff80012300>] dump_stack+0x18/0x22
  [<ffffffff80002abe>] vpanic+0xf6/0x328
  [<ffffffff80002d2e>] panic+0x3e/0x40
  [<ffffffff80019ef0>] handle_bad_stack+0x98/0xa0
  [<ffffffff801e6070>] bpf_probe_read_kernel+0x20/0x60

Just fix it.

Fixes: 47c9214dcbea ("bpf: fix the usage of BPF_TRAMP_F_SKIP_FRAME")
Reported-by: Andreas Schwab <schwab@linux-m68k.org>
Closes: https://lore.kernel.org/bpf/874ipnkfvt.fsf@igel.home/
Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn>
---
v2:
- merge the code
---
 arch/riscv/net/bpf_jit_comp64.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
index 5f9457e910e8..37888abee70c 100644
--- a/arch/riscv/net/bpf_jit_comp64.c
+++ b/arch/riscv/net/bpf_jit_comp64.c
@@ -1133,10 +1133,6 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
 
 	store_args(nr_arg_slots, args_off, ctx);
 
-	/* skip to actual body of traced function */
-	if (flags & BPF_TRAMP_F_ORIG_STACK)
-		orig_call += RV_FENTRY_NINSNS * 4;
-
 	if (flags & BPF_TRAMP_F_CALL_ORIG) {
 		emit_imm(RV_REG_A0, ctx->insns ? (const s64)im : RV_MAX_COUNT_IMM, ctx);
 		ret = emit_call((const u64)__bpf_tramp_enter, true, ctx);
@@ -1171,6 +1167,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
 	}
 
 	if (flags & BPF_TRAMP_F_CALL_ORIG) {
+		/* skip to actual body of traced function */
+		orig_call += RV_FENTRY_NINSNS * 4;
 		restore_args(min_t(int, nr_arg_slots, RV_MAX_REG_ARGS), args_off, ctx);
 		restore_stack_args(nr_arg_slots - RV_MAX_REG_ARGS, args_off, stk_arg_off, ctx);
 		ret = emit_call((const u64)orig_call, true, ctx);
-- 
2.52.0


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
  2025-12-19 14:29 [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK Menglong Dong
@ 2025-12-19 20:10 ` patchwork-bot+netdevbpf
  2025-12-20  2:59 ` Pu Lehui
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 8+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-12-19 20:10 UTC (permalink / raw)
  To: Menglong Dong
  Cc: ast, schwab, daniel, andrii, martin.lau, eddyz87, song,
	yonghong.song, john.fastabend, kpsingh, sdf, haoluo, jolsa, bjorn,
	pulehui, puranjay, pjw, palmer, aou, alex, bpf, linux-riscv,
	linux-kernel

Hello:

This patch was applied to bpf/bpf.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Fri, 19 Dec 2025 22:29:48 +0800 you wrote:
> The usage of BPF_TRAMP_F_ORIG_STACK in __arch_prepare_bpf_trampoline() is
> wrong, and it should be BPF_TRAMP_F_CALL_ORIG, which caused crash as
> Andreas reported:
> 
>   Insufficient stack space to handle exception!
>   Task stack:     [0xff20000000010000..0xff20000000014000]
>   Overflow stack: [0xff600000ffdad070..0xff600000ffdae070]
>   CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>   Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>   epc : copy_from_kernel_nofault+0xa/0x198
>    ra : bpf_probe_read_kernel+0x20/0x60
>   epc : ffffffff802b732a ra : ffffffff801e6070 sp : ff2000000000ffe0
>    gp : ffffffff82262ed0 tp : 0000000000000000 t0 : ffffffff80022320
>    t1 : ffffffff801e6056 t2 : 0000000000000000 s0 : ff20000000010040
>    s1 : 0000000000000008 a0 : ff20000000010050 a1 : ff60000083b3d320
>    a2 : 0000000000000008 a3 : 0000000000000097 a4 : 0000000000000000
>    a5 : 0000000000000000 a6 : 0000000000000021 a7 : 0000000000000003
>    s2 : ff20000000010050 s3 : ff6000008459fc18 s4 : ff60000083b3d340
>    s5 : ff20000000010060 s6 : 0000000000000000 s7 : ff20000000013aa8
>    s8 : 0000000000000000 s9 : 0000000000008000 s10: 000000000058dcb0
>    s11: 000000000058dca7 t3 : 000000006925116d t4 : ff6000008090f026
>    t5 : 00007fff9b0cbaa8 t6 : 0000000000000016
>   status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000005
>   Kernel panic - not syncing: Kernel stack overflow
>   CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>   Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>   Call Trace:
>   [<ffffffff8001a1f8>] dump_backtrace+0x28/0x38
>   [<ffffffff80002502>] show_stack+0x3a/0x50
>   [<ffffffff800122be>] dump_stack_lvl+0x56/0x80
>   [<ffffffff80012300>] dump_stack+0x18/0x22
>   [<ffffffff80002abe>] vpanic+0xf6/0x328
>   [<ffffffff80002d2e>] panic+0x3e/0x40
>   [<ffffffff80019ef0>] handle_bad_stack+0x98/0xa0
>   [<ffffffff801e6070>] bpf_probe_read_kernel+0x20/0x60
> 
> [...]

Here is the summary with links:
  - [bpf,v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
    https://git.kernel.org/bpf/bpf/c/22cc16c04b78

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
  2025-12-19 14:29 [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK Menglong Dong
  2025-12-19 20:10 ` patchwork-bot+netdevbpf
@ 2025-12-20  2:59 ` Pu Lehui
  2025-12-20  7:33   ` Menglong Dong
  2026-01-12 10:47 ` Andreas Schwab
                   ` (2 subsequent siblings)
  4 siblings, 1 reply; 8+ messages in thread
From: Pu Lehui @ 2025-12-20  2:59 UTC (permalink / raw)
  To: Menglong Dong, ast, schwab
  Cc: daniel, andrii, martin.lau, eddyz87, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bjorn, puranjay, pjw,
	palmer, aou, alex, bpf, linux-riscv, linux-kernel



On 2025/12/19 22:29, Menglong Dong wrote:
> The usage of BPF_TRAMP_F_ORIG_STACK in __arch_prepare_bpf_trampoline() is
> wrong, and it should be BPF_TRAMP_F_CALL_ORIG, which caused crash as
> Andreas reported:
> 
>    Insufficient stack space to handle exception!
>    Task stack:     [0xff20000000010000..0xff20000000014000]
>    Overflow stack: [0xff600000ffdad070..0xff600000ffdae070]
>    CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>    Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>    epc : copy_from_kernel_nofault+0xa/0x198
>     ra : bpf_probe_read_kernel+0x20/0x60
>    epc : ffffffff802b732a ra : ffffffff801e6070 sp : ff2000000000ffe0
>     gp : ffffffff82262ed0 tp : 0000000000000000 t0 : ffffffff80022320
>     t1 : ffffffff801e6056 t2 : 0000000000000000 s0 : ff20000000010040
>     s1 : 0000000000000008 a0 : ff20000000010050 a1 : ff60000083b3d320
>     a2 : 0000000000000008 a3 : 0000000000000097 a4 : 0000000000000000
>     a5 : 0000000000000000 a6 : 0000000000000021 a7 : 0000000000000003
>     s2 : ff20000000010050 s3 : ff6000008459fc18 s4 : ff60000083b3d340
>     s5 : ff20000000010060 s6 : 0000000000000000 s7 : ff20000000013aa8
>     s8 : 0000000000000000 s9 : 0000000000008000 s10: 000000000058dcb0
>     s11: 000000000058dca7 t3 : 000000006925116d t4 : ff6000008090f026
>     t5 : 00007fff9b0cbaa8 t6 : 0000000000000016
>    status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000005
>    Kernel panic - not syncing: Kernel stack overflow
>    CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>    Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>    Call Trace:
>    [<ffffffff8001a1f8>] dump_backtrace+0x28/0x38
>    [<ffffffff80002502>] show_stack+0x3a/0x50
>    [<ffffffff800122be>] dump_stack_lvl+0x56/0x80
>    [<ffffffff80012300>] dump_stack+0x18/0x22
>    [<ffffffff80002abe>] vpanic+0xf6/0x328
>    [<ffffffff80002d2e>] panic+0x3e/0x40
>    [<ffffffff80019ef0>] handle_bad_stack+0x98/0xa0
>    [<ffffffff801e6070>] bpf_probe_read_kernel+0x20/0x60
> 
> Just fix it.
> 
> Fixes: 47c9214dcbea ("bpf: fix the usage of BPF_TRAMP_F_SKIP_FRAME")
> Reported-by: Andreas Schwab <schwab@linux-m68k.org>
> Closes: https://lore.kernel.org/bpf/874ipnkfvt.fsf@igel.home/
> Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn>
> ---
> v2:
> - merge the code
> ---
>   arch/riscv/net/bpf_jit_comp64.c | 6 ++----
>   1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
> index 5f9457e910e8..37888abee70c 100644
> --- a/arch/riscv/net/bpf_jit_comp64.c
> +++ b/arch/riscv/net/bpf_jit_comp64.c
> @@ -1133,10 +1133,6 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
>   
>   	store_args(nr_arg_slots, args_off, ctx);
>   
> -	/* skip to actual body of traced function */
> -	if (flags & BPF_TRAMP_F_ORIG_STACK)

Oh, how did this weird flags get in here...

> -		orig_call += RV_FENTRY_NINSNS * 4;
> -
>   	if (flags & BPF_TRAMP_F_CALL_ORIG) {
>   		emit_imm(RV_REG_A0, ctx->insns ? (const s64)im : RV_MAX_COUNT_IMM, ctx);
>   		ret = emit_call((const u64)__bpf_tramp_enter, true, ctx);
> @@ -1171,6 +1167,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
>   	}
>   
>   	if (flags & BPF_TRAMP_F_CALL_ORIG) {
> +		/* skip to actual body of traced function */
> +		orig_call += RV_FENTRY_NINSNS * 4;


LGTM, let's revert it.

Reviewed-by: Pu Lehui <pulehui@huawei.com>

>   		restore_args(min_t(int, nr_arg_slots, RV_MAX_REG_ARGS), args_off, ctx);
>   		restore_stack_args(nr_arg_slots - RV_MAX_REG_ARGS, args_off, stk_arg_off, ctx);
>   		ret = emit_call((const u64)orig_call, true, ctx);

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
  2025-12-20  2:59 ` Pu Lehui
@ 2025-12-20  7:33   ` Menglong Dong
  2025-12-20  8:12     ` Pu Lehui
  0 siblings, 1 reply; 8+ messages in thread
From: Menglong Dong @ 2025-12-20  7:33 UTC (permalink / raw)
  To: Menglong Dong, schwab, Pu Lehui, andrii
  Cc: ast, daniel, martin.lau, eddyz87, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bjorn, puranjay, pjw,
	palmer, aou, alex, bpf, linux-riscv, linux-kernel

On 2025/12/20 10:59, Pu Lehui wrote:
> 
> On 2025/12/19 22:29, Menglong Dong wrote:
> > The usage of BPF_TRAMP_F_ORIG_STACK in __arch_prepare_bpf_trampoline() is
> > wrong, and it should be BPF_TRAMP_F_CALL_ORIG, which caused crash as
> > Andreas reported:
> > 
> >    Insufficient stack space to handle exception!
> >    Task stack:     [0xff20000000010000..0xff20000000014000]
> >    Overflow stack: [0xff600000ffdad070..0xff600000ffdae070]
> >    CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
> >    Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
> >    epc : copy_from_kernel_nofault+0xa/0x198
> >     ra : bpf_probe_read_kernel+0x20/0x60
> >    epc : ffffffff802b732a ra : ffffffff801e6070 sp : ff2000000000ffe0
> >     gp : ffffffff82262ed0 tp : 0000000000000000 t0 : ffffffff80022320
> >     t1 : ffffffff801e6056 t2 : 0000000000000000 s0 : ff20000000010040
> >     s1 : 0000000000000008 a0 : ff20000000010050 a1 : ff60000083b3d320
> >     a2 : 0000000000000008 a3 : 0000000000000097 a4 : 0000000000000000
> >     a5 : 0000000000000000 a6 : 0000000000000021 a7 : 0000000000000003
> >     s2 : ff20000000010050 s3 : ff6000008459fc18 s4 : ff60000083b3d340
> >     s5 : ff20000000010060 s6 : 0000000000000000 s7 : ff20000000013aa8
> >     s8 : 0000000000000000 s9 : 0000000000008000 s10: 000000000058dcb0
> >     s11: 000000000058dca7 t3 : 000000006925116d t4 : ff6000008090f026
> >     t5 : 00007fff9b0cbaa8 t6 : 0000000000000016
> >    status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000005
> >    Kernel panic - not syncing: Kernel stack overflow
> >    CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
> >    Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
> >    Call Trace:
> >    [<ffffffff8001a1f8>] dump_backtrace+0x28/0x38
> >    [<ffffffff80002502>] show_stack+0x3a/0x50
> >    [<ffffffff800122be>] dump_stack_lvl+0x56/0x80
> >    [<ffffffff80012300>] dump_stack+0x18/0x22
> >    [<ffffffff80002abe>] vpanic+0xf6/0x328
> >    [<ffffffff80002d2e>] panic+0x3e/0x40
> >    [<ffffffff80019ef0>] handle_bad_stack+0x98/0xa0
> >    [<ffffffff801e6070>] bpf_probe_read_kernel+0x20/0x60
> > 
> > Just fix it.
> > 
> > Fixes: 47c9214dcbea ("bpf: fix the usage of BPF_TRAMP_F_SKIP_FRAME")
> > Reported-by: Andreas Schwab <schwab@linux-m68k.org>
> > Closes: https://lore.kernel.org/bpf/874ipnkfvt.fsf@igel.home/
> > Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn>
> > ---
> > v2:
> > - merge the code
> > ---
> >   arch/riscv/net/bpf_jit_comp64.c | 6 ++----
> >   1 file changed, 2 insertions(+), 4 deletions(-)
> > 
> > diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
> > index 5f9457e910e8..37888abee70c 100644
> > --- a/arch/riscv/net/bpf_jit_comp64.c
> > +++ b/arch/riscv/net/bpf_jit_comp64.c
> > @@ -1133,10 +1133,6 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
> >   
> >   	store_args(nr_arg_slots, args_off, ctx);
> >   
> > -	/* skip to actual body of traced function */
> > -	if (flags & BPF_TRAMP_F_ORIG_STACK)
> 
> Oh, how did this weird flags get in here...

It's my fault. I wanted to use BPF_TRAMP_F_CALL_ORIG here, and
a copy-paste mistake happen. They look a little similar :(

> 
> > -		orig_call += RV_FENTRY_NINSNS * 4;
> > -
> >   	if (flags & BPF_TRAMP_F_CALL_ORIG) {
> >   		emit_imm(RV_REG_A0, ctx->insns ? (const s64)im : RV_MAX_COUNT_IMM, ctx);
> >   		ret = emit_call((const u64)__bpf_tramp_enter, true, ctx);
> > @@ -1171,6 +1167,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
> >   	}
> >   
> >   	if (flags & BPF_TRAMP_F_CALL_ORIG) {
> > +		/* skip to actual body of traced function */
> > +		orig_call += RV_FENTRY_NINSNS * 4;
> 
> 
> LGTM, let's revert it.
> 
> Reviewed-by: Pu Lehui <pulehui@huawei.com>
> 
> >   		restore_args(min_t(int, nr_arg_slots, RV_MAX_REG_ARGS), args_off, ctx);
> >   		restore_stack_args(nr_arg_slots - RV_MAX_REG_ARGS, args_off, stk_arg_off, ctx);
> >   		ret = emit_call((const u64)orig_call, true, ctx);

Andreas suggested that we remove the variable "orig_call" and use
"func_addr + RV_FENTRY_NINSNS * 4" directly here. But I saw the V2
is already applied. Hmm...I think it doesn't matter.

Thanks!
Menglong Dong

> 
> 





^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
  2025-12-20  7:33   ` Menglong Dong
@ 2025-12-20  8:12     ` Pu Lehui
  0 siblings, 0 replies; 8+ messages in thread
From: Pu Lehui @ 2025-12-20  8:12 UTC (permalink / raw)
  To: Menglong Dong, Menglong Dong, schwab, andrii
  Cc: ast, daniel, martin.lau, eddyz87, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bjorn, puranjay, pjw,
	palmer, aou, alex, bpf, linux-riscv, linux-kernel



On 2025/12/20 15:33, Menglong Dong wrote:
> On 2025/12/20 10:59, Pu Lehui wrote:
>>
>> On 2025/12/19 22:29, Menglong Dong wrote:
>>> The usage of BPF_TRAMP_F_ORIG_STACK in __arch_prepare_bpf_trampoline() is
>>> wrong, and it should be BPF_TRAMP_F_CALL_ORIG, which caused crash as
>>> Andreas reported:
>>>
>>>     Insufficient stack space to handle exception!
>>>     Task stack:     [0xff20000000010000..0xff20000000014000]
>>>     Overflow stack: [0xff600000ffdad070..0xff600000ffdae070]
>>>     CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>>>     Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>>>     epc : copy_from_kernel_nofault+0xa/0x198
>>>      ra : bpf_probe_read_kernel+0x20/0x60
>>>     epc : ffffffff802b732a ra : ffffffff801e6070 sp : ff2000000000ffe0
>>>      gp : ffffffff82262ed0 tp : 0000000000000000 t0 : ffffffff80022320
>>>      t1 : ffffffff801e6056 t2 : 0000000000000000 s0 : ff20000000010040
>>>      s1 : 0000000000000008 a0 : ff20000000010050 a1 : ff60000083b3d320
>>>      a2 : 0000000000000008 a3 : 0000000000000097 a4 : 0000000000000000
>>>      a5 : 0000000000000000 a6 : 0000000000000021 a7 : 0000000000000003
>>>      s2 : ff20000000010050 s3 : ff6000008459fc18 s4 : ff60000083b3d340
>>>      s5 : ff20000000010060 s6 : 0000000000000000 s7 : ff20000000013aa8
>>>      s8 : 0000000000000000 s9 : 0000000000008000 s10: 000000000058dcb0
>>>      s11: 000000000058dca7 t3 : 000000006925116d t4 : ff6000008090f026
>>>      t5 : 00007fff9b0cbaa8 t6 : 0000000000000016
>>>     status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000005
>>>     Kernel panic - not syncing: Kernel stack overflow
>>>     CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>>>     Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>>>     Call Trace:
>>>     [<ffffffff8001a1f8>] dump_backtrace+0x28/0x38
>>>     [<ffffffff80002502>] show_stack+0x3a/0x50
>>>     [<ffffffff800122be>] dump_stack_lvl+0x56/0x80
>>>     [<ffffffff80012300>] dump_stack+0x18/0x22
>>>     [<ffffffff80002abe>] vpanic+0xf6/0x328
>>>     [<ffffffff80002d2e>] panic+0x3e/0x40
>>>     [<ffffffff80019ef0>] handle_bad_stack+0x98/0xa0
>>>     [<ffffffff801e6070>] bpf_probe_read_kernel+0x20/0x60
>>>
>>> Just fix it.
>>>
>>> Fixes: 47c9214dcbea ("bpf: fix the usage of BPF_TRAMP_F_SKIP_FRAME")
>>> Reported-by: Andreas Schwab <schwab@linux-m68k.org>
>>> Closes: https://lore.kernel.org/bpf/874ipnkfvt.fsf@igel.home/
>>> Signed-off-by: Menglong Dong <dongml2@chinatelecom.cn>
>>> ---
>>> v2:
>>> - merge the code
>>> ---
>>>    arch/riscv/net/bpf_jit_comp64.c | 6 ++----
>>>    1 file changed, 2 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
>>> index 5f9457e910e8..37888abee70c 100644
>>> --- a/arch/riscv/net/bpf_jit_comp64.c
>>> +++ b/arch/riscv/net/bpf_jit_comp64.c
>>> @@ -1133,10 +1133,6 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
>>>    
>>>    	store_args(nr_arg_slots, args_off, ctx);
>>>    
>>> -	/* skip to actual body of traced function */
>>> -	if (flags & BPF_TRAMP_F_ORIG_STACK)
>>
>> Oh, how did this weird flags get in here...
> 
> It's my fault. I wanted to use BPF_TRAMP_F_CALL_ORIG here, and
> a copy-paste mistake happen. They look a little similar :(
> 
>>
>>> -		orig_call += RV_FENTRY_NINSNS * 4;
>>> -
>>>    	if (flags & BPF_TRAMP_F_CALL_ORIG) {
>>>    		emit_imm(RV_REG_A0, ctx->insns ? (const s64)im : RV_MAX_COUNT_IMM, ctx);
>>>    		ret = emit_call((const u64)__bpf_tramp_enter, true, ctx);
>>> @@ -1171,6 +1167,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im,
>>>    	}
>>>    
>>>    	if (flags & BPF_TRAMP_F_CALL_ORIG) {
>>> +		/* skip to actual body of traced function */
>>> +		orig_call += RV_FENTRY_NINSNS * 4;
>>
>>
>> LGTM, let's revert it.
>>
>> Reviewed-by: Pu Lehui <pulehui@huawei.com>
>>
>>>    		restore_args(min_t(int, nr_arg_slots, RV_MAX_REG_ARGS), args_off, ctx);
>>>    		restore_stack_args(nr_arg_slots - RV_MAX_REG_ARGS, args_off, stk_arg_off, ctx);
>>>    		ret = emit_call((const u64)orig_call, true, ctx);
> 
> Andreas suggested that we remove the variable "orig_call" and use
> "func_addr + RV_FENTRY_NINSNS * 4" directly here. But I saw the V2
> is already applied. Hmm...I think it doesn't matter.

no warries. looks nice.

> 
> Thanks!
> Menglong Dong
> 
>>
>>
> 
> 
> 
> 
> 
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
  2025-12-19 14:29 [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK Menglong Dong
  2025-12-19 20:10 ` patchwork-bot+netdevbpf
  2025-12-20  2:59 ` Pu Lehui
@ 2026-01-12 10:47 ` Andreas Schwab
       [not found] ` <6964d168.050a0220.57989.2241SMTPIN_ADDED_BROKEN@mx.google.com>
  2026-01-26  4:21 ` patchwork-bot+linux-riscv
  4 siblings, 0 replies; 8+ messages in thread
From: Andreas Schwab @ 2026-01-12 10:47 UTC (permalink / raw)
  To: Menglong Dong
  Cc: ast, daniel, andrii, martin.lau, eddyz87, song, yonghong.song,
	john.fastabend, kpsingh, sdf, haoluo, jolsa, bjorn, pulehui,
	puranjay, pjw, palmer, aou, alex, bpf, linux-riscv, linux-kernel

It's rc5 and this is still not merged.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

^ permalink raw reply	[flat|nested] 8+ messages in thread

[parent not found: <6964d168.050a0220.57989.2241SMTPIN_ADDED_BROKEN@mx.google.com>]

* Re: [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
       [not found] ` <6964d168.050a0220.57989.2241SMTPIN_ADDED_BROKEN@mx.google.com>
@ 2026-01-12 17:01   ` Alexei Starovoitov
  0 siblings, 0 replies; 8+ messages in thread
From: Alexei Starovoitov @ 2026-01-12 17:01 UTC (permalink / raw)
  To: Andreas Schwab
  Cc: Menglong Dong, Alexei Starovoitov, Daniel Borkmann,
	Andrii Nakryiko, Martin KaFai Lau, Eduard, Song Liu,
	Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev,
	Hao Luo, Jiri Olsa, Björn Töpel, Pu Lehui,
	Puranjay Mohan, pjw, Palmer Dabbelt, Albert Ou, Alex Ghiti, bpf,
	linux-riscv, LKML

On Mon, Jan 12, 2026 at 2:48 AM Andreas Schwab <schwab@linux-m68k.org> wrote:
>
> It's rc5 and this is still not merged.

It was merged weeks ago. Sitting in the bpf tree. It will get to Linus
this week.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
  2025-12-19 14:29 [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK Menglong Dong
                   ` (3 preceding siblings ...)
       [not found] ` <6964d168.050a0220.57989.2241SMTPIN_ADDED_BROKEN@mx.google.com>
@ 2026-01-26  4:21 ` patchwork-bot+linux-riscv
  4 siblings, 0 replies; 8+ messages in thread
From: patchwork-bot+linux-riscv @ 2026-01-26  4:21 UTC (permalink / raw)
  To: Menglong Dong
  Cc: linux-riscv, ast, schwab, daniel, andrii, martin.lau, eddyz87,
	song, yonghong.song, john.fastabend, kpsingh, sdf, haoluo, jolsa,
	bjorn, pulehui, puranjay, pjw, palmer, aou, alex, bpf,
	linux-kernel

Hello:

This patch was applied to riscv/linux.git (fixes)
by Alexei Starovoitov <ast@kernel.org>:

On Fri, 19 Dec 2025 22:29:48 +0800 you wrote:
> The usage of BPF_TRAMP_F_ORIG_STACK in __arch_prepare_bpf_trampoline() is
> wrong, and it should be BPF_TRAMP_F_CALL_ORIG, which caused crash as
> Andreas reported:
> 
>   Insufficient stack space to handle exception!
>   Task stack:     [0xff20000000010000..0xff20000000014000]
>   Overflow stack: [0xff600000ffdad070..0xff600000ffdae070]
>   CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>   Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>   epc : copy_from_kernel_nofault+0xa/0x198
>    ra : bpf_probe_read_kernel+0x20/0x60
>   epc : ffffffff802b732a ra : ffffffff801e6070 sp : ff2000000000ffe0
>    gp : ffffffff82262ed0 tp : 0000000000000000 t0 : ffffffff80022320
>    t1 : ffffffff801e6056 t2 : 0000000000000000 s0 : ff20000000010040
>    s1 : 0000000000000008 a0 : ff20000000010050 a1 : ff60000083b3d320
>    a2 : 0000000000000008 a3 : 0000000000000097 a4 : 0000000000000000
>    a5 : 0000000000000000 a6 : 0000000000000021 a7 : 0000000000000003
>    s2 : ff20000000010050 s3 : ff6000008459fc18 s4 : ff60000083b3d340
>    s5 : ff20000000010060 s6 : 0000000000000000 s7 : ff20000000013aa8
>    s8 : 0000000000000000 s9 : 0000000000008000 s10: 000000000058dcb0
>    s11: 000000000058dca7 t3 : 000000006925116d t4 : ff6000008090f026
>    t5 : 00007fff9b0cbaa8 t6 : 0000000000000016
>   status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000005
>   Kernel panic - not syncing: Kernel stack overflow
>   CPU: 1 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc5+ #15 PREEMPT(voluntary)
>   Hardware name: riscv-virtio qemu/qemu, BIOS 2025.10 10/01/2025
>   Call Trace:
>   [<ffffffff8001a1f8>] dump_backtrace+0x28/0x38
>   [<ffffffff80002502>] show_stack+0x3a/0x50
>   [<ffffffff800122be>] dump_stack_lvl+0x56/0x80
>   [<ffffffff80012300>] dump_stack+0x18/0x22
>   [<ffffffff80002abe>] vpanic+0xf6/0x328
>   [<ffffffff80002d2e>] panic+0x3e/0x40
>   [<ffffffff80019ef0>] handle_bad_stack+0x98/0xa0
>   [<ffffffff801e6070>] bpf_probe_read_kernel+0x20/0x60
> 
> [...]

Here is the summary with links:
  - [bpf,v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK
    https://git.kernel.org/riscv/c/8f3e00af8e52

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2026-01-26  4:21 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-19 14:29 [PATCH bpf v2] riscv, bpf: fix incorrect usage of BPF_TRAMP_F_ORIG_STACK Menglong Dong
2025-12-19 20:10 ` patchwork-bot+netdevbpf
2025-12-20  2:59 ` Pu Lehui
2025-12-20  7:33   ` Menglong Dong
2025-12-20  8:12     ` Pu Lehui
2026-01-12 10:47 ` Andreas Schwab
     [not found] ` <6964d168.050a0220.57989.2241SMTPIN_ADDED_BROKEN@mx.google.com>
2026-01-12 17:01   ` Alexei Starovoitov
2026-01-26  4:21 ` patchwork-bot+linux-riscv

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox