From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Yonghong Song <yhs@fb.com>, Andrii Nakryiko <andriin@fb.com>,
Alexei Starovoitov <ast@kernel.org>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org, linux-kselftest@vger.kernel.org
Subject: [PATCH AUTOSEL 5.8 073/101] selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change
Date: Sun, 18 Oct 2020 15:19:58 -0400 [thread overview]
Message-ID: <20201018192026.4053674-73-sashal@kernel.org> (raw)
In-Reply-To: <20201018192026.4053674-1-sashal@kernel.org>
From: Yonghong Song <yhs@fb.com>
[ Upstream commit 7fb5eefd76394cfefb380724a87ca40b47d44405 ]
Andrii reported that with latest clang, when building selftests, we have
error likes:
error: progs/test_sysctl_loop1.c:23:16: in function sysctl_tcp_mem i32 (%struct.bpf_sysctl*):
Looks like the BPF stack limit of 512 bytes is exceeded.
Please move large on stack variables into BPF per-cpu array map.
The error is triggered by the following LLVM patch:
https://reviews.llvm.org/D87134
For example, the following code is from test_sysctl_loop1.c:
static __always_inline int is_tcp_mem(struct bpf_sysctl *ctx)
{
volatile char tcp_mem_name[] = "net/ipv4/tcp_mem/very_very_very_very_long_pointless_string";
...
}
Without the above LLVM patch, the compiler did optimization to load the string
(59 bytes long) with 7 64bit loads, 1 8bit load and 1 16bit load,
occupying 64 byte stack size.
With the above LLVM patch, the compiler only uses 8bit loads, but subregister is 32bit.
So stack requirements become 4 * 59 = 236 bytes. Together with other stuff on
the stack, total stack size exceeds 512 bytes, hence compiler complains and quits.
To fix the issue, removing "volatile" key word or changing "volatile" to
"const"/"static const" does not work, the string is put in .rodata.str1.1 section,
which libbpf did not process it and errors out with
libbpf: elf: skipping unrecognized data section(6) .rodata.str1.1
libbpf: prog 'sysctl_tcp_mem': bad map relo against '.L__const.is_tcp_mem.tcp_mem_name'
in section '.rodata.str1.1'
Defining the string const as global variable can fix the issue as it puts the string constant
in '.rodata' section which is recognized by libbpf. In the future, when libbpf can process
'.rodata.str*.*' properly, the global definition can be changed back to local definition.
Defining tcp_mem_name as a global, however, triggered a verifier failure.
./test_progs -n 7/21
libbpf: load bpf program failed: Permission denied
libbpf: -- BEGIN DUMP LOG ---
libbpf:
invalid stack off=0 size=1
verification time 6975 usec
stack depth 160+64
processed 889 insns (limit 1000000) max_states_per_insn 4 total_states
14 peak_states 14 mark_read 10
libbpf: -- END LOG --
libbpf: failed to load program 'sysctl_tcp_mem'
libbpf: failed to load object 'test_sysctl_loop2.o'
test_bpf_verif_scale:FAIL:114
#7/21 test_sysctl_loop2.o:FAIL
This actually exposed a bpf program bug. In test_sysctl_loop{1,2}, we have code
like
const char tcp_mem_name[] = "<...long string...>";
...
char name[64];
...
for (i = 0; i < sizeof(tcp_mem_name); ++i)
if (name[i] != tcp_mem_name[i])
return 0;
In the above code, if sizeof(tcp_mem_name) > 64, name[i] access may be
out of bound. The sizeof(tcp_mem_name) is 59 for test_sysctl_loop1.c and
79 for test_sysctl_loop2.c.
Without promotion-to-global change, old compiler generates code where
the overflowed stack access is actually filled with valid value, so hiding
the bpf program bug. With promotion-to-global change, the code is different,
more specifically, the previous loading constants to stack is gone, and
"name" occupies stack[-64:0] and overflow access triggers a verifier error.
To fix the issue, adjust "name" buffer size properly.
Reported-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200909171542.3673449-1-yhs@fb.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/progs/test_sysctl_loop1.c | 4 ++--
tools/testing/selftests/bpf/progs/test_sysctl_loop2.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/test_sysctl_loop1.c b/tools/testing/selftests/bpf/progs/test_sysctl_loop1.c
index 458b0d69133e4..553a282d816ab 100644
--- a/tools/testing/selftests/bpf/progs/test_sysctl_loop1.c
+++ b/tools/testing/selftests/bpf/progs/test_sysctl_loop1.c
@@ -18,11 +18,11 @@
#define MAX_ULONG_STR_LEN 7
#define MAX_VALUE_STR_LEN (TCP_MEM_LOOPS * MAX_ULONG_STR_LEN)
+const char tcp_mem_name[] = "net/ipv4/tcp_mem/very_very_very_very_long_pointless_string";
static __always_inline int is_tcp_mem(struct bpf_sysctl *ctx)
{
- volatile char tcp_mem_name[] = "net/ipv4/tcp_mem/very_very_very_very_long_pointless_string";
unsigned char i;
- char name[64];
+ char name[sizeof(tcp_mem_name)];
int ret;
memset(name, 0, sizeof(name));
diff --git a/tools/testing/selftests/bpf/progs/test_sysctl_loop2.c b/tools/testing/selftests/bpf/progs/test_sysctl_loop2.c
index b2e6f9b0894d8..2b64bc563a12e 100644
--- a/tools/testing/selftests/bpf/progs/test_sysctl_loop2.c
+++ b/tools/testing/selftests/bpf/progs/test_sysctl_loop2.c
@@ -18,11 +18,11 @@
#define MAX_ULONG_STR_LEN 7
#define MAX_VALUE_STR_LEN (TCP_MEM_LOOPS * MAX_ULONG_STR_LEN)
+const char tcp_mem_name[] = "net/ipv4/tcp_mem/very_very_very_very_long_pointless_string_to_stress_byte_loop";
static __attribute__((noinline)) int is_tcp_mem(struct bpf_sysctl *ctx)
{
- volatile char tcp_mem_name[] = "net/ipv4/tcp_mem/very_very_very_very_long_pointless_string_to_stress_byte_loop";
unsigned char i;
- char name[64];
+ char name[sizeof(tcp_mem_name)];
int ret;
memset(name, 0, sizeof(name));
--
2.25.1
next prev parent reply other threads:[~2020-10-18 19:21 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201018192026.4053674-1-sashal@kernel.org>
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 033/101] ipv6/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 035/101] ip_gre: set dev->hard_header_len and dev->needed_headroom properly Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 036/101] mac80211: handle lack of sband->bitrates in rates Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 039/101] bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 047/101] rtw88: pci: Power cycle device during shutdown Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 050/101] rtw88: increse the size of rx buffer size Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 051/101] selftests/bpf: Fix overflow tests to reflect iter size increase Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 055/101] can: flexcan: flexcan_chip_stop(): add error handling and propagate error value Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 057/101] ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 061/101] bpf: Limit caller's stack depth 256 for subprogs with tailcalls Sasha Levin
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 068/101] Bluetooth: Only mark socket zapped after unlocking Sasha Levin
2020-10-18 19:19 ` Sasha Levin [this message]
2020-10-18 19:19 ` [PATCH AUTOSEL 5.8 074/101] brcmsmac: fix memory leak in wlc_phy_attach_lcnphy Sasha Levin
2020-10-18 19:20 ` [PATCH AUTOSEL 5.8 075/101] rtl8xxxu: prevent potential memory leak Sasha Levin
2020-10-18 19:20 ` [PATCH AUTOSEL 5.8 086/101] ipvs: Fix uninit-value in do_ip_vs_set_ctl() Sasha Levin
2020-10-18 19:20 ` [PATCH AUTOSEL 5.8 089/101] mwifiex: don't call del_timer_sync() on uninitialized timer Sasha Levin
2020-10-18 19:20 ` [PATCH AUTOSEL 5.8 095/101] brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach Sasha Levin
2020-10-18 19:20 ` [PATCH AUTOSEL 5.8 101/101] ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201018192026.4053674-73-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).