Re: [PATCH v1] LoongArch: BPF: Make arch_protect_bpf_trampoline() return 0

[Hengqi Chen]

On Tue, Mar 10, 2026 at 2:47 PM Tiezhu Yang <yangtiezhu@xxxxxxxxxxx> wrote:
>
> Occasionally, there exists "text_copy_cb: operation failed" when executing
> bpf selftests, the reason is copy_to_kernel_nofault() failed and the ecode
> of estat register is 0x4 (PME: Page Modification Exception) due to the pte
> is not writeable, the root cause is that there is another place to set pte
> readonly which is in the generic weak arch_protect_bpf_trampoline().
>
> There are two ways to fix this race condition issue, the direct way is to
> modify the generic weak arch_protect_bpf_trampoline() to add a mutex lock
> for set_memory_rox(), but the other simple and proper way is to just make
> arch_protect_bpf_trampoline() return 0 in the arch-specific code because
> LoongArch already uses BPF prog pack allocator for trampoline.
>
> Here are the trimmed kernel log messages:
>
>   copy_to_kernel_nofault: memory access failed, ecode is 0x4
>   copy_to_kernel_nofault: caller is text_copy_cb+0x50/0xa0
>   text_copy_cb: operation failed
>   ------------[ cut here ]------------
>   bpf_prog_pack bug: missing bpf_arch_text_invalidate?
>   WARNING: kernel/bpf/core.c:1008 at bpf_prog_pack_free+0x200/0x228
>   ...
>   Call Trace:
>   [<9000000000248914>] show_stack+0x64/0x188
>   [<9000000000241308>] dump_stack_lvl+0x6c/0x9c
>   [<90000000002705bc>] __warn+0x9c/0x200
>   [<9000000001c428c0>] __report_bug+0xa8/0x1c0
>   [<9000000001c42b5c>] report_bug+0x64/0x120
>   [<9000000001c7dcd0>] do_bp+0x270/0x3c0
>   [<9000000000246f40>] handle_bp+0x120/0x1c0
>   [<900000000047b030>] bpf_prog_pack_free+0x200/0x228
>   [<900000000047b2ec>] bpf_jit_binary_pack_free+0x24/0x60
>   [<900000000026989c>] bpf_jit_free+0x54/0xb0
>   [<900000000029e10c>] process_one_work+0x184/0x610
>   [<900000000029ef8c>] worker_thread+0x24c/0x388
>   [<90000000002a902c>] kthread+0x13c/0x170
>   [<9000000001c7dfe8>] ret_from_kernel_thread+0x28/0x1c0
>   [<9000000000246624>] ret_from_kernel_thread_asm+0xc/0x88
>
>   ---[ end trace 0000000000000000 ]---
>
> Here is a simple shell script to reproduce:
>
>   #!/bin/bash
>
>   for ((i=1; i<=1000; i++))
>   do
>     echo "under testing $i ..."
>     dmesg -c > /dev/null
>     ./test_progs -t fentry_attach_stress > /dev/null
>     dmesg -t | grep "text_copy_cb: operation failed"
>     if [ $? -eq 0 ]; then
>       break
>     fi
>   done
>
> Signed-off-by: Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
> ---

Acked-by: Hengqi Chen <hengqi.chen@xxxxxxxxx>

>  arch/loongarch/net/bpf_jit.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c
> index 3bd89f55960d..4f1af3b7a363 100644
> --- a/arch/loongarch/net/bpf_jit.c
> +++ b/arch/loongarch/net/bpf_jit.c
> @@ -1568,6 +1568,11 @@ void arch_free_bpf_trampoline(void *image, unsigned int size)
>         bpf_prog_pack_free(image, size);
>  }
>
> +int arch_protect_bpf_trampoline(void *image, unsigned int size)
> +{
> +       return 0;
> +}
> +
>  /*
>   * Sign-extend the register if necessary
>   */
> --
> 2.42.0
>