Re: [PATCH v1] LoongArch: BPF: Make arch_protect_bpf_trampoline() return 0

[Huacai Chen]

Applied, thanks.

Huacai

On Sun, Mar 15, 2026 at 11:27 AM Hengqi Chen <hengqi.chen@xxxxxxxxx> wrote:
>
> On Tue, Mar 10, 2026 at 2:47 PM Tiezhu Yang <yangtiezhu@xxxxxxxxxxx> wrote:
> >
> > Occasionally, there exists "text_copy_cb: operation failed" when executing
> > bpf selftests, the reason is copy_to_kernel_nofault() failed and the ecode
> > of estat register is 0x4 (PME: Page Modification Exception) due to the pte
> > is not writeable, the root cause is that there is another place to set pte
> > readonly which is in the generic weak arch_protect_bpf_trampoline().
> >
> > There are two ways to fix this race condition issue, the direct way is to
> > modify the generic weak arch_protect_bpf_trampoline() to add a mutex lock
> > for set_memory_rox(), but the other simple and proper way is to just make
> > arch_protect_bpf_trampoline() return 0 in the arch-specific code because
> > LoongArch already uses BPF prog pack allocator for trampoline.
> >
> > Here are the trimmed kernel log messages:
> >
> >   copy_to_kernel_nofault: memory access failed, ecode is 0x4
> >   copy_to_kernel_nofault: caller is text_copy_cb+0x50/0xa0
> >   text_copy_cb: operation failed
> >   ------------[ cut here ]------------
> >   bpf_prog_pack bug: missing bpf_arch_text_invalidate?
> >   WARNING: kernel/bpf/core.c:1008 at bpf_prog_pack_free+0x200/0x228
> >   ...
> >   Call Trace:
> >   [<9000000000248914>] show_stack+0x64/0x188
> >   [<9000000000241308>] dump_stack_lvl+0x6c/0x9c
> >   [<90000000002705bc>] __warn+0x9c/0x200
> >   [<9000000001c428c0>] __report_bug+0xa8/0x1c0
> >   [<9000000001c42b5c>] report_bug+0x64/0x120
> >   [<9000000001c7dcd0>] do_bp+0x270/0x3c0
> >   [<9000000000246f40>] handle_bp+0x120/0x1c0
> >   [<900000000047b030>] bpf_prog_pack_free+0x200/0x228
> >   [<900000000047b2ec>] bpf_jit_binary_pack_free+0x24/0x60
> >   [<900000000026989c>] bpf_jit_free+0x54/0xb0
> >   [<900000000029e10c>] process_one_work+0x184/0x610
> >   [<900000000029ef8c>] worker_thread+0x24c/0x388
> >   [<90000000002a902c>] kthread+0x13c/0x170
> >   [<9000000001c7dfe8>] ret_from_kernel_thread+0x28/0x1c0
> >   [<9000000000246624>] ret_from_kernel_thread_asm+0xc/0x88
> >
> >   ---[ end trace 0000000000000000 ]---
> >
> > Here is a simple shell script to reproduce:
> >
> >   #!/bin/bash
> >
> >   for ((i=1; i<=1000; i++))
> >   do
> >     echo "under testing $i ..."
> >     dmesg -c > /dev/null
> >     ./test_progs -t fentry_attach_stress > /dev/null
> >     dmesg -t | grep "text_copy_cb: operation failed"
> >     if [ $? -eq 0 ]; then
> >       break
> >     fi
> >   done
> >
> > Signed-off-by: Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
> > ---
>
> Acked-by: Hengqi Chen <hengqi.chen@xxxxxxxxx>
>
> >  arch/loongarch/net/bpf_jit.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> >
> > diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c
> > index 3bd89f55960d..4f1af3b7a363 100644
> > --- a/arch/loongarch/net/bpf_jit.c
> > +++ b/arch/loongarch/net/bpf_jit.c
> > @@ -1568,6 +1568,11 @@ void arch_free_bpf_trampoline(void *image, unsigned int size)
> >         bpf_prog_pack_free(image, size);
> >  }
> >
> > +int arch_protect_bpf_trampoline(void *image, unsigned int size)
> > +{
> > +       return 0;
> > +}
> > +
> >  /*
> >   * Sign-extend the register if necessary
> >   */
> > --
> > 2.42.0
> >