Re: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp
From: Alexei Starovoitov
Date: Wed Dec 07 2022 - 14:58:08 EST
On Tue, Dec 6, 2022 at 7:18 AM Jiri Olsa <olsajiri@xxxxxxxxx> wrote:
>
> On Tue, Dec 06, 2022 at 02:46:43PM +0800, Hao Sun wrote:
> > Hao Sun <sunhao.th@xxxxxxxxx> 于2022年12月6日周二 11:28写道:
> > >
> > > Hi,
> > >
> > > The following crash can be triggered with the BPF prog provided.
> > > It seems the verifier passed some invalid progs. I will try to simplify
> > > the C reproducer, for now, the following can reproduce this:
> > >
> > > HEAD commit: ab0350c743d5 selftests/bpf: Fix conflicts with built-in
> > > functions in bpf_iter_ksym
> > > git tree: bpf-next
> > > console log: https://pastebin.com/raw/87RCSnCs
> > > kernel config: https://pastebin.com/raw/rZdWLcgK
> > > Syz reproducer: https://pastebin.com/raw/4kbwhdEv
> > > C reproducer: https://pastebin.com/raw/GFfDn2Gk
> > >
> >
> > Simplified C reproducer: https://pastebin.com/raw/aZgLcPvW
> >
> > Only two syscalls are required to reproduce this, seems it's an issue
> > in XDP test run. Essentially, the reproducer just loads a very simple
> > prog and tests run repeatedly and concurrently:
> >
> > r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)=@base={0x6, 0xb,
> > &(0x7f0000000500)}, 0x80)
> > bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x0, 0x0, 0x0,
> > 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
> >
> > Loaded prog:
> > 0: (18) r0 = 0x0
> > 2: (18) r6 = 0x0
> > 4: (18) r7 = 0x0
> > 6: (18) r8 = 0x0
> > 8: (18) r9 = 0x0
> > 10: (95) exit
>
> hi,
> I can reproduce with your config.. it seems related to the
> recent static call change:
> c86df29d11df bpf: Convert BPF_DISPATCHER to use static_call() (not ftrace)
>
> I can't reproduce when I revert that commit.. Peter, any idea?
Jiri,
I see your tested-by tag on Peter's commit c86df29d11df.
I assume you're actually tested it, but
this syzbot oops shows that even empty bpf prog crashes,
so there is something wrong with that commit.
What is the difference between this new kconfig and old one that
you've tested?
I'm trying to understand the severity of the issues and
whether we need to revert that commit asap since the merge window
is about to start.