Skip to content
Permalink
Jakub-Sitnicki…
Switch branches/tags

Commits on Feb 7, 2022

  1. selftests/bpf: Cover 4-byte load from remote_port in bpf_sk_lookup

    Extend the context access tests for sk_lookup prog to cover the surprising
    case of a 4-byte load from the remote_port field, where the expected value
    is actually shifted by 16 bits.
    
    Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
    jsitnicki authored and intel-lab-lkp committed Feb 7, 2022
  2. bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide

    remote_port is another case of a BPF context field documented as a 32-bit
    value in network byte order for which the BPF context access converter
    generates a load of a zero-padded 16-bit integer in network byte order.
    
    First such case was dst_port in bpf_sock which got addressed in commit
    4421a58 ("bpf: Make dst_port field in struct bpf_sock 16-bit wide").
    
    Loading 4-bytes from the remote_port offset and converting the value with
    bpf_ntohl() leads to surprising results, as the expected value is shifted
    by 16 bits.
    
    Reduce the confusion by splitting the field in two - a 16-bit field holding
    a big-endian integer, and a 16-bit zero-padding anonymous field that
    follows it.
    
    Suggested-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
    jsitnicki authored and intel-lab-lkp committed Feb 7, 2022

Commits on Feb 5, 2022

  1. selftests/bpf: Fix tests to use arch-dependent syscall entry points

    Some of the tests are using x86_64 ABI-specific syscall entry points
    (such as __x64_sys_nanosleep and __x64_sys_getpgid). Update them to use
    architecture-dependent syscall entry names.
    
    Also update fexit_sleep test to not use BPF_PROG() so that it is clear
    that the syscall parameters aren't being accessed in the bpf prog.
    
    Note that none of the bpf progs in these tests are actually accessing
    any of the syscall parameters. The only exception is perfbuf_bench, which
    passes on the bpf prog context into bpf_perf_event_output() as a pointer
    to pt_regs, but that looks to be mostly ignored.
    
    Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/e35f7051f03e269b623a68b139d8ed131325f7b7.1643973917.git.naveen.n.rao@linux.vnet.ibm.com
    rnav authored and anakryiko committed Feb 5, 2022
  2. selftests/bpf: Use "__se_" prefix on architectures without syscall wr…

    …apper
    
    On architectures that don't use a syscall wrapper, sys_* function names
    are set as an alias of __se_sys_* functions. Due to this, there is no
    BTF associated with sys_* function names. This results in some of the
    test progs failing to load. Set the SYS_PREFIX to "__se_" to fix this
    issue.
    
    Fixes: 38261f3 ("selftests/bpf: Fix probe_user test failure with clang build kernel")
    Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/013d632aacd3e41290445c0025db6a7055ec6e18.1643973917.git.naveen.n.rao@linux.vnet.ibm.com
    rnav authored and anakryiko committed Feb 5, 2022
  3. Merge branch 'libbpf: Fix accessing syscall arguments'

    Ilya Leoshkevich says:
    
    ====================
    
    libbpf now has macros to access syscall arguments in an
    architecture-agnostic manner, but unfortunately they have a number of
    issues on non-Intel arches, which this series aims to fix.
    
    v1: https://lore.kernel.org/bpf/20220201234200.1836443-1-iii@linux.ibm.com/
    v1 -> v2:
    * Put orig_gpr2 in place of args[1] on s390 (Vasily).
    * Fix arm64, powerpc and riscv (Heiko).
    
    v2: https://lore.kernel.org/bpf/20220204041955.1958263-1-iii@linux.ibm.com/
    v2 -> v3:
    * Undo args[1] change (Andrii).
    * Rename PT_REGS_SYSCALL to PT_REGS_SYSCALL_REGS (Andrii).
    * Split the riscv patch (Andrii).
    
    +cc Naveen.
    ====================
    
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    anakryiko committed Feb 5, 2022
  4. libbpf: Fix accessing the first syscall argument on s390

    On s390, the first syscall argument should be accessed via orig_gpr2
    (see arch/s390/include/asm/syscall.h). Currently gpr[2] is used
    instead, leading to bpf_syscall_macro test failure.
    
    Reported-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-12-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  5. libbpf: Fix accessing syscall arguments on riscv

    riscv's syscall handlers get "unpacked" arguments instead of a
    struct pt_regs pointer. Indicate this to libbpf using
    PT_REGS_SYSCALL_REGS macro.
    
    Reported-by: Heiko Carstens <hca@linux.ibm.com>
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-11-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  6. libbpf: Fix accessing program counter on riscv

    riscv registers are accessed via struct user_regs_struct, not struct
    pt_regs. The program counter member in this struct is called pc, not
    epc.
    
    Fixes: 3cc31d7 ("libbpf: Normalize PT_REGS_xxx() macro definitions")
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-10-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  7. libbpf: Fix accessing syscall arguments on powerpc

    powerpc's syscall handlers get "unpacked" arguments instead of a
    struct pt_regs pointer. Indicate this to libbpf using
    PT_REGS_SYSCALL_REGS macro.
    
    Reported-by: Heiko Carstens <hca@linux.ibm.com>
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Tested-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-9-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  8. libbpf: Fix accessing the first syscall argument on arm64

    On arm64, the first syscall argument should be accessed via orig_x0
    (see arch/arm64/include/asm/syscall.h). Currently regs[0] is used
    instead, leading to bpf_syscall_macro test failure.
    
    Reported-by: Heiko Carstens <hca@linux.ibm.com>
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-8-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  9. selftests/bpf: Use PT_REGS_SYSCALL_REGS in bpf_syscall_macro

    Ensure that PT_REGS_SYSCALL_REGS works correctly.
    
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-7-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  10. libbpf: Add PT_REGS_SYSCALL_REGS macro

    Some architectures pass a pointer to struct pt_regs to syscall
    handlers, others unpack it into individual function parameters.
    Introduce a macro to describe what a particular arch does, using
    `passing pt_regs *` as a default.
    
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-6-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  11. libbpf: Add __PT_PARM1_REG_SYSCALL macro

    Some architectures have a special way to access the first syscall
    argument. There already exists __PT_PARM4_REG_SYSCALL for the
    fourth argument, so define a similar macro for the first one.
    
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-5-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  12. selftests/bpf: Fix an endianness issue in bpf_syscall_macro test

    bpf_syscall_macro reads a long argument into an int variable, which
    produces a wrong value on big-endian systems. Fix by reading the
    argument into an intermediate long variable first.
    
    Fixes: 77fc033 ("selftests/bpf: Add a test to confirm PT_REGS_PARM4_SYSCALL")
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-4-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  13. s390/bpf: Add orig_gpr2 to user_pt_regs

    user_pt_regs is used by eBPF in order to access userspace registers -
    see commit 466698e ("s390/bpf: correct broken uapi for
    BPF_PROG_TYPE_PERF_EVENT program type"). In order to access the first
    syscall argument from eBPF programs, we need to export orig_gpr2.
    
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Acked-by: Heiko Carstens <hca@linux.ibm.com>
    Acked-by: Vasily Gorbik <gor@linux.ibm.com>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-3-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  14. arm64/bpf: Add orig_x0 to user_pt_regs

    orig_x0 is needed in order to access the first syscall argument from
    eBPF programs.
    
    Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204145018.1983773-2-iii@linux.ibm.com
    iii-i authored and anakryiko committed Feb 5, 2022
  15. libbpf: Fix build issue with llvm-readelf

    There are cases where clang compiler is packaged in a way
    readelf is a symbolic link to llvm-readelf. In such cases,
    llvm-readelf will be used instead of default binutils readelf,
    and the following error will appear during libbpf build:
    
      Warning: Num of global symbols in
       /home/yhs/work/bpf-next/tools/testing/selftests/bpf/tools/build/libbpf/sharedobjs/libbpf-in.o (367)
       does NOT match with num of versioned symbols in
       /home/yhs/work/bpf-next/tools/testing/selftests/bpf/tools/build/libbpf/libbpf.so libbpf.map (383).
       Please make sure all LIBBPF_API symbols are versioned in libbpf.map.
      --- /home/yhs/work/bpf-next/tools/testing/selftests/bpf/tools/build/libbpf/libbpf_global_syms.tmp ...
      +++ /home/yhs/work/bpf-next/tools/testing/selftests/bpf/tools/build/libbpf/libbpf_versioned_syms.tmp ...
      @@ -324,6 +324,22 @@
       btf__str_by_offset
       btf__type_by_id
       btf__type_cnt
      +LIBBPF_0.0.1
      +LIBBPF_0.0.2
      +LIBBPF_0.0.3
      +LIBBPF_0.0.4
      +LIBBPF_0.0.5
      +LIBBPF_0.0.6
      +LIBBPF_0.0.7
      +LIBBPF_0.0.8
      +LIBBPF_0.0.9
      +LIBBPF_0.1.0
      +LIBBPF_0.2.0
      +LIBBPF_0.3.0
      +LIBBPF_0.4.0
      +LIBBPF_0.5.0
      +LIBBPF_0.6.0
      +LIBBPF_0.7.0
       libbpf_attach_type_by_name
       libbpf_find_kernel_btf
       libbpf_find_vmlinux_btf_id
      make[2]: *** [Makefile:184: check_abi] Error 1
      make[1]: *** [Makefile:140: all] Error 2
    
    The above failure is due to different printouts for some ABS
    versioned symbols. For example, with the same libbpf.so,
      $ /bin/readelf --dyn-syms --wide tools/lib/bpf/libbpf.so | grep "LIBBPF" | grep ABS
         134: 0000000000000000     0 OBJECT  GLOBAL DEFAULT  ABS LIBBPF_0.5.0
         202: 0000000000000000     0 OBJECT  GLOBAL DEFAULT  ABS LIBBPF_0.6.0
         ...
      $ /opt/llvm/bin/readelf --dyn-syms --wide tools/lib/bpf/libbpf.so | grep "LIBBPF" | grep ABS
         134: 0000000000000000     0 OBJECT  GLOBAL DEFAULT   ABS LIBBPF_0.5.0@@LIBBPF_0.5.0
         202: 0000000000000000     0 OBJECT  GLOBAL DEFAULT   ABS LIBBPF_0.6.0@@LIBBPF_0.6.0
         ...
    The binutils readelf doesn't print out the symbol LIBBPF_* version and llvm-readelf does.
    Such a difference caused libbpf build failure with llvm-readelf.
    
    The proposed fix filters out all ABS symbols as they are not part of the comparison.
    This works for both binutils readelf and llvm-readelf.
    
    Reported-by: Delyan Kratunov <delyank@fb.com>
    Signed-off-by: Yonghong Song <yhs@fb.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204214355.502108-1-yhs@fb.com
    yonghong-song authored and anakryiko committed Feb 5, 2022

Commits on Feb 4, 2022

  1. selftests/bpf: Test bpf_core_types_are_compat() functionality.

    Add several tests to check bpf_core_types_are_compat() functionality:
    - candidate type name exists and types match
    - candidate type name exists but types don't match
    - nested func protos at kernel recursion limit
    - nested func protos above kernel recursion limit. Such bpf prog
      is rejected during the load.
    
    Signed-off-by: Matteo Croce <mcroce@microsoft.com>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204005519.60361-3-mcroce@linux.microsoft.com
    teknoraver authored and Alexei Starovoitov committed Feb 4, 2022
  2. bpf: Implement bpf_core_types_are_compat().

    Adopt libbpf's bpf_core_types_are_compat() for kernel duty by adding
    explicit recursion limit of 2 which is enough to handle 2 levels of
    function prototypes.
    
    Signed-off-by: Matteo Croce <mcroce@microsoft.com>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20220204005519.60361-2-mcroce@linux.microsoft.com
    teknoraver authored and Alexei Starovoitov committed Feb 4, 2022
  3. bpf, arm64: Enable kfunc call

    Since commit b2eed9b ("arm64/kernel: kaslr: reduce module
    randomization range to 2 GB"), for arm64 whether KASLR is enabled
    or not, the module is placed within 2GB of the kernel region, so
    s32 in bpf_kfunc_desc is sufficient to represente the offset of
    module function relative to __bpf_call_base. The only thing needed
    is to override bpf_jit_supports_kfunc_call().
    
    Signed-off-by: Hou Tao <houtao1@huawei.com>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Link: https://lore.kernel.org/bpf/20220130092917.14544-2-hotforest@gmail.com
    Hou Tao authored and borkmann committed Feb 4, 2022
  4. libbpf: Deprecate forgotten btf__get_map_kv_tids()

    btf__get_map_kv_tids() is in the same group of APIs as
    btf_ext__reloc_func_info()/btf_ext__reloc_line_info() which were only
    used by BCC. It was missed to be marked as deprecated in [0]. Fixing
    that to complete [1].
    
      [0] https://patchwork.kernel.org/project/netdevbpf/patch/20220201014610.3522985-1-davemarchevsky@fb.com/
      [1] Closes: libbpf/libbpf#277
    
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Yonghong Song <yhs@fb.com>
    Link: https://lore.kernel.org/bpf/20220203225017.1795946-1-andrii@kernel.org
    anakryiko authored and borkmann committed Feb 4, 2022

Commits on Feb 3, 2022

  1. selftests/bpf: Add a selftest for invalid func btf with btf decl_tag

    Added a selftest similar to [1] which exposed a kernel bug.
    Without the fix in the previous patch, the similar kasan error will appear.
    
      [1] https://lore.kernel.org/bpf/0000000000009b6eaa05d71a8c06@google.com/
    
    Signed-off-by: Yonghong Song <yhs@fb.com>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Acked-by: Martin KaFai Lau <kafai@fb.com>
    Link: https://lore.kernel.org/bpf/20220203191732.742285-1-yhs@fb.com
    yonghong-song authored and Alexei Starovoitov committed Feb 3, 2022
  2. bpf: Fix a btf decl_tag bug when tagging a function

    syzbot reported a btf decl_tag bug with stack trace below:
    
      general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
      KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
      CPU: 0 PID: 3592 Comm: syz-executor914 Not tainted 5.16.0-syzkaller-11424-gb7892f7d5cb2 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:btf_type_vlen include/linux/btf.h:231 [inline]
      RIP: 0010:btf_decl_tag_resolve+0x83e/0xaa0 kernel/bpf/btf.c:3910
      ...
      Call Trace:
       <TASK>
       btf_resolve+0x251/0x1020 kernel/bpf/btf.c:4198
       btf_check_all_types kernel/bpf/btf.c:4239 [inline]
       btf_parse_type_sec kernel/bpf/btf.c:4280 [inline]
       btf_parse kernel/bpf/btf.c:4513 [inline]
       btf_new_fd+0x19fe/0x2370 kernel/bpf/btf.c:6047
       bpf_btf_load kernel/bpf/syscall.c:4039 [inline]
       __sys_bpf+0x1cbb/0x5970 kernel/bpf/syscall.c:4679
       __do_sys_bpf kernel/bpf/syscall.c:4738 [inline]
       __se_sys_bpf kernel/bpf/syscall.c:4736 [inline]
       __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4736
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae
    
    The kasan error is triggered with an illegal BTF like below:
       type 0: void
       type 1: int
       type 2: decl_tag to func type 3
       type 3: func to func_proto type 8
    The total number of types is 4 and the type 3 is illegal
    since its func_proto type is out of range.
    
    Currently, the target type of decl_tag can be struct/union, var or func.
    Both struct/union and var implemented their own 'resolve' callback functions
    and hence handled properly in kernel.
    But func type doesn't have 'resolve' callback function. When
    btf_decl_tag_resolve() tries to check func type, it tries to get
    vlen of its func_proto type, which triggered the above kasan error.
    
    To fix the issue, btf_decl_tag_resolve() needs to do btf_func_check()
    before trying to accessing func_proto type.
    In the current implementation, func type is checked with
    btf_func_check() in the main checking function btf_check_all_types().
    To fix the above kasan issue, let us implement 'resolve' callback
    func type properly. The 'resolve' callback will be also called
    in btf_check_all_types() for func types.
    
    Fixes: b5ea834 ("bpf: Support for new btf kind BTF_KIND_TAG")
    Reported-by: syzbot+53619be9444215e785ed@syzkaller.appspotmail.com
    Signed-off-by: Yonghong Song <yhs@fb.com>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Acked-by: Martin KaFai Lau <kafai@fb.com>
    Link: https://lore.kernel.org/bpf/20220203191727.741862-1-yhs@fb.com
    yonghong-song authored and Alexei Starovoitov committed Feb 3, 2022
  3. libbpf: Deprecate priv/set_priv storage

    Arbitrary storage via bpf_*__set_priv/__priv is being deprecated
    without a replacement ([1]). perf uses this capability, but most of
    that is going away with the removal of prologue generation ([2]).
    perf is already suppressing deprecation warnings, so the remaining
    cleanup will happen separately.
    
      [1]: Closes: libbpf/libbpf#294
      [2]: https://lore.kernel.org/bpf/20220123221932.537060-1-jolsa@kernel.org/
    
    Signed-off-by: Delyan Kratunov <delyank@fb.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20220203180032.1921580-1-delyank@fb.com
    BurntBrunch authored and anakryiko committed Feb 3, 2022
  4. bpf: test_run: Fix OOB access in bpf_prog_test_run_xdp

    Fix the following kasan issue reported by syzbot:
    
    BUG: KASAN: slab-out-of-bounds in __skb_frag_set_page include/linux/skbuff.h:3242 [inline]
    BUG: KASAN: slab-out-of-bounds in bpf_prog_test_run_xdp+0x10ac/0x1150 net/bpf/test_run.c:972
    Write of size 8 at addr ffff888048c75000 by task syz-executor.5/23405
    
    CPU: 1 PID: 23405 Comm: syz-executor.5 Not tainted 5.16.0-syzkaller #0
    Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
     <TASK>
     __dump_stack lib/dump_stack.c:88 [inline]
     dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
     print_address_description.constprop.0.cold+0x8d/0x336 mm/kasan/report.c:255
     __kasan_report mm/kasan/report.c:442 [inline]
     kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
     __skb_frag_set_page include/linux/skbuff.h:3242 [inline]
     bpf_prog_test_run_xdp+0x10ac/0x1150 net/bpf/test_run.c:972
     bpf_prog_test_run kernel/bpf/syscall.c:3356 [inline]
     __sys_bpf+0x1858/0x59a0 kernel/bpf/syscall.c:4658
     __do_sys_bpf kernel/bpf/syscall.c:4744 [inline]
     __se_sys_bpf kernel/bpf/syscall.c:4742 [inline]
     __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4742
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x44/0xae
    RIP: 0033:0x7f4ea30dd059
    RSP: 002b:00007f4ea1a52168 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
    RAX: ffffffffffffffda RBX: 00007f4ea31eff60 RCX: 00007f4ea30dd059
    RDX: 0000000000000048 RSI: 0000000020000000 RDI: 000000000000000a
    RBP: 00007f4ea313708d R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
    R13: 00007ffc8367c5af R14: 00007f4ea1a52300 R15: 0000000000022000
     </TASK>
    
    Allocated by task 23405:
     kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
     kasan_set_track mm/kasan/common.c:46 [inline]
     set_alloc_info mm/kasan/common.c:437 [inline]
     ____kasan_kmalloc mm/kasan/common.c:516 [inline]
     ____kasan_kmalloc mm/kasan/common.c:475 [inline]
     __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525
     kmalloc include/linux/slab.h:586 [inline]
     kzalloc include/linux/slab.h:715 [inline]
     bpf_test_init.isra.0+0x9f/0x150 net/bpf/test_run.c:411
     bpf_prog_test_run_xdp+0x2f8/0x1150 net/bpf/test_run.c:941
     bpf_prog_test_run kernel/bpf/syscall.c:3356 [inline]
     __sys_bpf+0x1858/0x59a0 kernel/bpf/syscall.c:4658
     __do_sys_bpf kernel/bpf/syscall.c:4744 [inline]
     __se_sys_bpf kernel/bpf/syscall.c:4742 [inline]
     __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4742
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x44/0xae
    
    The buggy address belongs to the object at ffff888048c74000
     which belongs to the cache kmalloc-4k of size 4096
    The buggy address is located 0 bytes to the right of
     4096-byte region [ffff888048c74000, ffff888048c75000)
    The buggy address belongs to the page:
    page:ffffea0001231c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48c70
    head:ffffea0001231c00 order:3 compound_mapcount:0 compound_pincount:0
    flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
    raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c42140
    raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
    page dumped because: kasan: bad access detected
    page_owner tracks the page as allocated
     prep_new_page mm/page_alloc.c:2434 [inline]
     get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165
     __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389
     alloc_pages+0x1aa/0x310 mm/mempolicy.c:2271
     alloc_slab_page mm/slub.c:1799 [inline]
     allocate_slab mm/slub.c:1944 [inline]
     new_slab+0x28a/0x3b0 mm/slub.c:2004
     ___slab_alloc+0x87c/0xe90 mm/slub.c:3018
     __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3105
     slab_alloc_node mm/slub.c:3196 [inline]
     __kmalloc_node_track_caller+0x2cb/0x360 mm/slub.c:4957
     kmalloc_reserve net/core/skbuff.c:354 [inline]
     __alloc_skb+0xde/0x340 net/core/skbuff.c:426
     alloc_skb include/linux/skbuff.h:1159 [inline]
     nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:745 [inline]
     nsim_dev_trap_report drivers/net/netdevsim/dev.c:802 [inline]
     nsim_dev_trap_report_work+0x29a/0xbc0 drivers/net/netdevsim/dev.c:843
     process_one_work+0x9ac/0x1650 kernel/workqueue.c:2307
     worker_thread+0x657/0x1110 kernel/workqueue.c:2454
     kthread+0x2e9/0x3a0 kernel/kthread.c:377
     ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
    page last free stack trace:
     reset_page_owner include/linux/page_owner.h:24 [inline]
     free_pages_prepare mm/page_alloc.c:1352 [inline]
     free_pcp_prepare+0x374/0x870 mm/page_alloc.c:1404
     free_unref_page_prepare mm/page_alloc.c:3325 [inline]
     free_unref_page+0x19/0x690 mm/page_alloc.c:3404
     qlink_free mm/kasan/quarantine.c:157 [inline]
     qlist_free_all+0x6d/0x160 mm/kasan/quarantine.c:176
     kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:283
     __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:447
     kasan_slab_alloc include/linux/kasan.h:260 [inline]
     slab_post_alloc_hook mm/slab.h:732 [inline]
     slab_alloc_node mm/slub.c:3230 [inline]
     slab_alloc mm/slub.c:3238 [inline]
     kmem_cache_alloc+0x202/0x3a0 mm/slub.c:3243
     getname_flags.part.0+0x50/0x4f0 fs/namei.c:138
     getname_flags include/linux/audit.h:323 [inline]
     getname+0x8e/0xd0 fs/namei.c:217
     do_sys_openat2+0xf5/0x4d0 fs/open.c:1208
     do_sys_open fs/open.c:1230 [inline]
     __do_sys_openat fs/open.c:1246 [inline]
     __se_sys_openat fs/open.c:1241 [inline]
     __x64_sys_openat+0x13f/0x1f0 fs/open.c:1241
     do_syscall_x64 arch/x86/entry/common.c:50 [inline]
     do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
     entry_SYSCALL_64_after_hwframe+0x44/0xae
    
    Memory state around the buggy address:
     ffff888048c74f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     ffff888048c74f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                       ^
     ffff888048c75080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
     ffff888048c75100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
    ==================================================================
    
    Fixes: 1c19499 ("bpf: introduce frags support to bpf_prog_test_run_xdp()")
    Reported-by: syzbot+6d70ca7438345077c549@syzkaller.appspotmail.com
    Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/688c26f9dd6e885e58e8e834ede3f0139bb7fa95.1643835097.git.lorenzo@kernel.org
    LorenzoBianconi authored and Alexei Starovoitov committed Feb 3, 2022
  5. bpf, docs: Better document the atomic instructions

    Use proper tables and RST markup to document the atomic instructions
    in a structured way.
    
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20220131183638.3934982-6-hch@lst.de
    Christoph Hellwig authored and Alexei Starovoitov committed Feb 3, 2022
  6. bpf, docs: Better document the extended instruction format

    In addition to the normal 64-bit instruction encoding, eBPF also has
    a single instruction that uses a second 64-bit bits for a second
    immediate value.  Instead of only documenting this format deep down
    in the document mention it in the instruction encoding section.
    
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20220131183638.3934982-5-hch@lst.de
    Christoph Hellwig authored and Alexei Starovoitov committed Feb 3, 2022
  7. bpf, docs: Better document the legacy packet access instruction

    Use consistent terminology and structured RST elements to better document
    these two oddball instructions.
    
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20220131183638.3934982-4-hch@lst.de
    Christoph Hellwig authored and Alexei Starovoitov committed Feb 3, 2022
  8. bpf, docs: Better document the regular load and store instructions

    Add a separate section and a little intro blurb for the regular load and
    store instructions.
    
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20220131183638.3934982-3-hch@lst.de
    Christoph Hellwig authored and Alexei Starovoitov committed Feb 3, 2022
  9. bpf, docs: Document the byte swapping instructions

    Add a section to document the byte swapping instructions.
    
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20220131183638.3934982-2-hch@lst.de
    Christoph Hellwig authored and Alexei Starovoitov committed Feb 3, 2022
  10. Merge branch 'bpf-libbpf-deprecated-cleanup'

    Andrii Nakryiko says:
    
    ====================
    Clean up remaining missed uses of deprecated libbpf APIs across samples/bpf,
    selftests/bpf, libbpf, and bpftool.
    
    Also fix uninit variable warning in bpftool.
    ====================
    
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    borkmann committed Feb 3, 2022
  11. samples/bpf: Get rid of bpf_prog_load_xattr() use

    Remove all the remaining uses of deprecated bpf_prog_load_xattr() API.
    
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Quentin Monnet <quentin@isovalent.com>
    Link: https://lore.kernel.org/bpf/20220202225916.3313522-7-andrii@kernel.org
    anakryiko authored and borkmann committed Feb 3, 2022
  12. selftests/bpf: Redo the switch to new libbpf XDP APIs

    Switch to using new bpf_xdp_*() APIs across all selftests. Take
    advantage of a more straightforward and user-friendly semantics of
    old_prog_fd (0 means "don't care") in few places.
    
    This is a redo of 5443565 ("selftests/bpf: switch to new libbpf XDP
    APIs"), which was previously reverted to minimize conflicts during bpf
    and bpf-next tree merge.
    
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Quentin Monnet <quentin@isovalent.com>
    Link: https://lore.kernel.org/bpf/20220202225916.3313522-6-andrii@kernel.org
    anakryiko authored and borkmann committed Feb 3, 2022
  13. selftests/bpf: Remove usage of deprecated feature probing APIs

    Switch to libbpf_probe_*() APIs instead of the deprecated ones.
    
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Quentin Monnet <quentin@isovalent.com>
    Link: https://lore.kernel.org/bpf/20220202225916.3313522-5-andrii@kernel.org
    anakryiko authored and borkmann committed Feb 3, 2022
  14. bpftool: Fix uninit variable compilation warning

    Newer GCC complains about capturing the address of unitialized variable.
    While there is nothing wrong with the code (the variable is filled out
    by the kernel), initialize the variable anyway to make compiler happy.
    
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Quentin Monnet <quentin@isovalent.com>
    Link: https://lore.kernel.org/bpf/20220202225916.3313522-4-andrii@kernel.org
    anakryiko authored and borkmann committed Feb 3, 2022
Older