[UBUNTU 18.04] BPF programs fail on Ubuntu s390x
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Invalid
|
Medium
|
Skipper Bug Screeners | ||
linux (Ubuntu) |
Invalid
|
Undecided
|
Canonical Kernel Team | ||
Bionic |
Invalid
|
Medium
|
Thadeu Lima de Souza Cascardo | ||
Focal |
Invalid
|
Medium
|
Thadeu Lima de Souza Cascardo |
Bug Description
[Impact]
Some bpf programs will fail to execute on s390x, returning EFAULT when they should be able to read user memory.
[Test case]
apt-get source linux
mkdir -p /usr/lib/perf/
cp -a linux-5.
probe_read=$(grep -w probe_read /usr/lib/
probe_read_
sed -i "/probe_
probe_read_
sed -i "/probe_
ed - linux-5.
100c
int string_len = probe_read_
.
w
EOF
perf trace -eopenat,
You should see:
0.332 ( 0.002 ms): cat/3223 openat(dfd: CWD, filename: "/etc/passwd") = 3
instead of
0.334 ( 0.003 ms): cat/3739 openat(dfd: CWD, filename: "") = 3
[Potential regressions]
One potential regression is that unprivileged code can be able to exploit the changes to read or write kernel memory.
-------
We need to run BPF filters to analyse and monitor network traffic. The BPF filters are created by skydive (http://
Because of these failures, we decided to try the BPF samples that come with the kernel first. These samples also fail on s390x while they work fine on Intel.
shense@
Linux boe-build 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:40:36 UTC 2020 s390x s390x s390x GNU/Linux
Example instructions:
sudo apt install -y dpkg-dev clang llvm libelf-dev
sudo apt-get source linux-image-
cd linux-4.15.0/
make headers_install
make samples/bpf/
Errors:
shense@
[sudo] password for shense:
invalid relo for insn[4].code 0x85
bpf_load_program() err=22
0: (bf) r7 = r1
1: (b7) r1 = 0
2: (63) *(u32 *)(r10 -32) = r1
3: (bf) r1 = r7
4: (85) call unknown#-1
BPF_CALL uses reserved fields
0: (bf) r7 = r1
1: (b7) r1 = 0
2: (63) *(u32 *)(r10 -32) = r1
3: (bf) r1 = r7
4: (85) call unknown#-1
BPF_CALL uses reserved fields
shense@
invalid relo for insn[22].code 0x85
bpf_load_program() err=22
0: (bf) r7 = r1
1: (18) r1 = 0x207265743a25646e
3: (7b) *(u64 *)(r10 -16) = r1
4: (18) r1 = 0x705f616c6c6f632e
6: (7b) *(u64 *)(r10 -24) = r1
7: (18) r1 = 0x5f6c72755f686d61
9: (7b) *(u64 *)(r10 -32) = r1
10: (18) r1 = 0x7420737472657373
12: (7b) *(u64 *)(r10 -40) = r1
13: (18) r1 = 0x4661696c65642061
15: (7b) *(u64 *)(r10 -48) = r1
16: (b7) r1 = 0
17: (73) *(u8 *)(r10 -8) = r1
18: (b7) r2 = 1
19: (7b) *(u64 *)(r10 -72) = r2
20: (63) *(u32 *)(r10 -76) = r1
21: (bf) r1 = r7
22: (85) call unknown#-1
BPF_CALL uses reserved fields
0: (bf) r7 = r1
1: (18) r1 = 0x207265743a25646e
3: (7b) *(u64 *)(r10 -16) = r1
4: (18) r1 = 0x705f616c6c6f632e
6: (7b) *(u64 *)(r10 -24) = r1
7: (18) r1 = 0x5f6c72755f686d61
9: (7b) *(u64 *)(r10 -32) = r1
10: (18) r1 = 0x7420737472657373
12: (7b) *(u64 *)(r10 -40) = r1
13: (18) r1 = 0x4661696c65642061
15: (7b) *(u64 *)(r10 -48) = r1
16: (b7) r1 = 0
17: (73) *(u8 *)(r10 -8) = r1
18: (b7) r2 = 1
19: (7b) *(u64 *)(r10 -72) = r2
20: (63) *(u32 *)(r10 -76) = r1
21: (bf) r1 = r7
22: (85) call unknown#-1
BPF_CALL uses reserved fields
tags: | added: architecture-s39064 bugnameltc-187029 severity-medium targetmilestone-inin1804 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
Changed in ubuntu-z-systems: | |
importance: | Undecided → Medium |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in linux (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → Canonical Kernel Team (canonical-kernel-team) |
Changed in linux (Ubuntu Bionic): | |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
status: | New → In Progress |
Changed in ubuntu-z-systems: | |
status: | New → In Progress |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Triaged |
description: | updated |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
After some investigation, I found out that failures caused by "invalid relo for insn[4].code 0x85" are due to a small typo in some headers.
That has caused LLVM to emit relocations (thinking those missing macro calls were external function calls) that are not supported by the loader. This is all in userspace, so no real kernel bugs here. We can include the typo fixup in the bionic tree, though.
That led to a new failure, caused by faults when trying to read user memory from the BPF program. I will investigate further.
Cascardo.