XDP eBPF programs fail to verify on Zesty ppc64el
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Daniel Axtens | ||
Zesty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
SRU Justification
[Impact]
Some XDP examples such as https:/
[Fix]
This is because CONFIG_
Swap to building for POWER8.
As a bonus, this should make everything a little bit faster.
[Regression Potential]
- IBM never released any officially supported Power7 LE systems - LE was only ever supported on Power8. Therefore this should not break any systems.
- Regression potential is also limited to one arch.
- Artful-next already has this fix and nothing bad has happened there.
[Test]
Create a P8 VM with a virtio network card and 2 vcpus.
The VM needs to have some network features turned off, and enough queues. The following virsh snippet in the <interface> section should suffice:
<driver name='vhost' queues='4'>
<host tso4='off' tso6='off' ecn='off' ufo='off'/>
<guest tso4='off' tso6='off' ecn='off' ufo='off'/>
</driver>
Then:
- apt install clang llvm
- get the prototype-kernel repo
- go to the kernel/samples/bpf directory
- make
- sudo mount -t bpf bpf /sys/fs/bpf/
- sudo ./xdp_ddos01_
Observe that without this patch, we get a long debug splat ending with:
32: (61) r1 = *(u32 *)(r8 +12)
misaligned packet access off 0+18+12 size 4
load_bpf_file: Permission denied
With this patch we don't get that error and the program is successfully verifies and loads. (It still doesn't run - there is other breakage I'm chasing down - but it definitely gets further.)
CVE References
description: | updated |
Changed in linux (Ubuntu Zesty): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Released |
Verified in my qemu tcg guest.