XDP eBPF programs fail to verify on Zesty ppc64el

Bug #1699627 reported by Daniel Axtens on 2017-06-22
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Daniel Axtens
Zesty
Undecided
Unassigned

Bug Description

SRU Justification

[Impact]
Some XDP examples such as https://github.com/netoptimizer/prototype-kernel fail on ppc64el at the eBPF verification stage.

[Fix]
This is because CONFIG_HAS_EFFICIENT_UNALIGNED_ACCESS is not set on ppc64el. It is not set because the kernel is being compiled for CPU_POWER7 instead of CPU_POWER8, and we don't have efficient unaligned access on POWER7.

Swap to building for POWER8.

As a bonus, this should make everything a little bit faster.

[Regression Potential]

 - IBM never released any officially supported Power7 LE systems - LE was only ever supported on Power8. Therefore this should not break any systems.

 - Regression potential is also limited to one arch.

 - Artful-next already has this fix and nothing bad has happened there.

[Test]
Create a P8 VM with a virtio network card and 2 vcpus.

The VM needs to have some network features turned off, and enough queues. The following virsh snippet in the <interface> section should suffice:

       <driver name='vhost' queues='4'>
         <host tso4='off' tso6='off' ecn='off' ufo='off'/>
         <guest tso4='off' tso6='off' ecn='off' ufo='off'/>
       </driver>

Then:
- apt install clang llvm
- get the prototype-kernel repo
- go to the kernel/samples/bpf directory
- make
- sudo mount -t bpf bpf /sys/fs/bpf/
- sudo ./xdp_ddos01_blacklist --dev enp0s1

Observe that without this patch, we get a long debug splat ending with:

32: (61) r1 = *(u32 *)(r8 +12)
misaligned packet access off 0+18+12 size 4
load_bpf_file: Permission denied

With this patch we don't get that error and the program is successfully verifies and loads. (It still doesn't run - there is other breakage I'm chasing down - but it definitely gets further.)

Daniel Axtens (daxtens) on 2017-06-22
description: updated
Juerg Haefliger (juergh) on 2017-06-29
Changed in linux (Ubuntu Zesty):
status: New → Fix Committed
Daniel Axtens (daxtens) wrote :

Verified in my qemu tcg guest.

tags: added: verification-done-zesty
Daniel Axtens (daxtens) wrote :

Also verified by an IBMer on a real P8.

Launchpad Janitor (janitor) wrote :
Download full text (8.1 KiB)

This bug was fixed in the package linux - 4.10.0-28.32

---------------
linux (4.10.0-28.32) zesty; urgency=low

  * linux: 4.10.0-28.32 -proposed tracker (LP: #1701013)

  * KILLER1435-S[0489:e0a2] BT cannot search BT 4.0 device (LP: #1699651)
    - Bluetooth: btusb: Add support for 0489:e0a2 QCA_ROME device

  * aacraid driver may return uninitialized stack data to userspace
    (LP: #1700077)
    - SAUCE: scsi: aacraid: Don't copy uninitialized stack memory to userspace

  * CVE-2017-9605
    - drm/vmwgfx: Make sure backup_handle is always valid

  * CVE-2017-1000380
    - ALSA: timer: Fix race between read and ioctl
    - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

  * XDP eBPF programs fail to verify on Zesty ppc64el (LP: #1699627)
    - [Config] ppc64el: build for Power8 not Power7

  * AACRAID for power9 platform (LP: #1689980)
    - scripts/spelling.txt: add "therfore" pattern and fix typo instances
    - scsi: aacraid: fix PCI error recovery path
    - scsi: aacraid: pci_alloc_consistent() failures on ARM64
    - scsi: aacraid: Remove __GFP_DMA for raw srb memory
    - scsi: aacraid: Fix DMAR issues with iommu=pt
    - scsi: aacraid: Added 32 and 64 queue depth for arc natives
    - scsi: aacraid: Set correct Queue Depth for HBA1000 RAW disks
    - scsi: aacraid: Remove reset support from check_health
    - scsi: aacraid: Change wait time for fib completion
    - scsi: aacraid: Log count info of scsi cmds before reset
    - scsi: aacraid: Print ctrl status before eh reset
    - scsi: aacraid: Using single reset mask for IOP reset
    - scsi: aacraid: Rework IOP reset
    - scsi: aacraid: Add periodic checks to see IOP reset status
    - scsi: aacraid: Rework SOFT reset code
    - scsi: aacraid: Rework aac_src_restart
    - scsi: aacraid: Use correct function to get ctrl health
    - scsi: aacraid: Make sure ioctl returns on controller reset
    - scsi: aacraid: Enable ctrl reset for both hba and arc
    - scsi: aacraid: Add reset debugging statements
    - scsi: aacraid: Remove reference to Series-9
    - scsi: aacraid: Update driver version to 50834

  * arm64 kernel crashdump support (LP: #1694859)
    - memblock: add memblock_clear_nomap()
    - memblock: add memblock_cap_memory_range()
    - arm64: limit memory regions based on DT property, usable-memory-range
    - arm64: kdump: reserve memory for crash dump kernel
    - arm64: mm: add set_memory_valid()
    - arm64: mm: use phys_addr_t instead of unsigned long in __map_memblock
    - arm64: kdump: protect crash dump kernel memory
    - arm64: hibernate: preserve kdump image around hibernation
    - arm64: kdump: implement machine_crash_shutdown()
    - arm64: kdump: add VMCOREINFO's for user-space tools
    - [Config] CONFIG_CRASH_DUMP=y on arm64
    - arm64: kdump: provide /proc/vmcore file
    - Documentation: kdump: describe arm64 port
    - Documentation: dt: chosen properties for arm64 kdump
    - efi/libstub/arm*: Set default address and size cells values for an empty dtb

  * hibmc driver does not include "pci:" prefix in bus ID (LP: #1698700)
    - SAUCE: drm: hibmc: Use set_busid function from drm core

  * Processes in "D" state due to za...

Read more...

Changed in linux (Ubuntu Zesty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers