Unable to insert test_bpf module on Xenial

Bug #1765698 reported by Po-Hsu Lin on 2018-04-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Xenial
Medium
Stefan Bader

Bug Description

[SRU Justification]

Impact: One of the self-tests which is run by test_bpf will always fail when JIT is turned on, causing the module load to fail.

Fix: Picking two patches from upstream will fix this.

Testcase: sudo modprobe test_bpf

Risk of regression: Minimal, this modifies only a test module, no impact on normal operation.

---

With 4.4.0-119, the ubuntu_bpf_jit test will pass:

  [ 127.177037] test_bpf: Summary: 291 PASSED, 0 FAILED, [0/283 JIT'ed]
  PASSED: 291
  FAILED: 0

But with 4.4.0-121, one test will fail
  [ 221.361834] test_bpf: Summary: 290 PASSED, 1 FAILED, [282/282 JIT'ed]
  PASSED: 290
  FAILED: 1
  stderr:
  modprobe: ERROR: could not insert 'test_bpf': Invalid argument

$ sudo modprobe test_bpf
modprobe: ERROR: could not insert 'test_bpf': Invalid argument
$ dmesg|grep test_bpf|grep FAIL
[ 45.286944] test_bpf: #248 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
[ 45.619293] test_bpf: Summary: 290 PASSED, 1 FAILED, [282/282 JIT'ed]

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-121-generic 4.4.0-121.145
ProcVersionSignature: User Name 4.4.0-121.145-generic 4.4.117
Uname: Linux 4.4.0-121-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Apr 20 12:29 seq
 crw-rw---- 1 root audio 116, 33 Apr 20 12:29 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.16
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:

Date: Fri Apr 20 12:32:59 2018
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
MachineType: Intel Corporation S1200RP
PciMultimedia:

ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-121-generic root=UUID=b0d2ae4e-12dd-423e-acea-272ee8b2a893 ro
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-121-generic N/A
 linux-backports-modules-4.4.0-121-generic N/A
 linux-firmware 1.157.17
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/01/2015
dmi.bios.vendor: Intel Corp.
dmi.bios.version: S1200RP.86B.03.02.0003.070120151022
dmi.board.asset.tag: ....................
dmi.board.name: S1200RP
dmi.board.vendor: Intel Corporation
dmi.board.version: G62254-407
dmi.chassis.asset.tag: ....................
dmi.chassis.type: 17
dmi.chassis.vendor: ..............................
dmi.chassis.version: ..................
dmi.modalias: dmi:bvnIntelCorp.:bvrS1200RP.86B.03.02.0003.070120151022:bd07/01/2015:svnIntelCorporation:pnS1200RP:pvr....................:rvnIntelCorporation:rnS1200RP:rvrG62254-407:cvn..............................:ct17:cvr..................:
dmi.product.name: S1200RP
dmi.product.version: ....................
dmi.sys.vendor: Intel Corporation

Po-Hsu Lin (cypressyew) wrote :

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1765698

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Stefan Bader (smb) on 2018-04-20
Changed in linux (Ubuntu Xenial):
assignee: nobody → Stefan Bader (smb)
importance: Undecided → Medium
status: New → In Progress
description: updated
Stefan Bader (smb) wrote :

Having enabled CONFIG_BPF_JIT_ALWAYS_ON broke the selftest module (test_bpf) and requires some additional upstream patches which have not been landed in upstream stable:

09584b406742413ac4c8d7e030374d4daa045b69 "bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y"
52fda36d63bfc8c8e8ae5eda8eb5ac6f52cd67ed "test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches"

With those two applied, loading test_bpf succeeds again:

$ sudo modprobe test_bpf
$ sudo dmesg|grep test_bpf|grep FAIL
[ 20.215102] test_bpf: Summary: 291 PASSED, 0 FAILED, [282/282 JIT'ed]

description: updated
Stefan Bader (smb) on 2018-04-23
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Po-Hsu Lin (cypressyew) wrote :

Verified on a bare-metal amd64 and, a KVM node and a s390x node:
  - Passed on the AMD64 / KVM node
  - Failed on the s390x node (Ubuntu on LPAR) - https://pastebin.ubuntu.com/p/zMDwVjwF7X/

Should I mark this one as verification done and opens a new bug for s390x?

Po-Hsu Lin (cypressyew) wrote :

After discussed with Stefan, we both agree to have the issue on s390x reported in a new bug: bug 1768452

Therefore I'm marking this one as verification-done, thanks.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (59.3 KiB)

This bug was fixed in the package linux - 4.4.0-127.153

---------------
linux (4.4.0-127.153) xenial; urgency=medium

  * CVE-2018-3639 (powerpc)
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/64s: Move cpu_show_meltdown()
    - powerpc/64s: Enhance the information in cpu_show_meltdown()
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/64s: Wire up cpu_show_spectre_v1()
    - powerpc/64s: Wire up cpu_show_spectre_v2()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel
      entry/exit

  * CVE-2018-3639 (x86)
    - SAUCE: Clean up IBPB and IBRS control functions and macros
    - SAUCE: Fix up IBPB and IBRS kernel parameters documentation
    - SAUCE: Remove #define X86_FEATURE_PTI
    - x86/cpufeature: Move some of the scattered feature bits to x86_capability
    - x86/cpufeature: Cleanup get_cpu_cap()
    - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6
    - x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
    - x86/cpufeatures: Add Intel feature bits for Speculation Control
    - SAUCE: x86/kvm: Expose SPEC_CTRL from the leaf
    - x86/cpufeatures: Add AMD feature bits for Speculation Control
    - x86/msr: Add definitions for new speculation control MSRs
    - SAUCE: x86/msr: Rename MSR spec control feature bits
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
    - x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
    - x86/speculation: Add <asm/msr-index.h> dependency
    - x86/cpufeatures: Clean up Spectre v2 related CPUID flags
    - x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - SAUCE: x86/speculation: Move vendor specific IBRS/IBPB control code
    - SAUCE: x86: Add alternative_msr_write
    - SAUCE: x86/nospec: Simplify alternative_msr_write()
    - SAUCE: x86/bugs: Concentrate bug detection into a separate function
    - SAUCE: x86/bugs: Concentrate bug reporting into a separate function
    - arch: Introduce post-init read-only memory
    - SAUCE: x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - SAUCE: x86/bugs, KVM: Support the combination of guest a...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Po-Hsu Lin (cypressyew) on 2018-06-01
Changed in linux (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers