Ubuntu
linux package

  1. Bug #1841704
  2. Comment #0

Comment 0 for bug 1841704

Revision history for this message
Po-Hsu Lin (cypressyew) wrote : Test 391/u from ubuntu_bpf failed on B

  #391/u bounds checks mixing signed and unsigned, variant 14 FAIL
  Unexpected error message!
  0: (61) r9 = *(u32 *)(r1 +8)
  1: (7a) *(u64 *)(r10 -8) = 0
  2: (bf) r2 = r10
  3: (07) r2 += -8
  4: (18) r1 = 0x0
  6: (85) call bpf_map_lookup_elem#1
  7: (15) if r0 == 0x0 goto pc+8
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
  8: (7a) *(u64 *)(r10 -16) = -8
  9: (79) r1 = *(u64 *)(r10 -16)
  10: (b7) r2 = -1
  11: (b7) r8 = 2
  12: (15) if r9 == 0x2a goto pc+6
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2 R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
  13: (6d) if r8 s> r1 goto pc+3
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff)) R2=inv-1 R8=inv2 R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
  14: (65) if r1 s> 0x1 goto pc+2
  17: (b7) r0 = 0
  18: (95) exit

  from 13 to 17: safe

  from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2 R9=inv42 R10=fp0
  19: (2d) if r1 > r2 goto pc-3
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2 R9=inv42 R10=fp0
  20: (05) goto pc-7
  14: (65) if r1 s> 0x1 goto pc+2
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1) R2=inv-1 R8=inv2 R9=inv42 R10=fp0
  15: (0f) r0 += r1
  R1 has unknown scalar with mixed signed bounds, pointer arithmetic with it prohibited for !root
  #391/p bounds checks mixing signed and unsigned, variant 14 FAIL
  Unexpected error message!
  0: (61) r9 = *(u32 *)(r1 +8)
  1: (7a) *(u64 *)(r10 -8) = 0
  2: (bf) r2 = r10
  3: (07) r2 += -8
  4: (18) r1 = 0xffff9391367ba400
  6: (85) call bpf_map_lookup_elem#1
  7: (15) if r0 == 0x0 goto pc+8
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
  8: (7a) *(u64 *)(r10 -16) = -8
  9: (79) r1 = *(u64 *)(r10 -16)
  10: (b7) r2 = -1
  11: (b7) r8 = 2
  12: (15) if r9 == 0x2a goto pc+6
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2 R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
  13: (6d) if r8 s> r1 goto pc+3
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,umin_value=2,umax_value=9223372036854775807,var_off=(0x0; 0x7fffffffffffffff)) R2=inv-1 R8=inv2 R9=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
  14: (65) if r1 s> 0x1 goto pc+2
  17: (b7) r0 = 0
  18: (95) exit

  from 13 to 17: safe

  from 12 to 19: R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2 R9=inv42 R10=fp0
  19: (2d) if r1 > r2 goto pc-3
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0) R2=inv-1 R8=inv2 R9=inv42 R10=fp0
  20: (05) goto pc-7
  14: (65) if r1 s> 0x1 goto pc+2
   R0=map_value(id=0,off=0,ks=8,vs=8,imm=0) R1=inv(id=0,smax_value=1) R2=inv-1 R8=inv2 R9=inv42 R10=fp0
  15: (0f) r0 += r1
  math between map_value pointer and register with unbounded min value is not allowed

Test result with older kernel:
  #391/u bounds checks mixing signed and unsigned, variant 15 OK
  #391/p bounds checks mixing signed and unsigned, variant 15 OK

The test has passed but the variant number is different.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-60-generic 4.15.0-60.67
ProcVersionSignature: User Name 4.15.0-60.67-generic 4.15.18
Uname: Linux 4.15.0-60-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 Aug 28 02:49 seq
 crw-rw---- 1 root audio 116, 33 Aug 28 02:49 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CurrentDmesg:

Date: Wed Aug 28 02:58:14 2019
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:

ProcFB: 0 cirrusdrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-60-generic root=UUID=576666e8-9e7f-40ee-934e-f1dce18323e5 ro
RelatedPackageVersions:
 linux-restricted-modules-4.15.0-60-generic N/A
 linux-backports-modules-4.15.0-60-generic N/A
 linux-firmware 1.173.10
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: Ubuntu-1.8.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-xenial
dmi.modalias: dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-xenial:cvnQEMU:ct1:cvrpc-i440fx-xenial:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-xenial
dmi.sys.vendor: QEMU