Public bug reported:
Issue found on 5.0.0-49.53~18.04.1-generic in proposed, but passed with
5.0.0-48.52~18.04.1-generic
#724/p bpf_get_stack return R0 within range FAIL
Failed to load prog 'Success'!
0: (bf) r6 = r1
1: (7a) *(u64 *)(r10 -8) = 0
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0xffffa0ca73b8d400
6: (85) call bpf_map_lookup_elem#1
7: (15) if r0 == 0x0 goto pc+28
R0=map_value(id=0,off=0,ks=8,vs=48,imm=0) R6=ctx(id=0,off=0,imm=0)
R10=fp0,call_-1 fp-8=mmmmmmmm
8: (bf) r7 = r0
9: (b7) r9 = 48
10: (bf) r1 = r6
11: (bf) r2 = r7
12: (b7) r3 = 48
13: (b7) r4 = 256
14: (85) call bpf_get_stack#67
R0=map_value(id=0,off=0,ks=8,vs=48,imm=0) R1_w=ctx(id=0,off=0,imm=0)
R2_w=map_value(id=0,off=0,ks=8,vs=48,imm=0) R3_w=inv48 R4_w=inv256
R6=ctx(id=0,off=0,imm=0) R7_w=map_value(id=0,off=0,ks=8,vs=48,imm=0) R9_w=inv48
R10=fp0,call_-1 fp-8=mmmmmmmm
15: (b7) r1 = 0
16: (bf) r8 = r0
17: (67) r8 <<= 32
18: (c7) r8 s>>= 32
19: (cd) if r1 s< r8 goto pc+16
R0=inv(id=0,umax_value=48,var_off=(0x0; 0x3f)) R1=inv0
R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv0
R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
20: (1f) r9 -= r8
21: (bf) r2 = r7
22: (0f) r2 += r8
23: (bf) r1 = r9
24: (67) r1 <<= 32
25: (c7) r1 s>>= 32
26: (bf) r3 = r2
27: (0f) r3 += r1
28: (bf) r1 = r7
29: (b7) r5 = 48
30: (0f) r1 += r5
31: (3d) if r3 >= r1 goto pc+4
R0=inv(id=0,umax_value=48,var_off=(0x0; 0x3f))
R1=map_value(id=0,off=48,ks=8,vs=48,imm=0)
R2=map_value(id=0,off=0,ks=8,vs=48,imm=0)
R3=map_value(id=0,off=48,ks=8,vs=48,imm=0) R5=inv48 R6=ctx(id=0,off=0,imm=0)
R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv0 R9=inv48 R10=fp0,call_-1
fp-8=mmmmmmmm
32: (bf) r1 = r6
33: (bf) r3 = r9
34: (b7) r4 = 0
35: (85) call bpf_get_stack#67
R0=inv(id=0,umax_value=48,var_off=(0x0; 0x3f)) R1_w=ctx(id=0,off=0,imm=0)
R2=map_value(id=0,off=0,ks=8,vs=48,imm=0) R3_w=inv48 R4_w=inv0 R5=inv48
R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv0
R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
36: (95) exit
from 35 to 36:
R0=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000;
0x7fffffff)) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0)
R8=inv0 R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
36: (95) exit
from 31 to 36: safe
from 19 to 36: safe
from 14 to 15:
R0=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000;
0x7fffffff)) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0)
R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
15: (b7) r1 = 0
16: (bf) r8 = r0
17: (67) r8 <<= 32
18: (c7) r8 s>>= 32
19: (cd) if r1 s< r8 goto pc+16
R0=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000;
0x7fffffff)) R1=inv0 R6=ctx(id=0,off=0,imm=0)
R7=map_value(id=0,off=0,ks=8,vs=48,imm=0)
R8=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000;
0x7fffffff)) R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
20: (1f) r9 -= r8
21: (bf) r2 = r7
22: (0f) r2 += r8
value -2147483648 makes map_value pointer be out of bounds
With 5.0.0-48.52~18.04.1-generic the test will pass:
#724/p bpf_get_stack return R0 within range OK
** Affects: ubuntu-kernel-tests
Importance: Undecided
Status: New
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
** Tags: 5.0 bionic kqa-blocker sru-20200518 ubuntu-bpf
** Tags added: 5.0 kqa-blocker sru-20200518 ubuntu-bpf
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- bpf_get_stack from test_verifier in ubuntu_bpf failed on 5.0
+ bpf_get_stack from test_verifier in ubuntu_bpf failed on Bionic 5.0
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881263
Title:
bpf_get_stack from test_verifier in ubuntu_bpf failed on Bionic 5.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1881263/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
