On Sun, May 11, 2025 at 9:28 AM Yonghong Song <yonghong.song@xxxxxxxxx> wrote:
>
> Reported by: Yi Lai <yi1.lai@xxxxxxxxxxxxxxx>
> Fixes: 407958a0e980 ("bpf: encapsulate precision backtracking bookkeeping")
> Signed-off-by: Yonghong Song <yonghong.song@xxxxxxxxx>
> ---
> kernel/bpf/verifier.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 28f5a7899bd6..1cb4d80d15c1 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -4413,8 +4413,10 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, int subseq_idx,
> * before it would be equally necessary to
> * propagate it to dreg.
> */
> - bt_set_reg(bt, dreg);
> - bt_set_reg(bt, sreg);
> + if (dreg != BPF_REG_FP)
> + bt_set_reg(bt, dreg);
> + if (sreg != BPF_REG_FP)
> + bt_set_reg(bt, sreg);
The fix makes sense to me.
but it crashes on s390 according to CI:
2025-05-11T16:48:18.5929491Z #401 struct_ops_refcounted:OK
2025-05-11T16:48:18.7330807Z ------------[ cut here ]------------
2025-05-11T16:48:18.7333824Z kernel BUG at kernel/bpf/core.c:533!
2025-05-11T16:48:18.7335154Z monitor event: 0040 ilc:2 [#1]SMP
2025-05-11T16:48:18.7336972Z Modules linked in: bpf_testmod(OE) [last
unloaded: bpf_test_no_cfi(OE)]
2025-05-11T16:48:18.7341000Z CPU: 0 UID: 0 PID: 109 Comm: new_name
Tainted: G OE 6.15.0-rc4-ga9827e5c6a13-dirty #13 NONE
2025-05-11T16:48:18.7343245Z Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
2025-05-11T16:48:18.7344697Z Hardware name: IBM 8561 LT1 400 (KVM/Linux)
2025-05-11T16:48:18.7347056Z Krnl PSW : 0704d00180000000
000003320039d8ca (bpf_patch_insn_single+0x29a/0x2a0)
2025-05-11T16:48:18.7349372Z R:0 T:1 IO:1 EX:1 Key:0 M:1
W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3
2025-05-11T16:48:18.7351910Z Krnl GPRS: 000002b200000016
ffffffff7ffffffe ffffffffffffffde 00000000ffffffde
2025-05-11T16:48:18.7354602Z 0000000000000003
0000000000000005 0000000000000000 000002b2000b5048
2025-05-11T16:48:18.7356934Z 0000000000000018
000002b2000b5000 0000000000000003 0000000000000002
2025-05-11T16:48:18.7359164Z 000003ff81badf98
0000000000000002 000003320039d738 000002b200687840
2025-05-11T16:48:18.7361217Z Krnl Code: 000003320039d8bc: e3005ff0ff50
sty %r0,-16(%r5)
2025-05-11T16:48:18.7363048Z 000003320039d8c2: a7f4ffc6 brc
15,000003320039d84e
2025-05-11T16:48:18.7364611Z #000003320039d8c6: af000000 mc 0,0
2025-05-11T16:48:18.7366106Z >000003320039d8ca: 0707 bcr 0,%r7
2025-05-11T16:48:18.7367449Z 000003320039d8cc: 0707 bcr 0,%r7
2025-05-11T16:48:18.7368855Z 000003320039d8ce: 0707 bcr 0,%r7
2025-05-11T16:48:18.7403748Z 000003320039d8d0: c004004bdc60
brcl 0,0000033200d19190
2025-05-11T16:48:18.7407899Z 000003320039d8d6: eb6ff0480024
stmg %r6,%r15,72(%r15)
2025-05-11T16:48:18.7410576Z Call Trace:
2025-05-11T16:48:18.7411713Z [<000003320039d8ca>]
bpf_patch_insn_single+0x29a/0x2a0
2025-05-11T16:48:18.7413433Z ([<000003320039d738>]
bpf_patch_insn_single+0x108/0x2a0)
2025-05-11T16:48:18.7415210Z [<000003320039eb72>]
bpf_jit_blind_constants+0xd2/0x1b0
2025-05-11T16:48:18.7416879Z [<000003320020b5ee>]
bpf_int_jit_compile+0x46/0x448
2025-05-11T16:48:18.7418417Z [<00000332003c12d4>] jit_subprogs+0x594/0xbe0
2025-05-11T16:48:18.7419782Z [<00000332003dacc8>] bpf_check+0xe28/0x14b0
2025-05-11T16:48:18.7421128Z [<00000332003a9328>] bpf_prog_load+0x4d8/0xba0
2025-05-11T16:48:18.7422570Z [<00000332003ab976>] __sys_bpf+0x98e/0xdd0
2025-05-11T16:48:18.7423887Z [<00000332003abdfc>] __s390x_sys_bpf+0x44/0x50
2025-05-11T16:48:18.7425227Z [<0000033200ce61b2>] __do_syscall+0x132/0x260
2025-05-11T16:48:18.7426522Z [<0000033200cf162c>] system_call+0x74/0x98
Ilya,
Could you please verify whether the fix is related or not ?
