On 8/15/25 10:29 AM, Haoran Jiang wrote:
In some eBPF programs, the return value is a pointer.
When the kernel call an eBPF program (such as struct_ops),
it expects a 64-bit address to be returned, but instead a 32-bit value.
Before applying this patch:
./test_progs -a ns_bpf_qdisc
CPU 7 Unable to handle kernel paging request at virtual
address 0000000010440158.
As shown in the following test case,
bpf_fifo_dequeue return value is a pointer.
progs/bpf_qdisc_fifo.c
SEC("struct_ops/bpf_fifo_dequeue")
struct sk_buff *BPF_PROG(bpf_fifo_dequeue, struct Qdisc *sch)
{
struct sk_buff *skb = NULL;
........
skb = bpf_kptr_xchg(&skbn->skb, skb);
........
return skb;
}
kernel call bpf_fifo_dequeue:
net/sched/sch_generic.c
static struct sk_buff *dequeue_skb(struct Qdisc *q, bool *validate,
int *packets)
{
struct sk_buff *skb = NULL;
........
skb = q->dequeue(q);
.........
}
When accessing the skb, an address exception error will occur.
because the value returned by q->dequeue at this point is a 32-bit
address rather than a 64-bit address.
After applying the patch:
./test_progs -a ns_bpf_qdisc
Warning: sch_htb: quantum of class 10001 is small. Consider r2q change.
213/1 ns_bpf_qdisc/fifo:OK
213/2 ns_bpf_qdisc/fq:OK
213/3 ns_bpf_qdisc/attach to mq:OK
213/4 ns_bpf_qdisc/attach to non root:OK
213/5 ns_bpf_qdisc/incompl_ops:OK
213 ns_bpf_qdisc:OK
Summary: 1/5 PASSED, 0 SKIPPED, 0 FAILED
Fixes: 73c359d1d356 ("LoongArch: BPF: Sign-extend return values")
Signed-off-by: Jinyang He <hejinyang@xxxxxxxxxxx>
Signed-off-by: Haoran Jiang <jianghaoran@xxxxxxxxxx>
Huacai, are you routing the fix or want us to route via bpf tree?
Thanks,
Daniel
