[syzkaller] divide error in __tcp_select_window #121
Comments
|
It looks close to #111 but you already have the upstream fix for this one. |
|
Update 12/11: Added reproducer |
|
This should be fixed thanks to @pabeni 's patches (even if a minor extra fix is in preparation)
Also in our tree: @cpaasch please re-open it if the reproducer still has an issue with this one :) But please also note that the export branch should be updated in minimum ~1 hour (the job has been queued) |
matttbe
pushed a commit
that referenced
this issue
Jan 26, 2024
Like commit 1cf3bfc ("bpf: Support 64-bit pointers to kfuncs") for s390x, add support for 64-bit pointers to kfuncs for LoongArch. Since the infrastructure is already implemented in BPF core, the only thing need to be done is to override bpf_jit_supports_far_kfunc_call(). Before this change, several test_verifier tests failed: # ./test_verifier | grep # | grep FAIL #119/p calls: invalid kfunc call: ptr_to_mem to struct with non-scalar FAIL #120/p calls: invalid kfunc call: ptr_to_mem to struct with nesting depth > 4 FAIL #121/p calls: invalid kfunc call: ptr_to_mem to struct with FAM FAIL #122/p calls: invalid kfunc call: reg->type != PTR_TO_CTX FAIL #123/p calls: invalid kfunc call: void * not allowed in func proto without mem size arg FAIL #124/p calls: trigger reg2btf_ids[reg->type] for reg->type > __BPF_REG_TYPE_MAX FAIL #125/p calls: invalid kfunc call: reg->off must be zero when passed to release kfunc FAIL #126/p calls: invalid kfunc call: don't match first member type when passed to release kfunc FAIL #127/p calls: invalid kfunc call: PTR_TO_BTF_ID with negative offset FAIL #128/p calls: invalid kfunc call: PTR_TO_BTF_ID with variable offset FAIL #129/p calls: invalid kfunc call: referenced arg needs refcounted PTR_TO_BTF_ID FAIL #130/p calls: valid kfunc call: referenced arg needs refcounted PTR_TO_BTF_ID FAIL #486/p map_kptr: ref: reference state created and released on xchg FAIL This is because the kfuncs in the loaded module are far away from __bpf_call_base: ffff800002009440 t bpf_kfunc_call_test_fail1 [bpf_testmod] 9000000002e128d8 T __bpf_call_base The offset relative to __bpf_call_base does NOT fit in s32, which breaks the assumption in BPF core. Enable bpf_jit_supports_far_kfunc_call() lifts this limit. Note that to reproduce the above result, tools/testing/selftests/bpf/config should be applied, and run the test with JIT enabled, unpriv BPF enabled. With this change, the test_verifier tests now all passed: # ./test_verifier ... Summary: 777 PASSED, 0 SKIPPED, 0 FAILED Tested-by: Tiezhu Yang <[email protected]> Signed-off-by: Hengqi Chen <[email protected]> Signed-off-by: Huacai Chen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reproducer:
212235f ("DO-NOT-MERGE: mptcp: enabled by default") (HEAD, tag: export/20201204T192621, mptcp_net-next/export) (3 days ago)
a86bbdf ("DO-NOT-MERGE: mptcp: add GitHub Actions") (3 days ago)
eb38849 ("DO-NOT-MERGE: mptcp: use kmalloc on kasan build") (3 days ago)
7e6ca7e ("mptcp: let MPTCP create max size skbs") (3 days ago)
cb4d5c2 ("mptcp: pm: simplify select_local_address()") (3 days ago)
aa1ec1a ("mptcp: parse and act on incoming FASTCLOSE option") (3 days ago)
f8f57f2 ("tcp: parse mptcp options contained in reset packets") (3 days ago)
cc6660c ("mptcp: hold mptcp socket before calling tcp_done") (3 days ago)
e07be7d ("mptcp: use MPTCPOPT_HMAC_LEN macro") (3 days ago)
8b88d3c ("selftests: mptcp: add the flush addrs testcase") (3 days ago)
c5e25c1 ("mptcp: remove address when netlink flushes addrs") (3 days ago)
4d220e7 ("mptcp: use the variable sk instead of open-coding") (3 days ago)
afcc1b0 ("mptcp: rename add_addr_signal and mptcp_add_addr_status") (3 days ago)
72d1f61 ("mptcp: drop rm_addr_signal flag") (3 days ago)
f51cdd6 ("mptcp: print out port and ahmac when receiving ADD_ADDR") (3 days ago)
3095efe ("mptcp: add port parameter for mptcp_pm_announce_addr") (3 days ago)
1beb716 ("mptcp: send out dedicated packet for ADD_ADDR using port") (3 days ago)
300711c ("mptcp: add the outgoing ADD_ADDR port support") (3 days ago)
f27ef3e ("mptcp: use adding up size to get ADD_ADDR length") (3 days ago)
45ae172 ("mptcp: add port support for ADD_ADDR suboption writing") (3 days ago)
64368db ("mptcp: unify ADD_ADDR and ADD_ADDR6 suboptions writing") (3 days ago)
f664b21 ("mptcp: unify ADD_ADDR and echo suboptions writing") (3 days ago)
0cd0f00 ("bpf:selftests: add bpf_mptcp_sock() verifier tests") (3 days ago)
32551f2 ("bpf:selftests: add MPTCP test base") (3 days ago)
2452ebf ("bpf: add 'bpf_mptcp_sock' structure and helper") (3 days ago)
5184888 ("mptcp: attach subflow socket to parent cgroup") (3 days ago)
3fb142d ("bpf: expose is_mptcp flag to bpf_tcp_sock") (3 days ago)
7b825c4 ("mptcp: be careful on subflows shutdown") (3 days ago)
a1cf928 ("mptcp: plug subflow context memory leak") (3 days ago)
8397c4e ("mptcp: link MPC subflow into msk only after accept") (3 days ago)
55fd59b ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") (mptcp_net-next/net-next) (4 days ago)
The text was updated successfully, but these errors were encountered: