From: Daniel Borkmann <daniel@iogearbox•net>
To: Shubham Bansal <illusionist.neo@gmail•com>
Cc: David Miller <davem@davemloft•net>,
Kees Cook <keescook@chromium•org>,
Mircea Gherzan <mgherzan@gmail•com>,
Network Development <netdev@vger•kernel.org>,
kernel-hardening@lists•openwall.com,
linux-arm-kernel@lists•infradead.org, ast@fb•com
Subject: Re: arch: arm: bpf: Converting cBPF to eBPF for arm 32 bit
Date: Tue, 09 May 2017 22:25:59 +0200 [thread overview]
Message-ID: <591225D7.9090500@iogearbox.net> (raw)
In-Reply-To: <CAHgaXd+xb5dN90sH___RtxgSC3usnH2jXkA5r3=fQJc3pOY5xw@mail.gmail.com>
On 05/09/2017 10:12 PM, Shubham Bansal wrote:
> Hi Daniel,
>
> I just tried running test_bpf.ko module.
>
> $ echo 2 >> /proc/sys/net/core/bpf_jit_enable
> $ insmod test_bpf.ko
>
> test_bpf: #0 TAX
> bpf_jit: flen=14 proglen=212 pass=2 image=7f15a83c from=insmod pid=730
> JIT code: 00000000: f0 05 2d e9 40 d2 4d e2 00 40 a0 e3 0c 42 8d e5
> JIT code: 00000010: 08 42 8d e5 00 00 20 e0 01 10 21 e0 20 62 9d e5
> JIT code: 00000020: 20 72 9d e5 06 70 27 e0 20 72 8d e5 24 62 9d e5
> JIT code: 00000030: 24 72 9d e5 06 70 27 e0 24 72 8d e5 00 40 a0 e1
> JIT code: 00000040: 01 50 a0 e1 01 00 a0 e3 00 10 a0 e3 20 02 8d e5
> JIT code: 00000050: 24 12 8d e5 02 00 a0 e3 00 10 a0 e3 20 62 9d e5
> JIT code: 00000060: 06 00 80 e0 00 10 a0 e3 00 00 60 e2 00 10 a0 e3
> JIT code: 00000070: 20 02 8d e5 24 12 8d e5 54 40 90 e5 20 62 9d e5
> JIT code: 00000080: 06 00 80 e0 00 10 a0 e3 20 02 8d e5 24 12 8d e5
> JIT code: 00000090: 04 00 a0 e1 01 10 a0 e3 20 62 9d e5 06 10 81 e0
> JIT code: 000000a0: 01 20 a0 e3 04 32 8d e2 bc 68 0a e3 11 60 48 e3
> JIT code: 000000b0: 36 ff 2f e1 01 10 21 e0 00 00 50 e3 04 00 00 0a
> JIT code: 000000c0: 00 00 d0 e5 01 00 00 ea 40 d2 8d e2 f0 05 bd e8
> JIT code: 000000d0: 1e ff 2f e1
> jited:1
> Unhandled fault: page domain fault (0x01b) at 0x00000051
> pgd = 871d0000
> [00000051] *pgd=671b7831, *pte=00000000, *ppte=00000000
> Internal error: : 1b [#1] SMP ARM
> Modules linked in: test_bpf(+)
> CPU: 0 PID: 730 Comm: insmod Not tainted 4.11.0+ #5
> Hardware name: ARM-Versatile Express
> task: 87023700 task.stack: 8718a000
> PC is at 0x7f15a8b4
> LR is at test_bpf_init+0x5bc/0x1000 [test_bpf]
> pc : [<7f15a8b4>] lr : [<7f1575bc>] psr: 80000013
> sp : 8718bd7c ip : 00000015 fp : 7f005008
> r10: 7f005094 r9 : 893ba020 r8 : 893ba000
> r7 : 00000000 r6 : 00000001 r5 : 00000000 r4 : 00000000
> r3 : 7f15a83c r2 : 893ba020 r1 : 00000000 r0 : fffffffd
> Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
> Control: 10c5387d Table: 671d0059 DAC: 00000051
> Process insmod (pid: 730, stack limit = 0x8718a210)
> Stack: (0x8718bd7c to 0x8718c000)
> bd60: 00000000
> bd80: 00002710 870db300 c302e7e8 7f004010 893ba000 7f005094 00000000 00000000
> bda0: 00000000 00000000 00000000 00000001 00000001 00000000 014000c0 00150628
> bdc0: 7f0050ac 7f154840 1234aaaa 1234aaab c302e7e8 0000000f 00000000 893ba000
> bde0: 0000000b 7f004010 87fd54a0 ffffe000 7f157000 00000000 871b6fc0 00000001
> be00: 78e4905c 00000024 7f154640 8010179c 80a06544 8718a000 00000001 80a54980
> be20: 80a3066c 00000007 809685c0 80a54700 80a54700 07551000 80a54700 60070013
> be40: 7f154640 801f3fc8 78e4905c 7f154640 00000001 871b6fe4 7f154640 00000001
> be60: 871b6b00 00000001 78e4905c 801eaa94 00000001 871b6fe4 8718bf44 00000001
> be80: 871b6fe4 80196e4c 7f15464c 00007fff 7f154640 80193f10 87127000 7f154640
> bea0: 7f154688 80703800 7f154770 807037e4 8081b184 807bec60 807becc4 807bec6c
> bec0: 7f15481c 8010c1b8 93600000 76ed8028 00000f60 00000000 00000000 00000000
> bee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
> bf00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00003f80
> bf20: 76f5cf88 00000000 93684f80 8718a000 00160fda 00000051 00000000 801973b0
> bf40: 87671a00 93501000 00183f80 93684760 93684574 936788e0 00155000 00155290
> bf60: 00000000 00000000 00000000 00001f64 00000032 00000033 0000001d 00000000
> bf80: 00000017 00000000 00000000 00183f80 756e694c 00000080 80107684 fffffffd
> bfa0: 00000000 801074c0 00000000 00183f80 76dd9008 00183f80 00160fda 00000000
> bfc0: 00000000 00183f80 756e694c 00000080 00000001 7eabae2c 00172f8c 00000000
> bfe0: 7eabaae0 7eabaad0 0004017f 00013172 60070030 76dd9008 00000000 00000000
> [<7f1575bc>] (test_bpf_init [test_bpf]) from [<7f157000>]
> (test_bpf_init+0x0/0x1000 [test_bpf])
> [<7f157000>] (test_bpf_init [test_bpf]) from [<78e4905c>] (0x78e4905c)
> Code: e2600000 e3a01000 e58d0220 e58d1224 (e5904054)
> ---[ end trace a36398923b914fe2 ]---
> Segmentation fault
>
> Why is trying to execute TAX which is a cBPF instruction?
Kernel translates this to eBPF internally (bpf_prepare_filter() ->
bpf_migrate_filter()), no cBPF will see the JIT directly.
Is your implementation still using bpf_jit_compile() callback as
opposed to bpf_int_jit_compile()?!
Cheers,
Daniel
next prev parent reply other threads:[~2017-05-09 20:26 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-30 10:38 arch: arm: bpf: Converting cBPF to eBPF for arm 32 bit Shubham Bansal
2017-01-30 21:57 ` Kees Cook
[not found] ` <CAHgaXd+nj69n-Xf46N=4M-j-0hKHVrrLfsvRZCG=2CCAtVF6ZA@mail.gmail.com>
[not found] ` <CAGXu5j+NSLomuSgD40kys+pWc+J9aB6Bbk_gSP9Lp_ScimQn_w@mail.gmail.com>
2017-02-01 13:01 ` Shubham Bansal
2017-02-01 13:06 ` Fwd: " Shubham Bansal
2017-02-06 11:52 ` Shubham Bansal
[not found] ` <76621BFF-B30B-4417-AB2B-DB21CA6092D9@netronome.com>
2017-02-03 7:04 ` Shubham Bansal
2017-02-03 8:25 ` nick viljoen
2017-02-08 7:29 ` Shubham Bansal
2017-02-08 19:41 ` Kees Cook
2017-03-15 12:13 ` Shubham Bansal
2017-03-15 21:55 ` David Miller
2017-03-28 20:49 ` Shubham Bansal
2017-03-29 0:00 ` Daniel Borkmann
2017-03-30 14:04 ` Shubham Bansal
2017-04-06 11:05 ` Shubham Bansal
2017-04-06 12:51 ` Daniel Borkmann
2017-05-06 16:48 ` Shubham Bansal
2017-05-06 18:38 ` David Miller
2017-05-06 20:27 ` Shubham Bansal
2017-05-06 22:17 ` Shubham Bansal
2017-05-09 20:12 ` Shubham Bansal
2017-05-09 20:19 ` David Miller
2017-05-09 20:25 ` Daniel Borkmann [this message]
[not found] <CAHgaXdKsO2xoKYp7g91g+n+d_1KHSSByLjzBB-WjVXSjhB7qxw@mail.gmail.com>
[not found] ` <20170510.212952.1440495072777358778.davem@davemloft.net>
[not found] ` <CAHgaXdK8LEEUPm4jTRRzCnjwdWAauHmmB=caZsSFY8MmStH89Q@mail.gmail.com>
[not found] ` <20170510.215218.2185526627014393313.davem@davemloft.net>
[not found] ` <CAHgaXdKZ_v+iO7uqEDx7PA7D+xcp1FngGvJ1SRSsGXNQ-iWWDQ@mail.gmail.com>
2017-05-11 9:32 ` Shubham Bansal
2017-05-11 15:30 ` Kees Cook
2017-05-13 21:38 ` Shubham Bansal
2017-05-15 17:44 ` Kees Cook
2017-05-15 19:55 ` Daniel Borkmann
2017-05-20 20:01 ` Shubham Bansal
2017-05-22 13:01 ` Daniel Borkmann
2017-05-22 17:04 ` Shubham Bansal
2017-05-22 20:05 ` Kees Cook
2017-05-23 2:58 ` Shubham Bansal
2017-05-23 4:27 ` Kees Cook
2017-05-22 18:58 ` Kees Cook
2017-05-22 19:08 ` Florian Fainelli
2017-05-23 3:34 ` Shubham Bansal
2017-05-23 4:22 ` Kees Cook
2017-05-23 5:03 ` Shubham Bansal
2017-05-23 5:35 ` Kees Cook
2017-05-23 18:39 ` Shubham Bansal
2017-05-23 19:32 ` Kees Cook
-- strict thread matches above, loose matches on Subject: below --
2017-01-30 10:16 Shubham Bansal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=591225D7.9090500@iogearbox.net \
--to=daniel@iogearbox$(echo .)net \
--cc=ast@fb$(echo .)com \
--cc=davem@davemloft$(echo .)net \
--cc=illusionist.neo@gmail$(echo .)com \
--cc=keescook@chromium$(echo .)org \
--cc=kernel-hardening@lists$(echo .)openwall.com \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
--cc=mgherzan@gmail$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox