Re: Curious bpf regression in 5.18 already fixed in stable 5.18.3

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: sdf@google•com
To: "Maciej Żenczykowski" <maze@google•com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail•com>,
	Linux NetDev <netdev@vger•kernel.org>,
	BPF Mailing List <bpf@vger•kernel.org>,
	Alexei Starovoitov <ast@kernel•org>,
	Martin KaFai Lau <kafai@fb•com>, Sasha Levin <sashal@kernel•org>,
	Carlos Llamas <cmllamas@google•com>,
	zhuyifei@google•com
Subject: Re: Curious bpf regression in 5.18 already fixed in stable 5.18.3
Date: Wed, 15 Jun 2022 13:32:59 -0700	[thread overview]
Message-ID: <YqpB+7pDwyOk20Cp@google.com> (raw)
In-Reply-To: <YqpAYcvM9DakTjWL@google.com>

On 06/15, Stanislav Fomichev wrote:
> On 06/15, sdf@google•com wrote:
> > On 06/15, Maciej Żenczykowski wrote:
> > > On Wed, Jun 15, 2022 at 10:38 AM Alexei Starovoitov
> > > <alexei.starovoitov@gmail•com> wrote:
> > > >
> > > > On Wed, Jun 15, 2022 at 9:57 AM Maciej Żenczykowski  
> <maze@google•com>
> > > wrote:
> > > > > >
> > > > > > I've confirmed vanilla 5.18.0 is broken, and all it takes is
> > > > > > cherrypicking that specific stable 5.18.x patch [
> > > > > > 710a8989b4b4067903f5b61314eda491667b6ab3 ] to fix behaviour.
> > > > ...
> > > > > b8bd3ee1971d1edbc53cf322c149ca0227472e56 this is where we added
> > > EFAULT in 5.16
> > > >
> > > > There are no such sha-s in the upstream kernel.
> > > > Sorry we cannot help with debugging of android kernels.
> >
> > > Yes, sdf@ quoted the wrong sha1, it's a clean cherrypick to an
> > > internal branch of
> > > 'bpf: Add cgroup helpers bpf_{get,set}_retval to get/set syscall  
> return
> > > value'
> > > commit b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93.
> >
> > >  
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.16.y&id=b44123b4a3dcad4664d3a0f72c011ffd4c9c4d93
> >
> > > Anyway, I think it's unrelated - or at least not the immediate root  
> cause.
> >
> > > Also there's *no* Android kernels involved here.
> > > This is the android net tests failing on vanilla 5.18 and passing on
> > > 5.18.3.
> >
> > Yeah, sorry, didn't mean to send those outside :-)
> >
> > Attached un-android-ified testcase. Passes on bpf-next, trying to see
> > what happens on vanilla 5.18. Will update once I get more data..

> I've bisected the original issue to:

> b44123b4a3dc ("bpf: Add cgroup helpers bpf_{get,set}_retval to get/set
> syscall return value")

> And I believe it's these two lines from the original patch:

>   #define BPF_PROG_CGROUP_INET_EGRESS_RUN_ARRAY(array, ctx, func)		\
>   	({						\
> @@ -1398,10 +1398,12 @@ out:
>   		u32 _ret;				\
>   		_ret = BPF_PROG_RUN_ARRAY_CG_FLAGS(array, ctx, func, 0, &_flags); \
>   		_cn = _flags & BPF_RET_SET_CN;		\
> +		if (_ret && !IS_ERR_VALUE((long)_ret))	\
> +			_ret = -EFAULT;	

> _ret is u32 and ret gets -1 (ffffffff). IS_ERR_VALUE((long)ffffffff)  
> returns
> false in this case because it doesn't sign-expand the argument and  
> internally
> does ffff_ffff >= ffff_ffff_ffff_f001 comparison.

> I'll try to see what I've changed in my unrelated patch to fix it. But I  
> think
> we should audit all these IS_ERR_VALUE((long)_ret) regardless; they don't
> seem to work the way we want them to...

Ok, and my patch fixes it because I'm replacing 'u32 _ret' with 'int ret'.

So, basically, with u32 _ret we have to do IS_ERR_VALUE((long)(int)_ret).

Sigh..

next prev parent reply	other threads:[~2022-06-15 20:33 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-15 16:45 Curious bpf regression in 5.18 already fixed in stable 5.18.3 Maciej Żenczykowski
2022-06-15 16:57 ` Maciej Żenczykowski
2022-06-15 17:37   ` Alexei Starovoitov
2022-06-15 17:46     ` Maciej Żenczykowski
2022-06-15 17:55       ` sdf
2022-06-15 20:26         ` sdf
2022-06-15 20:32           ` sdf [this message]
2022-06-15 20:39             ` sdf
2022-06-16  1:36               ` Maciej Żenczykowski
2022-06-16 15:57                 ` Stanislav Fomichev
2022-06-16 16:41                   ` Maciej Żenczykowski
2022-06-16 17:39                     ` Stanislav Fomichev
2022-06-16 21:21                     ` YiFei Zhu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YqpB+7pDwyOk20Cp@google.com \
    --to=sdf@google$(echo .)com \
    --cc=alexei.starovoitov@gmail$(echo .)com \
    --cc=ast@kernel$(echo .)org \
    --cc=bpf@vger$(echo .)kernel.org \
    --cc=cmllamas@google$(echo .)com \
    --cc=kafai@fb$(echo .)com \
    --cc=maze@google$(echo .)com \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=sashal@kernel$(echo .)org \
    --cc=zhuyifei@google$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox