← Back to team overview

canonical-ubuntu-qa team mailing list archive

[Bug 1881263] Re: bpf_get_stack from test_verifier in ubuntu_bpf failed on Bionic 5.0

 

5.0 EOL

** Changed in: linux (Ubuntu)
       Status: Incomplete => Invalid

** Changed in: ubuntu-kernel-tests
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/1881263

Title:
  bpf_get_stack from test_verifier in ubuntu_bpf failed on Bionic 5.0

Status in ubuntu-kernel-tests:
  Won't Fix
Status in linux package in Ubuntu:
  Invalid

Bug description:
  Issue found on 5.0.0-49.53~18.04.1-generic in proposed, but passed
  with 5.0.0-48.52~18.04.1-generic

   #724/p bpf_get_stack return R0 within range FAIL
   Failed to load prog 'Success'!
   0: (bf) r6 = r1
   1: (7a) *(u64 *)(r10 -8) = 0
   2: (bf) r2 = r10
   3: (07) r2 += -8
   4: (18) r1 = 0xffffa0ca73b8d400
   6: (85) call bpf_map_lookup_elem#1
   7: (15) if r0 == 0x0 goto pc+28
   R0=map_value(id=0,off=0,ks=8,vs=48,imm=0) R6=ctx(id=0,off=0,imm=0) R10=fp0,call_-1 fp-8=mmmmmmmm
   8: (bf) r7 = r0
   9: (b7) r9 = 48
   10: (bf) r1 = r6
   11: (bf) r2 = r7
   12: (b7) r3 = 48
   13: (b7) r4 = 256
   14: (85) call bpf_get_stack#67
   R0=map_value(id=0,off=0,ks=8,vs=48,imm=0) R1_w=ctx(id=0,off=0,imm=0) R2_w=map_value(id=0,off=0,ks=8,vs=48,imm=0) R3_w=inv48 R4_w=inv256 R6=ctx(id=0,off=0,imm=0) R7_w=map_value(id=0,off=0,ks=8,vs=48,imm=0) R9_w=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
   15: (b7) r1 = 0
   16: (bf) r8 = r0
   17: (67) r8 <<= 32
   18: (c7) r8 s>>= 32
   19: (cd) if r1 s< r8 goto pc+16
   R0=inv(id=0,umax_value=48,var_off=(0x0; 0x3f)) R1=inv0 R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv0 R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
   20: (1f) r9 -= r8
   21: (bf) r2 = r7
   22: (0f) r2 += r8
   23: (bf) r1 = r9
   24: (67) r1 <<= 32
   25: (c7) r1 s>>= 32
   26: (bf) r3 = r2
   27: (0f) r3 += r1
   28: (bf) r1 = r7
   29: (b7) r5 = 48
   30: (0f) r1 += r5
   31: (3d) if r3 >= r1 goto pc+4
   R0=inv(id=0,umax_value=48,var_off=(0x0; 0x3f)) R1=map_value(id=0,off=48,ks=8,vs=48,imm=0) R2=map_value(id=0,off=0,ks=8,vs=48,imm=0) R3=map_value(id=0,off=48,ks=8,vs=48,imm=0) R5=inv48 R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv0 R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
   32: (bf) r1 = r6
   33: (bf) r3 = r9
   34: (b7) r4 = 0
   35: (85) call bpf_get_stack#67
   R0=inv(id=0,umax_value=48,var_off=(0x0; 0x3f)) R1_w=ctx(id=0,off=0,imm=0) R2=map_value(id=0,off=0,ks=8,vs=48,imm=0) R3_w=inv48 R4_w=inv0 R5=inv48 R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv0 R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
   36: (95) exit

   from 35 to 36: R0=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv0 R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
   36: (95) exit

   from 31 to 36: safe

   from 19 to 36: safe

   from 14 to 15: R0=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
   15: (b7) r1 = 0
   16: (bf) r8 = r0
   17: (67) r8 <<= 32
   18: (c7) r8 s>>= 32
   19: (cd) if r1 s< r8 goto pc+16
   R0=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) R1=inv0 R6=ctx(id=0,off=0,imm=0) R7=map_value(id=0,off=0,ks=8,vs=48,imm=0) R8=inv(id=0,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) R9=inv48 R10=fp0,call_-1 fp-8=mmmmmmmm
   20: (1f) r9 -= r8
   21: (bf) r2 = r7
   22: (0f) r2 += r8
   value -2147483648 makes map_value pointer be out of bounds

  With 5.0.0-48.52~18.04.1-generic the test will pass:
      #724/p bpf_get_stack return R0 within range OK

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1881263/+subscriptions