From: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Thu, 31 Oct 2019 20:34:44 -0700
> We have seen many crashes on powerpc hosts while loading bpf programs.
>
> The problem here is that bpf_int_jit_compile() does a first pass
> to compute the program length.
>
> Then it allocates memory to store the generated program and
> calls bpf_jit_build_body() a second time (and a third time
> later)
>
> What I have observed is that the second bpf_jit_build_body()
> could end up using few more words than expected.
>
> If bpf_jit_binary_alloc() put the space for the program
> at the end of the allocated page, we then write on
> a non mapped memory.
>
> It appears that bpf_jit_emit_tail_call() calls
> bpf_jit_emit_common_epilogue() while ctx->seen might not
> be stable.
>
> Only after the second pass we can be sure ctx->seen wont be changed.
>
> Trying to avoid a second pass seems quite complex and probably
> not worth it.
>
> Fixes: ce0761419faef ("powerpc/bpf: Implement support for tail calls")
> Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
I am anticipating this will go via the bpf tree.
