BUG: Ksnoop tool failed to pass the BPF verifier with recent kernel changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, BPF community,


I would like to report a possible bug in bpf-next,
hope I don't make any stupid mistake. Here is the details:

I have two VMs:

One has the kernel built against the following commit:

0693b27644f04852e46f7f034e3143992b658869 (bpf-next)

The ksnoop tool (from BCC repo) works well on this VM.


Another has the kernel built against the following commit:

5319255b8df9271474bc9027cabf82253934f28d (bpf-next)

On this VM, the ksnoop tool failed with the following message:


libbpf: load bpf program failed: Permission denied

libbpf: -- BEGIN DUMP LOG ---

libbpf: 

R1 type=ctx expected=fp

; return ksnoop(ctx, false);

0: (b7) r2 = 0

1: (85) call pc+2

caller:

 R10=fp0

callee:

 frame1: R1=ctx(id=0,off=0,imm=0) R2_w=invP0 R10=fp0

; static int ksnoop(struct pt_regs *ctx, bool entry)

4: (7b) *(u64 *)(r10 -168) = r2

5: (bf) r9 = r1

; task = bpf_get_current_task();

6: (85) call bpf_get_current_task#35

; task = bpf_get_current_task();

7: (7b) *(u64 *)(r10 -16) = r0

8: (bf) r2 = r10

; 

9: (07) r2 += -16

; func_stack = bpf_map_lookup_elem(&ksnoop_func_stack, &task);

10: (18) r1 = 0xffff8c70353f3c00

12: (85) call bpf_map_lookup_elem#1

13: (bf) r7 = r0

; if (!func_stack) {

14: (55) if r7 != 0x0 goto pc+35

 frame1: R0=invP0 R7_w=invP0 R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-168=00000000

15: (b7) r1 = 0

; struct func_stack new_stack = {};

16: (7b) *(u64 *)(r10 -24) = r1

17: (7b) *(u64 *)(r10 -32) = r1

18: (7b) *(u64 *)(r10 -40) = r1

19: (7b) *(u64 *)(r10 -48) = r1

20: (7b) *(u64 *)(r10 -56) = r1

21: (7b) *(u64 *)(r10 -64) = r1

22: (7b) *(u64 *)(r10 -72) = r1

23: (7b) *(u64 *)(r10 -80) = r1

24: (7b) *(u64 *)(r10 -88) = r1

25: (7b) *(u64 *)(r10 -96) = r1

26: (7b) *(u64 *)(r10 -104) = r1

27: (7b) *(u64 *)(r10 -112) = r1

28: (7b) *(u64 *)(r10 -120) = r1

29: (7b) *(u64 *)(r10 -128) = r1

30: (7b) *(u64 *)(r10 -136) = r1

31: (7b) *(u64 *)(r10 -144) = r1

32: (7b) *(u64 *)(r10 -152) = r1

; new_stack.task = task;

33: (79) r1 = *(u64 *)(r10 -16)

; new_stack.task = task;

34: (7b) *(u64 *)(r10 -160) = r1

35: (bf) r7 = r10

; struct func_stack new_stack = {};

36: (07) r7 += -16

37: (bf) r3 = r10

38: (07) r3 += -160

; bpf_map_update_elem(&ksnoop_func_stack, &task, &new_stack,

39: (18) r1 = 0xffff8c70353f3c00

41: (bf) r2 = r7

42: (b7) r4 = 1

43: (85) call bpf_map_update_elem#2

; func_stack = bpf_map_lookup_elem(&ksnoop_func_stack, &task);

44: (18) r1 = 0xffff8c70353f3c00

46: (bf) r2 = r7

47: (85) call bpf_map_lookup_elem#1

48: (bf) r7 = r0

49: (15) if r7 == 0x0 goto pc+483

 frame1: R0_w=map_value(id=0,off=0,ks=8,vs=144,imm=0) R7_w=map_value(id=0,off=0,ks=8,vs=144,imm=0) R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=00000000

; stack_depth = func_stack->stack_depth;

50: (71) r6 = *(u8 *)(r7 +136)

 frame1: R0_w=map_value(id=0,off=0,ks=8,vs=144,imm=0) R7_w=map_value(id=0,off=0,ks=8,vs=144,imm=0) R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=00000000

; if (stack_depth > FUNC_MAX_STACK_DEPTH)

51: (25) if r6 > 0x10 goto pc+481

 frame1: R0_w=map_value(id=0,off=0,ks=8,vs=144,imm=0) R6_w=invP(id=0,umax_value=16,var_off=(0x0; 0xff),s32_max_value=255,u32_max_value=255) R7_w=map_value(id=0,off=0,ks=8,vs=144,imm=0) R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=00000000

; if (entry) {

52: (79) r1 = *(u64 *)(r10 -168)

53: (15) if r1 == 0x0 goto pc+74

; if (stack_depth == 0 || stack_depth >= FUNC_MAX_STACK_DEPTH)

128: (15) if r6 == 0x0 goto pc+404

 frame1: R0=map_value(id=0,off=0,ks=8,vs=144,imm=0) R1=invP0 R6=invP(id=0,umax_value=16,var_off=(0x0; 0x1f)) R7=map_value(id=0,off=0,ks=8,vs=144,imm=0) R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=00000000

129: (25) if r6 > 0xf goto pc+403

 frame1: R0=map_value(id=0,off=0,ks=8,vs=144,imm=0) R1=invP0 R6=invP(id=0,umax_value=15,var_off=(0x0; 0x1f),s32_max_value=16,u32_max_value=16) R7=map_value(id=0,off=0,ks=8,vs=144,imm=0) R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=00000000

130: (b7) r1 = 0

; if (stack_depth > 0)

131: (15) if r6 == 0x0 goto pc+2

 frame1: R0=map_value(id=0,off=0,ks=8,vs=144,imm=0) R1_w=invP0 R6=invP(id=0,umax_value=15,var_off=(0x0; 0xf)) R7=map_value(id=0,off=0,ks=8,vs=144,imm=0) R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=00000000

132: (bf) r1 = r6

133: (07) r1 += -1

; ip = func_stack->ips[stack_depth];

134: (bf) r2 = r1

135: (57) r2 &= 255

136: (67) r2 <<= 3

; last_ip = func_stack->ips[last_stack_depth];

137: (bf) r3 = r7

138: (07) r3 += 8

; ip = func_stack->ips[stack_depth];

139: (bf) r4 = r3

140: (0f) r4 += r2

; last_ip = func_stack->ips[last_stack_depth];

141: (67) r6 <<= 3

142: (0f) r3 += r6

; ip = func_stack->ips[stack_depth];

143: (79) r2 = *(u64 *)(r4 +0)

 frame1: R0=map_value(id=0,off=0,ks=8,vs=144,imm=0) R1_w=invP(id=4,smin_value=-1,smax_value=14) R2_w=invP(id=0,umax_value=2040,var_off=(0x0; 0x7f8)) R3_w=map_value(id=0,off=8,ks=8,vs=144,umax_value=120,var_off=(0x0; 0x78)) R4_w=map_value(id=0,off=8,ks=8,vs=144,umax_value=2040,var_off=(0x0; 0x7f8)) R6_w=invP(id=0,umax_value=120,var_off=(0x0; 0x78)) R7=map_value(id=0,off=0,ks=8,vs=144,imm=0) R9=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=00000000

invalid access to map value, value_size=144 off=2048 size=8

R4 max value is outside of the allowed memory range

processed 65 insns (limit 1000000) max_states_per_insn 0 total_states 3 peak_states 3 mark_read 2



libbpf: -- END LOG --

libbpf: failed to load program 'kprobe_return'

libbpf: failed to load object 'ksnoop_bpf'

libbpf: failed to load BPF skeleton 'ksnoop_bpf': -4007

Error: Could not load ksnoop BPF: Unknown error 4007
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux