> On Oct 24, 2023, at 2:30 PM, Jiri Olsa <olsajiri@xxxxxxxxx> wrote:
>
> On Tue, Oct 24, 2023 at 09:08:32PM +0000, Song Liu wrote:
>
> SNIP
>
>>>> @@ -349,7 +349,7 @@ static void bpf_tramp_image_put(struct bpf_tramp_image *im)
>>>> call_rcu_tasks_trace(&im->rcu, __bpf_tramp_image_put_rcu_tasks);
>>>> }
>>>>
>>>> -static struct bpf_tramp_image *bpf_tramp_image_alloc(u64 key)
>>>> +static struct bpf_tramp_image *bpf_tramp_image_alloc(u64 key, int size)
>>>> {
>>>> struct bpf_tramp_image *im;
>>>> struct bpf_ksym *ksym;
>>>> @@ -360,12 +360,13 @@ static struct bpf_tramp_image *bpf_tramp_image_alloc(u64 key)
>>>> if (!im)
>>>> goto out;
>>>>
>>>> - err = bpf_jit_charge_modmem(PAGE_SIZE);
>>>> + err = bpf_jit_charge_modmem(size);
>>>> if (err)
>>>> goto out_free_im;
>>>> + im->size = size;
>>>>
>>>> err = -ENOMEM;
>>>> - im->image = image = arch_alloc_bpf_trampoline(PAGE_SIZE);
>>>> + im->image = image = arch_alloc_bpf_trampoline(size);
>>>> if (!image)
>>>> goto out_uncharge;
>>>>
>>>
>>> hi,
>>> there's call in here to add the image symbol
>>>
>>> bpf_image_ksym_add(image, ksym);
>>>
>>> which sets:
>>>
>>> ksym->end = ksym->start + PAGE_SIZE;
>>>
>>> we should set it to 'ksym->start + size' now
>>
>> Great catch! Fixing this in v5.
>>
>>>
>>> and I think that can probably screw up the bpf_prog_ksym_find
>>> and it might be the reason why I'm getting now the crash below
>>
>> How easy is it to trigger the crash?
>
> I hit that by running whole test_progs easily.. I'm assuming it's the
> exceptions test case, but I could not trigger it just with '-t exceptions'
>
> attaching the .config
I can reproduce it with:
./test_progs -j -t except,fentry,fexit,tcp
and fixing ksym fixes it.
I will send v5 with the fix.
Thanks,
Song
