Patchwork bpf_jit_compile issues on x86_64

login
register
mail settings
Submitter Eric Dumazet
Date Jan. 18, 2012, 6:17 a.m.
Message ID <1326867428.2606.39.camel@edumazet-laptop>
Download mbox | patch
Permalink /patch/136555/
State RFC
Delegated to: David Miller
Headers show

Comments

Eric Dumazet - Jan. 18, 2012, 6:17 a.m.
Le mardi 17 janvier 2012 à 18:27 -0800, Phil Oester a écrit :
> On a 3.1.8 kernel, I've had a few snort boxes panic when using the new bpf_jit
> code.  Setting bpf_jit_enable back to 0 solves the problem.  Below is the
> warning, followed by the panic.  I've checked the current Linus tree, but
> other than a03ffcf8 (which exists in 3.1.8) I don't see anything new in this
> area.  Any ideas?  Eric?
> 

Hi Phil, thanks for the report !

Any chance you could send me the bpf filter that was loaded at this
time ?

Please try the following patch :



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Dumazet - Jan. 18, 2012, 7:30 a.m.
Le mercredi 18 janvier 2012 à 07:17 +0100, Eric Dumazet a écrit :
> Le mardi 17 janvier 2012 à 18:27 -0800, Phil Oester a écrit :
> > On a 3.1.8 kernel, I've had a few snort boxes panic when using the new bpf_jit
> > code.  Setting bpf_jit_enable back to 0 solves the problem.  Below is the
> > warning, followed by the panic.  I've checked the current Linus tree, but
> > other than a03ffcf8 (which exists in 3.1.8) I don't see anything new in this
> > area.  Any ideas?  Eric?
> > 
> 
> Hi Phil, thanks for the report !
> 
> Any chance you could send me the bpf filter that was loaded at this
> time ?
> 

Hmm, I found the bug, I'll send a cumulative patch in following hours.

Thanks again


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 7b65f75..a7e6baa 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -584,6 +584,7 @@  cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
 			ilen = prog - temp;
 			if (image) {
 				if (unlikely(proglen + ilen > oldproglen)) {
+bpf_fatal_error:
 					pr_err("bpb_jit_compile fatal error\n");
 					kfree(addrs);
 					module_free(NULL, image);
@@ -605,7 +606,10 @@  cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
 			cleanup_addr -= 4; /* mov  -8(%rbp),%rbx */
 
 		if (image) {
-			WARN_ON(proglen != oldproglen);
+			if (proglen != oldproglen) {
+				pr_err("proglen=%u != oldproglen=%u\n", proglen, oldproglen);
+				goto bpf_fatal_error;
+			}
 			break;
 		}
 		if (proglen == oldproglen) {