The interpreter does not recognize the arena ST/LDX/STX insns.
Thereafter, it would hit the BUG_ON() in ___bpf_prog_run() at run time.
[ 2.579196] BPF interpreter: unknown opcode a2 (imm: 0x0)
[ 2.579998] ------------[ cut here ]------------
[ 2.580652] kernel BUG at kernel/bpf/core.c:2349!
[ 2.581314] Oops: invalid opcode: 0000 [#1] SMP PTI
On the fallback path from JIT in __bpf_prog_select_runtime(), reject
the BPF_PROBE_MEM32/BPF_PROBE_MEM32SX insn to avoid the BUG.
Fixes: 2fe99eb0ccf2 ("bpf: Add x86-64 JIT support for PROBE_MEM32 pseudo
instructions.")
Fixes: a91ae3c89311 ("bpf, x86: Add support for signed arena loads")
Signed-off-by: Leon Hwang <[email protected]>
---
kernel/bpf/core.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index e92eb8b7f945..37b2fac22aa2 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2613,6 +2613,22 @@ static bool bpf_insn_requires_jit(struct bpf_insn *insn)
if (insn_is_cast_user(insn))
return true;
+ switch (BPF_CLASS(insn->code)) {
+ case BPF_ST:
+ case BPF_LDX:
+ case BPF_STX:
+ /* arena ST/LDX/STX insns */
+ if (BPF_MODE(insn->code) == BPF_PROBE_MEM32)
+ return true;
+ if (BPF_MODE(insn->code) == BPF_PROBE_MEM32SX &&
+ BPF_CLASS(insn->code) == BPF_LDX &&
+ BPF_SIZE(insn->code) != BPF_DW)
+ return true;
+ break;
+ default:
+ return false;
+ }
+
return false;
}
--
2.54.0
