| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251210054329.GA691118@chenghao-pc>
Date: Wed, 10 Dec 2025 13:43:29 +0800
From: Chenghao Duan <duanchenghao@...inos.cn>
To: Hengqi Chen <hengqi.chen@...il.com>
Cc: yangtiezhu@...ngson.cn, chenhuacai@...nel.org, kernel@...0n.name,
zhangtianyang@...ngson.cn, masahiroy@...nel.org,
linux-kernel@...r.kernel.org, loongarch@...ts.linux.dev,
bpf@...r.kernel.org, guodongtai@...inos.cn, youling.tang@...ux.dev,
jianghaoran@...inos.cn, vincent.mc.li@...il.com
Subject: Re: [PATCH v1 2/2] LoongArch: Enable BPF exception fixup for
specific ADE subcode
On Wed, Dec 10, 2025 at 01:20:12PM +0800, Hengqi Chen wrote:
> On Tue, Dec 9, 2025 at 5:34 PM Chenghao Duan <duanchenghao@...inos.cn> wrote:
> >
> > This patch allows the LoongArch BPF JIT to handle recoverable memory
> > access errors generated by BPF_PROBE_MEM* instructions.
> >
> > When a BPF program performs memory access operations, the instructions
> > it executes may trigger ADEM exceptions. The kernel’s built-in BPF
> > exception table mechanism (EX_TYPE_BPF) will generate corresponding
> > exception fixup entries in the JIT compilation phase; however, the
> > architecture-specific trap handling function needs to proactively call
> > the common fixup routine to achieve exception recovery.
> >
> > do_ade(): fix EX_TYPE_BPF memory access exceptions for BPF programs,
> > ensure safe execution.
> >
>
> Which bpf prog triggers this code path ? Why didn't we trigger it before ?
module_attach and subprogs_extable trigger ADE exception via illegal address
access in BPF programs, leading to kernel panic without this patch.
>
> > Signed-off-by: Chenghao Duan <duanchenghao@...inos.cn>
> > ---
> > arch/loongarch/kernel/traps.c | 7 ++++++-
> > 1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/loongarch/kernel/traps.c b/arch/loongarch/kernel/traps.c
> > index da5926fead4a..9ca8aacc82b8 100644
> > --- a/arch/loongarch/kernel/traps.c
> > +++ b/arch/loongarch/kernel/traps.c
> > @@ -534,8 +534,13 @@ asmlinkage void noinstr do_fpe(struct pt_regs *regs, unsigned long fcsr)
> >
> > asmlinkage void noinstr do_ade(struct pt_regs *regs)
> > {
> > - irqentry_state_t state = irqentry_enter(regs);
> > + irqentry_state_t state;
> > + unsigned int esubcode = FIELD_GET(CSR_ESTAT_ESUBCODE, regs->csr_estat);
> > +
> > + if ((esubcode == 1) && fixup_exception(regs))
> > + return;
> >
> > + state = irqentry_enter(regs);
> > die_if_kernel("Kernel ade access", regs);
> > force_sig_fault(SIGBUS, BUS_ADRERR, (void __user *)regs->csr_badvaddr);
> >
> > --
> > 2.25.1
> >
Powered by blists - more mailing lists