[eBPF interpreter] Atomic test lead to a crash

[shahab-vahedi]

While testing the support of eBPF JIT in ARCv2, I noticed that (64-bit) atomic tests, handled by the interpreter, lead to an assert in QEMU (haven't tried this on HSDK recently):

archs-lnx# mount -t debugfs debugfs /sys/kernel/debug
archs-lnx# sysctl net.core.bpf_jit_enable
           net.core.bpf_jit_enable=0
archs-lnx# insmod test_bpf.ko test_id=327

qemu-system-arc: /src/qemu/target/arc/op_helper.c:185:
  helper_llockd: Assertion `(addr & 0x7) == 0' failed.

For a full list of the tests, see the attached patch that disables them.
ebpf_disable_atomic_tests.tar.gz

This has been observed both in kernel 5.x and 6.x. I do not want to bombard this thread with hoard of information. If more details of the environment is needed, I can provide it.

EDIT:
reproduce.tar.gz

[shahab-vahedi]

Running the test on an HSDK board:

hsdk-lnx# sysctl net.core.bpf_jit_enable=1
hsdk-lnx# insmod test_bpf.ko test_suite=test_bpf
          ...
          test_bpf: #368 STX_XADD_W: X + 1 + 1 + 1 + ...
          bpf-jit: can't handle instruction code 0xC3
          jited:0 147067 PASS
          test_bpf: #369 STX_XADD_DW: X + 1 + 1 + 1 + ...
          bpf-jit: can't handle instruction code 0xDB
          jited:0    <--  fall back to interpreter

          Misaligned Access
          Path: /bin/busybox
          CPU: 1 PID: 144 Comm: insmod Not tainted 6.7.0-rc6-00030-g2fa65739b2cb-dirty #13
          Misaligned r/w from 0x806ffd9c
          ECR: 0x000d0000 EFA: 0x806ffd9c ERET: 0x904d66ca
          STAT32: 0x80080002 [IE K     ]   BTA: 0x904d66a0
           SP: 0x806ffd00  FP: 0x00000001 BLK: __bpf_prog_run64+0x3a/0x4c
          LPS: 0x90a2f7cc LPE: 0x90a2f7dc LPC: 0x00000000
          r00: 0x00000001 r01: 0x00000000 r02: 0x806ffd9c
          r03: 0x806ffdc4 r04: 0x00000000 r05: 0x00000000
          r06: 0x00800000 r07: 0xffffffff r08: 0x00000009
          r09: 0xffffffff r10: 0x6c646e61 r11: 0x6e692065
          r12: 0x00000000 r13: 0x90402568 r14: 0xffffffff
          r15: 0x5fb33b04 r16: 0x00000000 r17: 0x00000002
          r18: 0x00000000 r19: 0x00000000 r20: 0x00000000
          r21: 0x00000000 r22: 0x00000000 r23: 0x00000000
          r24: 0x00000000 r25: 0x00000000

          Stack Trace:
            ___bpf_prog_run+0x1cee/0x214c
            __bpf_prog_run64+0x3a/0x4c
            __run_one+0xe8/0x13b8 [test_bpf]
            test_bpf_init+0x746/0xd44 [test_bpf]
            do_one_initcall+0x3c/0x184
            do_init_module+0x42/0x188
            init_module_from_file+0x4c/0x6c
            sys_finit_module+0xf2/0x21c
            EV_Trap+0xcc/0xd0

In this snippet, the test of interest is STX_XADD_DW.