github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
8e770d996e
linux/kernel
History
Martin KaFai Lau ae26a7109c bpf: Fix syscall's stackmap lookup potential deadlock 
[ Upstream commit 7c4cd051ad ]

The map_lookup_elem used to not acquiring spinlock
in order to optimize the reader.

It was true until commit 557c0c6e7d ("bpf: convert stackmap to pre-allocation")
The syscall's map_lookup_elem(stackmap) calls bpf_stackmap_copy().
bpf_stackmap_copy() may find the elem no longer needed after the copy is done.
If that is the case, pcpu_freelist_push() saves this elem for reuse later.
This push requires a spinlock.

If a tracing bpf_prog got run in the middle of the syscall's
map_lookup_elem(stackmap) and this tracing bpf_prog is calling
bpf_get_stackid(stackmap) which also requires the same pcpu_freelist's
spinlock, it may end up with a dead lock situation as reported by
Eric Dumazet in https://patchwork.ozlabs.org/patch/1030266/

The situation is the same as the syscall's map_update_elem() which
needs to acquire the pcpu_freelist's spinlock and could race
with tracing bpf_prog.  Hence, this patch fixes it by protecting
bpf_stackmap_copy() with this_cpu_inc(bpf_prog_active)
to prevent tracing bpf_prog from running.

A later syscall's map_lookup_elem commit f1a2e44a3a ("bpf: add queue and stack maps")
also acquires a spinlock and races with tracing bpf_prog similarly.
Hence, this patch is forward looking and protects the majority
of the map lookups.  bpf_map_offload_lookup_elem() is the exception
since it is for network bpf_prog only (i.e. never called by tracing
bpf_prog).

Fixes: 557c0c6e7d ("bpf: convert stackmap to pre-allocation")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-03-13 14:02:36 -07:00
..
bpf bpf: Fix syscall's stackmap lookup potential deadlock 2019-03-13 14:02:36 -07:00
cgroup cgroup: fix parsing empty mount option string 2019-02-12 19:47:17 +01:00
configs
debug kdb: Don't back trace on a cpu that didn't round up 2019-02-12 19:47:19 +01:00
dma
events perf core: Fix perf_proc_update_handler() bug 2019-03-13 14:02:26 -07:00
gcov
irq genirq: Make sure the initial affinity is not empty 2019-03-05 17:58:47 +01:00
livepatch
locking locking/rwsem: Fix (possible) missed wakeup 2019-03-05 17:58:49 +01:00
power
printk
rcu
sched sched/wake_q: Fix wakeup ordering for wake_q 2019-03-05 17:58:49 +01:00
time timekeeping: Use proper seqcount initializer 2019-02-12 19:47:05 +01:00
trace bpf: fix potential deadlock in bpf_prog_register 2019-03-13 14:02:36 -07:00
.gitignore
acct.c
async.c
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit.c
audit.h
auditfilter.c
auditsc.c
backtracetest.c
bounds.c
capability.c
compat.c
configs.c
context_tracking.c
cpu_pm.c
cpu.c cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM 2019-02-12 19:47:25 +01:00
crash_core.c
crash_dump.c
cred.c
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c sched/wait: Fix rcuwait_wake_up() ordering 2019-03-05 17:58:49 +01:00
extable.c
fail_function.c
fork.c
freezer.c
futex_compat.c
futex.c futex: Fix (possible) missed wakeup 2019-03-05 17:58:49 +01:00
groups.c
hung_task.c kernel/hung_task.c: force console verbose before panic 2019-02-12 19:47:19 +01:00
iomem.c
irq_work.c
jump_label.c
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c kernel/kcov.c: mark write_comp_data() as notrace 2019-02-12 19:47:20 +01:00
kexec_core.c
kexec_file.c
kexec_internal.h
kexec.c
kmod.c
kprobes.c
ksysfs.c
kthread.c
latencytop.c
Makefile
memremap.c
module_signing.c
module-internal.h
module.c kobject: return error code if writing /sys/.../uevent fails 2019-02-12 19:47:06 +01:00
notifier.c
nsproxy.c
padata.c
panic.c
params.c
pid_namespace.c
pid.c
profile.c
ptrace.c
range.c
reboot.c
relay.c relay: check return of create_buf_file() properly 2019-03-13 14:02:35 -07:00
resource.c
rseq.c
seccomp.c
signal.c signal: Restore the stop PTRACE_EVENT_EXIT 2019-02-20 10:25:48 +01:00
smp.c cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM 2019-02-12 19:47:25 +01:00
smpboot.c
smpboot.h
softirq.c
stacktrace.c
stop_machine.c
sys_ni.c
sys.c
sysctl_binary.c
sysctl.c proc/sysctl: fix return error for proc_doulongvec_minmax() 2019-02-12 19:47:19 +01:00
task_work.c
taskstats.c
test_kprobes.c
torture.c
tracepoint.c
tsacct.c
ucount.c
uid16.c
uid16.h
umh.c
up.c
user_namespace.c
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
watchdog_hld.c
watchdog.c
workqueue_internal.h
workqueue.c