Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp124271imm; Fri, 10 Aug 2018 08:36:20 -0700 (PDT) X-Google-Smtp-Source: AA+uWPx9TwY0O2R1RAoo0g/Lf0hk3YfJgckmN2BaVYLp6QFq24eCM5w4AKPLMIhGOtAgVz7XNxuh X-Received: by 2002:a63:8449:: with SMTP id k70-v6mr7046062pgd.309.1533915380740; Fri, 10 Aug 2018 08:36:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533915380; cv=none; d=google.com; s=arc-20160816; b=N8X7Ei+5JEYnmqlyNCKFnhHaEH1ZbBfcwzcqMfRgo/rj2ftxqfViUOeOe8GWj20XpN xzjAO7tlotcibS9xpEzlK5qR5R6H3S1diVR6tAZokmDxDBwb9Tp7BPtVk4sNI3wWI0H4 UKW0SZvQPAiwczjlbZWgTRDXuViK9KSsrfuY1+c5swHM3aHFuj5XU9/6x5mnxL+i9EBh Q9Ntlkx9ph4cT+LyOxdNy56Mu0uwjZyu8i66+tbFVcX4rP+hERet2rr/NZ/nzrnZB5yf dNuxBldrEVQylhSJWqXZSsjX8phsifCzC5lp6XZVDbRwIUvwKjbcv29h0jRKGKzKPaJP ETug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=3V5NSdVHVXbGq/IdUyuxaVoS/mkkUhwr1zascxapRLo=; b=hmf+Mnb7TdNCUzN1K2x/OaW5Y1o66wkrxlU/zpsD1FHHqK7AfuDcCYvKx7erjNYtnG Yl835KsB+BRgkahp9chZv4Yy7Zzj7+BDTLmo35cuOyoPaRRPWOx4BVXYM4SeUmODV+2R xXZ+lOX0l6jwjhppXyjUdbBw1oxEHgCFMv2Rati8yMUIxzAw7gY127oPOlZOjVjVmOgg FTpxxg0LPiRkdUE/VOgCVsOpyHy8ImKIwQQmF5415vMqvqKU5pckL/O5eSkxbRJtaWZL VlZ57y0hVBYqnGsbz6s++Lg3Kyqusr/nNEC0knzLc91zpW2AulnBDFoCMMzMhDy/k79v +JeA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o3-v6si7753281plk.321.2018.08.10.08.36.05; Fri, 10 Aug 2018 08:36:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728291AbeHJQwV (ORCPT + 99 others); Fri, 10 Aug 2018 12:52:21 -0400 Received: from www62.your-server.de ([213.133.104.62]:39310 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728232AbeHJQwV (ORCPT ); Fri, 10 Aug 2018 12:52:21 -0400 Received: from [78.46.172.2] (helo=sslproxy05.your-server.de) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.85_2) (envelope-from ) id 1fo8Iu-00052G-Eh; Fri, 10 Aug 2018 16:22:12 +0200 Received: from [2a02:120b:c3f4:b8b0:b5ea:3969:d380:aafd] (helo=linux.home) by sslproxy05.your-server.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1fo8Iu-0007yH-9k; Fri, 10 Aug 2018 16:22:12 +0200 Subject: Re: [BUG] bpf: syscall: a possible sleep-in-atomic-context bug in map_update_elem() To: Jia-Ju Bai , ast@kernel.org Cc: netdev@vger.kernel.org, Linux Kernel Mailing List , brouer@redhat.com References: <65830741-bf35-4d32-e365-c32fc17c25cb@gmail.com> From: Daniel Borkmann Message-ID: <97aa2e6b-1863-f123-af2c-24a2e6333ba5@iogearbox.net> Date: Fri, 10 Aug 2018 16:22:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <65830741-bf35-4d32-e365-c32fc17c25cb@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.100.0/24829/Fri Aug 10 10:43:38 2018) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08/10/2018 04:07 PM, Jia-Ju Bai wrote: > The kernel may sleep with holding a rcu read lock. > > The function call paths (from bottom to top) in Linux-4.16 are: > > [FUNC] kmalloc(GFP_KERNEL) > kernel/kthread.c, 283: kmalloc in __kthread_create_on_node > kernel/kthread.c, 365: __kthread_create_on_node in kthread_create_on_node > kernel/bpf/cpumap.c, 368: kthread_create_on_node in __cpu_map_entry_alloc > kernel/bpf/cpumap.c, 490: __cpu_map_entry_alloc in cpu_map_update_elem > kernel/bpf/syscall.c, 724: [FUNC_PTR]cpu_map_update_elem in map_update_elem > kernel/bpf/syscall.c, 723: rcu_read_lock in map_update_elem > > Note that [FUNC_PTR] means a function pointer call is used. > > I do not find a good way to fix it, so I only report. > This is found by my static analysis tool (DSAC). Thanks for the report Jia-Ju! In the map_update_elem() from syscall path there's a check map->map_type == BPF_MAP_TYPE_CPUMAP, where we call the cpumap's map->ops->map_update_elem() while /not/ being under rcu_read_lock() as in other cases, so looks okay to me. Could you point out the case for being under rcu_read_lock() more specifically which the tool found? Thanks, Daniel