Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp2375660ioo; Mon, 23 May 2022 17:30:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwao1EiaGzozoPEBZQ+OuM7X8+LxWzng5Ph6zen30jmcQxA2Edp3YjW+8gS2s0SE653dZIE X-Received: by 2002:a17:907:7f19:b0:6fe:ce26:8f0d with SMTP id qf25-20020a1709077f1900b006fece268f0dmr8279475ejc.27.1653352247430; Mon, 23 May 2022 17:30:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653352247; cv=none; d=google.com; s=arc-20160816; b=DLfUx8eBBpDEAcGbnqUsguBohlJnzdoKBKBsDiUpT7oGOcgqt+PlJjUM5suWFfvbQu eahPUvygjqZYfXWJEjPN4felyua+QX86x3/vUoQ7O1ZrFeGdkR/3QoxBiSqxx9o2tCBM 5NEA3q3l3UXK/mBqZyj+Qj8JV2akN+z6NygrYIApWDe/NQtolWALqoqF9o8abOF/XVZS yXbWZdyE4b56B0+KIX1ZIbfwA6wiU+vwgHVF9Eift1c+MbIij24ZIPwUJApHNf5F9CvY bNyzaHvnN05NsP3QtEHpwM5AavZoFNrApAbQ/WbmTA8ryReGr69iN8q9XD9QY03lmqgp h9Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=wHq+sg+OE/u6XNRtcECxJ1AD+aYhdnsIcvM4tS+oY0A=; b=jeXYcOoUohG8FwwdmAA3kPjOEuCT6LfjCId6lJWbt3pcB233bh0zb1BPb0w04aTTga aL4D87xVwcp+qpS+3JpnYfK3fkFCZobuVordJvU+f2Tm9aIVDKJMjk0ilNqqe9SwrKfg I/0nkad3Q6cWz6HZ341TDl4z57qSDU/3opPnXOa0v/JWcpaendR1ldVRfYAUobhtneJ8 Y4Fm47WBpd4RBrdFKUc/o3HlhtwnLHnGpAMKgm4ta4g7ueWOy6DMcn+kO5+1IAw/DqGQ 3zgIvze7SPvocRuJ5fRaH3GesuyZ3DB6euxE/4F9hBNRr9PFwGuPDpO12KRebGX73vzh hOkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HH9lC4Sq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z19-20020a50e693000000b0042ab173ec9bsi16552358edm.508.2022.05.23.17.30.21; Mon, 23 May 2022 17:30:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HH9lC4Sq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231609AbiEWW6h (ORCPT + 99 others); Mon, 23 May 2022 18:58:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43938 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230137AbiEWW6f (ORCPT ); Mon, 23 May 2022 18:58:35 -0400 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9633AE277 for ; Mon, 23 May 2022 15:58:33 -0700 (PDT) Received: by mail-pj1-x102c.google.com with SMTP id z11so5445148pjc.3 for ; Mon, 23 May 2022 15:58:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=wHq+sg+OE/u6XNRtcECxJ1AD+aYhdnsIcvM4tS+oY0A=; b=HH9lC4SqxtFMayytf5nJNoi4ila54ZKzSRCTL24yAn7OFNVoa6phG8fDQ9eVmPE+J9 sSjSrb5luDqAww9yG6enkpIHjWsORVNOeKWYESsgej5xUMMVlaOtQ42w1QpX6SZgB76+ f48i1aiWOGhAg8hUEB+nnSa9lOIyEHgolz5wZ/hVIDAQD1h8ZLzSQlXXZPSbonXx5pel Uy1kP8o6c79hPwhcGwNT+TL2po3DHtqzRUk9nEbqh5r5wWA6Dp/m+4POSgOSxtkAVb48 SiXaQTFWfJDrSx8wqzELL0y+fb8gQU/uAP6mW5B3Adeo/usrxgXQXeb2j0uJxO/adZb/ 54nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=wHq+sg+OE/u6XNRtcECxJ1AD+aYhdnsIcvM4tS+oY0A=; b=0ua2udwbmlZZvQwIuHkC4OAwLHePCOE7MArEqNhkS0YHoI4aCteKBIsWUIlUdAbBum INLwF7MoGq/Pt5tuhcrYCusRQGMAfnny8rpo90tiY07/cMrQT/Ugyui6h9gLr2QAG++H z1saOmOR5Vdrg4XvRVCdxS5lLpj11NsExUEAKsvB17WK/3qa4sLazd1yN8sPQPNG3Mpq eNsR6UnJPP+7MMdkzLELqfoPC04ogj0AKhXle0psrD9ZWEVONhgStTx2+eQb53CShVo4 Pjw/FgPTDeQSM/zX+ibcVEbSR+q6oCnBAvW3kIti9reKyfdTKpfwqOGAQm4XxaX05Hso ulTA== X-Gm-Message-State: AOAM532BORrceSwoNUH1VvVK3nLH/aCYKC/wOWZ95UdDD7/0L5Ov8QpV jBSrR8U9mDwwNnK5N6Fvork4mA== X-Received: by 2002:a17:90a:e612:b0:1df:4e85:1ad2 with SMTP id j18-20020a17090ae61200b001df4e851ad2mr1321861pjy.242.1653346713120; Mon, 23 May 2022 15:58:33 -0700 (PDT) Received: from [192.168.254.17] ([50.39.160.154]) by smtp.gmail.com with ESMTPSA id jh5-20020a170903328500b00161527e1d9fsm5645340plb.294.2022.05.23.15.58.31 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 May 2022 15:58:32 -0700 (PDT) Message-ID: Date: Mon, 23 May 2022 15:58:31 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0 Subject: Re: [PATCH v4] bpf: Fix KASAN use-after-free Read in compute_effective_progs Content-Language: en-US To: Andrii Nakryiko Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Networking , bpf , linux- stable , open list , syzbot+f264bffdfbd5614f3bb2@syzkaller.appspotmail.com References: <20220517180420.87954-1-tadeusz.struk@linaro.org> <7949d722-86e8-8122-e607-4b09944b76ae@linaro.org> From: Tadeusz Struk In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/23/22 15:47, Andrii Nakryiko wrote: >> Hi Andrii, >> Do you have any more feedback? Does it look better to you now? > Hi, this is on my TODO list, but I need a bit more focused time to > think all this through and I haven't managed to get it in last week. > I'm worried about the percpu_ref_is_zero(&desc->bpf.refcnt) portion > and whether it can cause some skew in the calculated array index, I > need to look at this a bit more in depth. Sorry for the delay. That's fine. take your time and let me know if there is anything else to change/improve. FWIW I tested it extensively with the syzbot repro and the issue doesn't trigger anymore. -- Thanks, Tadeusz