Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4111383rwd; Tue, 30 May 2023 00:09:38 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7G07f/TN3lL8b4g0CwivqC6DDwb/qqlMShAABvWHvmO2Ik4Ky1/AdBn3MZCGC1QbJjZccu X-Received: by 2002:a17:903:32c7:b0:19c:dbce:dce8 with SMTP id i7-20020a17090332c700b0019cdbcedce8mr1703832plr.15.1685430578635; Tue, 30 May 2023 00:09:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685430578; cv=none; d=google.com; s=arc-20160816; b=tQ1c8JnLzikSxObKRncrrF3aM8KiKIOms/i0MLvi0839T6JIipJS2tB+UN0HRIJuC4 Pgj3XR2IdG8GFg57YQvdNEOWmPf9nwyR22zEKZu7miGWxV1Eqt+xb9YKzN8cmIJexjyf UZMJ+rbQV2EUxTYde7sWW+XU6upT/X0QXA040ki8UIvPt4B8V1TsFrRq5CTCYBX2Oo3H QBOFXG3nxLSwEhsvRAj5wAdtg1MeDu3ysP4kvq/9ggaBX6S47724nG/iF7Hn54nD8wIL wcOR3owxfsEoadV9S74JkiYxgrs+Rjkws5Fjt/vLKfPIfOibPuCJNp5t1CAQI8B+aFHW kpHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=edWCMAD9pTtsHzzIzkeySxWeNvmYIzF5o7ScNFDuYPM=; b=MYkJZeImAYGffRtvMAdypS9cPtW/UEuiEFGax84Fi5IOwWHIrpowL38Imh5H6LfXsD hq8cYyCooZTn71ep4Gr7Z4RqWprz74jxif8zFNA1Nu/4m3jPrfA3bdpoWd12j+lDF64c BQ3yEFh8xa4FlRdnnkWkiZXzMHz3LaDaBbI+O/J5WB1YFxVI6UQJBv7sBFJnvnvrFV5P LcKns14+JUJO/B9paASAsKRu/NIH0pRUDl13P6Os/wcaObd2B5FGCwEfqEyZ0yUW6uRW b3XRZCMGDD1dUUqJU6i7OZPk0DAPafXnJ7ZrI4wX7kL1DS53uuJh09FSnVheH00vfZqp Cwvg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=m6JOmwg5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id iz5-20020a170902ef8500b001a669006139si6222918plb.248.2023.05.30.00.09.25; Tue, 30 May 2023 00:09:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=m6JOmwg5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230426AbjE3HG1 (ORCPT + 99 others); Tue, 30 May 2023 03:06:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44032 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230398AbjE3HGS (ORCPT ); Tue, 30 May 2023 03:06:18 -0400 Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CE170E5; Tue, 30 May 2023 00:06:17 -0700 (PDT) Received: by mail-pf1-x42b.google.com with SMTP id d2e1a72fcca58-64d3fbb8c1cso4569234b3a.3; Tue, 30 May 2023 00:06:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685430377; x=1688022377; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=edWCMAD9pTtsHzzIzkeySxWeNvmYIzF5o7ScNFDuYPM=; b=m6JOmwg5tTAYP/cx8te3fKUr0a/622dXJVP19hVWHdqi9iIAMG8zO+Wufmykc1yNKs C7XAITX+FLSxYIi3U9XRt2kwlOzxn9vl59O5M0Ey+PYMelFatUEXGERSIeu1Zfg9dftj wt7SZNlTYhc/gpuaequhs0c00bIi934Fv3JxXFGx6ZW+9HIbG9Rx9FpVpcum+bM0GjFM FaE7gBMd2b0gcg3algmfoE85fJBRBP7sQFIkX2Z7iqyWzOfRaRiCcN1aSgTfgvcFQdNC lPR3ID4wshVJ5NHmmNidsuq3WOP9nmrAeaPgq48BgIvwwp5R772vy17rEv8Aa2iYz7TE EBHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685430377; x=1688022377; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=edWCMAD9pTtsHzzIzkeySxWeNvmYIzF5o7ScNFDuYPM=; b=ACdMVOZXOu3z4ufClUPGVhmdUwMjGjAmGzSvRlquzm0S08eVJ74P550cohXj+fzj69 z8a0Egs6twl+jjpuoxma8AtHaF2BRJVXluWEXluweaMDIl7DjY4ZoVuKNLIM3mr/Z3uq e/11Jk/QtbBxxjl+QwutNgMtUL0IfdTNa1Ybc+ROsH0erqudfaejjhcL8iPEryM0edlW QQVJd7tS/qDmt+Ui54EUx8xLwpn68MiQmNQafUpcWsV4A6et98xbz/F/NjCoHapgPANV aBPG0EF5ceb3c6IW3wBTDSOGyci8F1gKx4DPXQb+/p5QphaZVbIYTGlYrRuCNExSFw0o k+XA== X-Gm-Message-State: AC+VfDzaQq1Fi2IagWuSaoRpNFrcSzWvOeyrUmNontAmtBWCLN1hm0ja 5qtPmUizOmZauJbsmToZxGQ= X-Received: by 2002:a05:6a20:12c5:b0:10f:3fa0:fd78 with SMTP id v5-20020a056a2012c500b0010f3fa0fd78mr1639223pzg.24.1685430377106; Tue, 30 May 2023 00:06:17 -0700 (PDT) Received: from localhost.localdomain ([106.39.42.38]) by smtp.gmail.com with ESMTPSA id k8-20020a635a48000000b0052cbd854927sm7929612pgm.18.2023.05.30.00.06.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 May 2023 00:06:16 -0700 (PDT) From: starmiku1207184332@gmail.com To: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, davem@davemloft.net, kuba@kernel.org, hawk@kernel.org Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Teng Qi Subject: [PATCH v2] kernel: bpf: syscall: fix a possible sleep-in-atomic bug in __bpf_prog_put() Date: Tue, 30 May 2023 07:06:10 +0000 Message-Id: <20230530070610.600063-1-starmiku1207184332@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Teng Qi __bpf_prog_put() indirectly calls kvfree() through bpf_prog_put_deferred() which is unsafe under atomic context. The current condition ‘in_irq() || irqs_disabled()’ in __bpf_prog_put() to ensure safety does not cover cases involving the spin lock region and rcu read lock region. Since __bpf_prog_put() is called by various callers in kernel/, net/ and drivers/, and potentially more in future, it is necessary to handle those cases as well. Although we haven`t found a proper way to identify the rcu read lock region, we have noticed that vfree() calls vfree_atomic() with the condition 'in_interrupt()' to ensure safety. To make __bpf_prog_put() safe in practice, we propose calling bpf_prog_put_deferred() with the condition 'in_interrupt()' and using the work queue for any other context. We also added a comment to indicate that the safety of __bpf_prog_put() relies implicitly on the implementation of vfree(). Signed-off-by: Teng Qi --- v2: remove comments because of self explanatory of code. Fixes: d809e134be7a ("bpf: Prepare bpf_prog_put() to be called from irq context.") --- kernel/bpf/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 14f39c1e573e..96658e5874be 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2099,7 +2099,7 @@ static void __bpf_prog_put(struct bpf_prog *prog) struct bpf_prog_aux *aux = prog->aux; if (atomic64_dec_and_test(&aux->refcnt)) { - if (in_irq() || irqs_disabled()) { + if (!in_interrupt()) { INIT_WORK(&aux->work, bpf_prog_put_deferred); schedule_work(&aux->work); } else { -- 2.25.1