Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp385316rwd; Tue, 30 May 2023 22:54:21 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ79f/tSxaabtEbYGGtlCqD4Qf2sHQ1hBbA4cqN+LbdaEeyouYKwLCa2vm2acy6wHhiYiuas X-Received: by 2002:a05:6a21:7894:b0:10a:e8c2:7227 with SMTP id bf20-20020a056a21789400b0010ae8c27227mr4662125pzc.45.1685512460968; Tue, 30 May 2023 22:54:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685512460; cv=none; d=google.com; s=arc-20160816; b=WBoEaA/UFsmy4OFyAdfDLxeUH4gqlkGdML+jTyj+LvH0M9hbKGqANL+Pmj+cKY/fhq 6eotosSKuScl2oO7c8/8CGPvkr1vLhl3J25Z90DRtkD4N86UBtZhdrtTsk7W1+du9oiB iOfc70oD20H6gYoFK+fpg/bEIjo6hSljqxFX2MjeAIrO04O+P5UylYphmHC2z3MR0G0N 4QixQ42fU8l9kHF5LxSipoqCQMcOTuHSPjM+SMxXUBngOOpbdO9e8Lc+NZNtNzWUG1Dk B5Q5MKaZPxEtFVrkYOB+cckp2N2kZMbCj8a/9FaQGbBwvaLLViaK7/SCw5Kscjx8oU8c sjQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=mimGVtxLE7vqxai4nDb2ohdrBI+gPPYDUXqmgm8ndBU=; b=kR3I7vrOotkRtR8S5tK2uumR7ghVm4TfEkMYgMOTvMgWSbbKW+XoPky4W8RvLImB0o ENhugLdfdpgXVy9q/6GynI4nZUKg/v2hZxxtpK6RVhwaNGStcboOJAxxVXvBmo/Do7PH 7mvFbVs7KBy7rI7u+2C4G/evJn7PbcCO+Al8C+m1PJ6SG07KDPp+TZ8WqzWLTmpAOtNe cCnbpG+zscSg/YA+Zi4L0b9MamqQ2/vU6ok+aFHKafw6Td4v2cM65H2CykacjvRsQ7sa IRc9fFjBo2aYPGFJG28qFsdtko7gDFpfDkMBlt+diIDDaEFSdut4LQ0+Mf9h3uUHs1fW YPjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b="lV/eo88G"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p18-20020a637f52000000b00534842ba603si125663pgn.820.2023.05.30.22.54.08; Tue, 30 May 2023 22:54:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b="lV/eo88G"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234206AbjEaFap (ORCPT + 99 others); Wed, 31 May 2023 01:30:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233929AbjEaFao (ORCPT ); Wed, 31 May 2023 01:30:44 -0400 Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D47EB185; Tue, 30 May 2023 22:30:37 -0700 (PDT) Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2af2451b3f1so57932721fa.2; Tue, 30 May 2023 22:30:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685511036; x=1688103036; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=mimGVtxLE7vqxai4nDb2ohdrBI+gPPYDUXqmgm8ndBU=; b=lV/eo88GcFoqMuG6kFVoYvMPP/yuWfVQ5BCaMyJAnn7D8dd0ao/J4vFEopYvFNL36J g1NbK1slo9sAX8JYfqFfBHgplWUR8HRunJlcpbRmjY22iErzO4SBuZoWti9Y/8/5PZ6C c6QMSLyighpaRqHif7u0V7WhSJusI1V/HOIMuTe8bdTCCEtJE+dtf7ugHRzp0TveGRck jFyUXvyjwE20eoUzHGUUWwTUbe9bUOKRdf9gzuTbk7rHwCpNi9H3Yg6/76D++zcsBB0F Ed/D0BC7CCx0QkomNCD4bZKUVNWF4CAye8YP6rh4SX05gMgIUCgF1/9lsgot1Zs8L3Wx uBbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685511036; x=1688103036; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mimGVtxLE7vqxai4nDb2ohdrBI+gPPYDUXqmgm8ndBU=; b=dKfvGm41ljTE4jdrOMwZYB09lM47UMkaLsPuEfpnqfmPK0/RJPp1nC97y4zpbQ/BB+ +CJQpzJ0TCbV+UULfAGi+PSmVKG63jJt5Vcmmyqc8vXwVX9xqFxyK0tLXmDVxwPxJgF+ hbCBnTE22W6ajMg1dHJkF6TIMn1pUTYkNdXpj9+Ei/hNVAB870AJwRtiXN+NTEwTg+84 38B6aZRDr4JjrGCeI6xi7eifAT0XziYHCN/urux+doESMR1TTzp0EXArlEspKrbUdhbV WnhzrIJicvixEi701m9yLyIR577WJbmPcMvQRwhg4qp2ivBebqFoEPaIG8WK0UXISmnd 8jtA== X-Gm-Message-State: AC+VfDwimh8nDH0ZXqldv5S2PsklZ5vCIypR47NJqAqloCbGI/XcLaNb vtvgjxNYmOSiY9DB4zfvDjcpnxpehp9QwExQM3G4p0N/DQw= X-Received: by 2002:a2e:a0c6:0:b0:2af:309b:5a40 with SMTP id f6-20020a2ea0c6000000b002af309b5a40mr2099459ljm.12.1685511035763; Tue, 30 May 2023 22:30:35 -0700 (PDT) MIME-Version: 1.0 References: <20230530070610.600063-1-starmiku1207184332@gmail.com> <4f37f760-048b-9d54-14ae-d1f979898625@meta.com> In-Reply-To: <4f37f760-048b-9d54-14ae-d1f979898625@meta.com> From: Teng Qi Date: Wed, 31 May 2023 13:30:23 +0800 Message-ID: Subject: Re: [PATCH v2] kernel: bpf: syscall: fix a possible sleep-in-atomic bug in __bpf_prog_put() To: Yonghong Song Cc: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, davem@davemloft.net, kuba@kernel.org, hawk@kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > I would really like you to create a test case > to demonstrate with a rcu or spin-lock warnings based on existing code > base. With a test case, it would hard to see whether we need this > patch or not. Ok, I will try to construct a test case. > Please put 'Fixes' right before 'Signed-off-by' in the above. Ok. > Could we have cases where in software context we have irqs_disabled()? What do you mean about software context? On Wed, May 31, 2023 at 1:46=E2=80=AFAM Yonghong Song wrote: > > > > On 5/30/23 12:06 AM, starmiku1207184332@gmail.com wrote: > > From: Teng Qi > > > > __bpf_prog_put() indirectly calls kvfree() through bpf_prog_put_deferre= d() > > which is unsafe under atomic context. The current > > condition =E2=80=98in_irq() || irqs_disabled()=E2=80=99 in __bpf_prog_p= ut() to ensure safety > > does not cover cases involving the spin lock region and rcu read lock r= egion. > > Since __bpf_prog_put() is called by various callers in kernel/, net/ an= d > > drivers/, and potentially more in future, it is necessary to handle tho= se > > cases as well. > > > > Although we haven`t found a proper way to identify the rcu read lock re= gion, > > we have noticed that vfree() calls vfree_atomic() with the > > condition 'in_interrupt()' to ensure safety. > > I would really like you to create a test case > to demonstrate with a rcu or spin-lock warnings based on existing code > base. With a test case, it would hard to see whether we need this > patch or not. > > > > > To make __bpf_prog_put() safe in practice, we propose calling > > bpf_prog_put_deferred() with the condition 'in_interrupt()' and > > using the work queue for any other context. > > > > We also added a comment to indicate that the safety of __bpf_prog_put(= ) > > relies implicitly on the implementation of vfree(). > > > > Signed-off-by: Teng Qi > > --- > > v2: > > remove comments because of self explanatory of code. > > > > Fixes: d809e134be7a ("bpf: Prepare bpf_prog_put() to be called from irq= context.") > > Please put 'Fixes' right before 'Signed-off-by' in the above. > > > --- > > kernel/bpf/syscall.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c > > index 14f39c1e573e..96658e5874be 100644 > > --- a/kernel/bpf/syscall.c > > +++ b/kernel/bpf/syscall.c > > @@ -2099,7 +2099,7 @@ static void __bpf_prog_put(struct bpf_prog *prog) > > struct bpf_prog_aux *aux =3D prog->aux; > > > > if (atomic64_dec_and_test(&aux->refcnt)) { > > - if (in_irq() || irqs_disabled()) { > > + if (!in_interrupt()) { > > Could we have cases where in software context we have irqs_disabled()? > > > INIT_WORK(&aux->work, bpf_prog_put_deferred); > > schedule_work(&aux->work); > > } else {