Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp1624808lql; Wed, 13 Mar 2024 03:47:00 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUcCCgJNLPaoqlhKmOQVfqdqmz60/JR1wVSzytM/CCf7nv29kH0oQeO2R4ChJWWor9y/JXpbKULWwPUIJkxzAK6qhL5hjh44Q7ib1usYg== X-Google-Smtp-Source: AGHT+IHhZp9npn3WuWllATiJCm3hjUSax3FYTMgGI14KcZ3h+20PALwCN4C6EMSPeAPTtVsDjlrr X-Received: by 2002:a05:6a00:2190:b0:6e6:aae6:acfe with SMTP id h16-20020a056a00219000b006e6aae6acfemr2437651pfi.23.1710326820223; Wed, 13 Mar 2024 03:47:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710326820; cv=pass; d=google.com; s=arc-20160816; b=HtOIwTZiqVUMXxFX+QJ8kmwXfYClc76JeVZ2cEf7OD1PWrbHhb54U/Q34m4lJmrMqI 3Z68rB+4UtuX4jsT9T1x7OSoapw5k4OGzlHjIbBOHp96EG3fAYJML/5vRy8pIMDzC9Ec KQj3gGOe39QCzyovZ9hz7Sn8Pbr83pm/zTocN5BvYHIO9xqjV3n9uRyvAvzDkRfOXYyL o3Wuzpwc7PMxSICArmS1eHKF3eKWJ3GXHmpaWYQUjip1GiCIoZ3ezxPKEr5hHLxZfw/G CYD/6s318aa8Cl+SVB1iHb5la3DvNf8eKb33iVb4WbjPytQmt9tCliaJn9K8pskX6+4Z BRfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=+3OVP3L9Pofk+vseKfStnckmUc4m7+h7i4glOTE125I=; fh=L2oxuK33KNKZUirUGiGtUVxMB9LLcyO7S9KMG+JatuA=; b=M4kw+ArjXKLtevb2DzCc7vGRiSxlEs6CP1KFCfuJATSa5Sq+VtSA7hUQ1ObA5rmMUi CwrKZbcVpje2c20vG+Uu3qUcOUF9Yt83lsqc6A662mEtAw1QAiH2oHWjyI4t0ooxSt0f RSlsHpZhDxdMAVx1aIS4A/KOz3e834UzgGY7xIT0KbpM9RM8MtU6oSHQZc2RQyHqp8b0 Xk+TKDxzL/mMMIU1/kYAjjbmtxNbhz0IIqEQAwv5EDU/PBNOU4zDBERIZiANGGcRdAoV hpLXaXD0r1GugvYvMBKv/V5hRLBQ1agSKljXKwnTRj0ds5LB344rZFPL7Ke737tzhaXJ Z6mQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-101369-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101369-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id f2-20020a056a00228200b006e6b5e631d7si1501578pfe.24.2024.03.13.03.46.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 03:47:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-101369-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=sina.com); spf=pass (google.com: domain of linux-kernel+bounces-101369-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101369-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9E79E282CA1 for ; Wed, 13 Mar 2024 10:46:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5E5AA3D3B3; Wed, 13 Mar 2024 10:46:55 +0000 (UTC) Received: from mail115-118.sinamail.sina.com.cn (mail115-118.sinamail.sina.com.cn [218.30.115.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F4E13D386 for ; Wed, 13 Mar 2024 10:46:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=218.30.115.118 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710326814; cv=none; b=oDHzpVZ7MXMTRCvqxQV9ffoUgjptk4vgty4vJQxP4eXe3j6S0yorSEuW+S/CvCLQHiDRf90kwgl8qN+fwWnmKvduZwp1Fqb3hfzbyZ4OgFTggIQXEx19/DZrisdoLOWAFYpCPpZPBGpTG599lEC8F5PyJNoGBveH4HNlUF69n+I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710326814; c=relaxed/simple; bh=lY4PnK/nrOsu8EsdAOA3oMFu70AKJEwrXflCsNhz3CY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=kmgu2hFR1rQX/P94W8Em/GYj8WweA36wtjjbTzvHwJ6LVeZJwIwkUIEXvFHaRANSf0bxpoKMDr9bEltjAZPeBwrdTWuVQOg3RNdRcB9x7xrahS/vygUPn5/NI2P3UniTmeG0Z9q1zYs7AC5BRLGZ9H3sSTquXQOivMm8aZHMUkQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com; spf=pass smtp.mailfrom=sina.com; arc=none smtp.client-ip=218.30.115.118 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=sina.com X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([116.24.9.180]) by sina.com (172.16.235.25) with ESMTP id 65F1840D000055F7; Wed, 13 Mar 2024 18:46:40 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com Authentication-Results: sina.com; spf=none smtp.mailfrom=hdanton@sina.com; dkim=none header.i=none; dmarc=none action=none header.from=hdanton@sina.com X-SMAIL-MID: 6488834210294 X-SMAIL-UIID: 878316195B8A4D3F9594D1AA2F3D9A4D-20240313-184640-1 From: Hillf Danton To: syzbot Cc: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [bpf?] possible deadlock in __bpf_ringbuf_reserve Date: Wed, 13 Mar 2024 18:46:28 +0800 Message-Id: <20240313104628.2178-1-hdanton@sina.com> In-Reply-To: <0000000000004aa700061379547e@google.com> References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Tue, 12 Mar 2024 09:41:26 -0700 > syzbot found the following issue on: > > HEAD commit: df4793505abd Merge tag 'net-6.8-rc8' of git://git.kernel.o.. > git tree: bpf > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10babc01180000 #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master --- x/kernel/bpf/ringbuf.c +++ y/kernel/bpf/ringbuf.c @@ -402,10 +402,14 @@ bpf_ringbuf_restore_from_rec(struct bpf_ return (void*)((addr & PAGE_MASK) - off); } +static DEFINE_PER_CPU(int, bpf_ringbuf_lock_subclass); + static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) { unsigned long cons_pos, prod_pos, new_prod_pos, flags; u32 len, pg_off; + int dumy = 0; + int *sbc = &dumy; struct bpf_ringbuf_hdr *hdr; if (unlikely(size > RINGBUF_MAX_RECORD_SZ)) @@ -421,7 +425,10 @@ static void *__bpf_ringbuf_reserve(struc if (!spin_trylock_irqsave(&rb->spinlock, flags)) return NULL; } else { - spin_lock_irqsave(&rb->spinlock, flags); + sbc = get_cpu_ptr(&bpf_ringbuf_lock_subclass); + *sbc += 1; + spin_lock_irqsave_nested(&rb->spinlock, flags, *sbc); + put_cpu_ptr(&bpf_ringbuf_lock_subclass); } prod_pos = rb->producer_pos; @@ -431,6 +438,7 @@ static void *__bpf_ringbuf_reserve(struc * doesn't advance more than (ringbuf_size - 1) ahead */ if (new_prod_pos - cons_pos > rb->mask) { + *sbc -= 1; spin_unlock_irqrestore(&rb->spinlock, flags); return NULL; } @@ -443,6 +451,7 @@ static void *__bpf_ringbuf_reserve(struc /* pairs with consumer's smp_load_acquire() */ smp_store_release(&rb->producer_pos, new_prod_pos); + *sbc -= 1; spin_unlock_irqrestore(&rb->spinlock, flags); return (void *)hdr + BPF_RINGBUF_HDR_SZ; --