Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3167527lqo; Tue, 21 May 2024 08:39:19 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVel4CuvnHYEdswLdLxz8JydrYvw7y6zV+/T80O7Vi9JlH5Cl2ja51DkOdtThbTUoXa8VxjL+QyR5/VgwyJl/E9lsch6pJ5eT7N/5iTCA== X-Google-Smtp-Source: AGHT+IEvv/3j4f2MJtOYJnsP6gj5swD6BLaTdRGGj/qq5P/GXt8HmhH7Tj8R02SygOPVJBD8ayQQ X-Received: by 2002:a17:90a:bf05:b0:2b9:a7bf:8701 with SMTP id 98e67ed59e1d1-2b9a7bf887amr23870732a91.21.1716305959118; Tue, 21 May 2024 08:39:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716305959; cv=pass; d=google.com; s=arc-20160816; b=NjWcDx0UY/gi0espjZYRDtZy3c63Dh4BLbuj7pB2DxRl0z80QlMf9h+e8snB02Lp3g bIL2c8royjtu7C/6ojj9AxBk3pn5/3FvHOqZa+qY3fnPKpse9OL9MvQm9ZQnG1pkF9c+ XU7n/z6f1WO/CczEgwHZ1tlO9jljq26y9Jx49iYD6AHSXsbOFVRh6ZTUUf23hC3VoZiH r5Mz08iTv/w4+8lXT0/uDTDoRMzkWeOZ7EojzsF4EattxLOMy0GVdbHFBlmp1M9WgdoF WqXnpkh60iXsPLqG33X9x50b9mDEkIFT9GlKgm7edWxoRzbFhExQeXK9KIIjQpabW2Sd /K6w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=Re8Wl04dqGPF7qQ9KzoZRZT9kKy3SUlswFv2Sj3Vy1Q=; fh=RyG8JFeFbbk2lQwv7vOYH6CS/dhfvzZbSxeaIMfm+5k=; b=Y2KwAaYOl5VQ3FUPiF487go3k1/MDYXBNXPI0ukqRt9oTTzD4D3d8ts+Ffk4ildKZ8 Pjjt5Mdz2Yd8VEuw6Lyscm/BIQ2uPnELmS5dyC1GUHml/qaXuexbb81WkSdr4D75A0A3 maJgClfWsRs7MXx3m1xj9WbKw/KLpOYSJAkAbKanqChsIcTNYCsujz3o9AWqTFH4fhjQ NiZh+Q4m0rGVgUlQDp82JsRbQpweFDKnnQmHKuoeYtx9qkQV+/d0GWmRysEXwqZLtK4O D5Sre2S1ws1g3Q10P4JCFUulzmkVNxtrBAbH8TSUEG3HO0b5PcNB3l7H8JfVGYg7tkfn UYLw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=KwITdQ4g; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-185171-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185171-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2bd93096c2csi1400132a91.94.2024.05.21.08.39.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 08:39:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-185171-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=KwITdQ4g; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-185171-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185171-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B9A29284465 for ; Tue, 21 May 2024 15:39:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 901C51474B3; Tue, 21 May 2024 15:39:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KwITdQ4g" Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com [209.85.208.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDAF0446B4; Tue, 21 May 2024 15:39:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716305947; cv=none; b=ZBLlZ4aug7YL+0Za06gp37+qKGPV1+DEvCXLi4CBE9NRHNBQiAs5j+ssiiFE1I69DZ80sLhMF9HvzLNvpQpEK192+QFvoQbKOhNsJox0lDlj8uiQ8iBF2cpQF1ZqWx+BpwdFmoQrK7IQXmvfeZTxxIaakiMaVt4KO8a3hv9Ay3A= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716305947; c=relaxed/simple; bh=SaoDykVHDT1haqx/gobymWgMMDw49xu2u/ehUnA457s=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=IAzxM2hx7LY3UirLuYNC7fWFW0OkhRtzcTOKOGq33qcHXJAb1DEdXERBFuW/+I4XOYXJFUbRbNOvY+As0SktBc2pblptmi+2I4t5OMryVu3y6kjl3l7/y0FTtXCnpiG7c4n0k05SVChQLXvRuJaDKy3JOorKBUtFRbt0MNWGXlQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KwITdQ4g; arc=none smtp.client-ip=209.85.208.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lj1-f171.google.com with SMTP id 38308e7fff4ca-2e1fa824504so50413911fa.0; Tue, 21 May 2024 08:39:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716305944; x=1716910744; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Re8Wl04dqGPF7qQ9KzoZRZT9kKy3SUlswFv2Sj3Vy1Q=; b=KwITdQ4gtEzQKyC1uafxOdr/5QHc9+PBSIHoFNJwmcXyy3Ply8NLEWh/dhiiL9ylYb GH3CSQtelaFDz3GYZvpmBv038A/F+AVEBdPfgo3QSTG2vhkqzpC7WlVeYNV/G8vrcNgk Wfucfb/w00TNrKgMch1M5+3j9M6xGI5rh3tEmo8zijDhgchA9RJ30ZbU48qQDKwysNSm OkWmapsKz1M4keo7ACeW84qFcU0QZU5yyN+Ju2fS90rXMKgt5UaY3kC083dNiZ8bsEEv B9RCuxEiMLMwJ7hDLtNFxMuVDiXkpTbDiRyaG1qCoWkwmJ5NhMzEfwWRyOH7sZRlkf7G 9DiQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716305944; x=1716910744; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Re8Wl04dqGPF7qQ9KzoZRZT9kKy3SUlswFv2Sj3Vy1Q=; b=NaACMrIZG1kIy+CP/G2rahlebpYGvVSI57dmUNYIoRpgKBKNbiMapClwoO4nH7j152 fMqCx8+Fx53uIKyqBgXf4Hl2Cv7Oa8pdgPvIoDv9EFIjjgZEHxvLYI/bj0PvIC22cNXt HJFHx9JKE28D27g4tRpIM0lR2eneFP4AfmIy2UY7nMmBmeEc22fJyH1NguFTFJ5Ird8i 4pjd3mCWkM8ddU4UINngIcuwcK3FKDkbsCmvp5cYW6G1n7eloJzDuwudnWtqREruBPea 1tCVg0m2j4L168VVfy0xnoq47ZQTXS9lpHe0Pj4iksSD5HE/V67WPBM9SsQDtGyTaZs8 oq9w== X-Forwarded-Encrypted: i=1; AJvYcCXrBs9LHGFJrBuk/T403KjeJsFwetJYRjdSkFAExi1utniFaVds4dt0TuZI4R2Q9iRcZaLBA0as0y4LFgUysYdvn6Dn0raHqp97g/F3kTinZ9ps7RA3GPqJmlooT2RtES9+ZfZNqryJYxcpciDnF+im4vxc3Lc+a8Mf X-Gm-Message-State: AOJu0Yxree6V//rhlX+vM8qXcEKdklmdnfmKnRj9a2ae6cGRg4/unjsX C+U7tvLzqw1qHZDJbZjEhrgwBHt6U7nr9ZSYfnvqb4b4TZXvlR6iiz4KujzjpR0G3unEnXTkg65 ZB2LmhTNBacpKETp8aTGR/665+/M= X-Received: by 2002:a2e:9e48:0:b0:2e5:67bc:6f2 with SMTP id 38308e7fff4ca-2e567bc07c3mr158550351fa.44.1716305943818; Tue, 21 May 2024 08:39:03 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <838e7959-a360-4ac1-b36a-a3469236129b@I-love.SAKURA.ne.jp> In-Reply-To: <838e7959-a360-4ac1-b36a-a3469236129b@I-love.SAKURA.ne.jp> From: Alexei Starovoitov Date: Tue, 21 May 2024 08:38:52 -0700 Message-ID: Subject: Re: [PATCH] bpf, sockmap: defer sk_psock_free_link() using RCU To: Tetsuo Handa Cc: John Fastabend , Jakub Sitnicki , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Network Development , bpf , LKML Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sun, May 12, 2024 at 12:22=E2=80=AFAM Tetsuo Handa wrote: > > If a BPF program is attached to kfree() event, calling kfree() > with psock->link_lock held triggers lockdep warning. > > Defer kfree() using RCU so that the attached BPF program runs > without holding psock->link_lock. > > Reported-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=3Dec941d6e24f633a59172 > Tested-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com > Reported-by: syzbot+a4ed4041b9bea8177ac3@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=3Da4ed4041b9bea8177ac3 > Tested-by: syzbot+a4ed4041b9bea8177ac3@syzkaller.appspotmail.com > Signed-off-by: Tetsuo Handa > --- > include/linux/skmsg.h | 7 +++++-- > net/core/skmsg.c | 2 ++ > net/core/sock_map.c | 2 ++ > 3 files changed, 9 insertions(+), 2 deletions(-) > > diff --git a/include/linux/skmsg.h b/include/linux/skmsg.h > index a509caf823d6..66590f20b777 100644 > --- a/include/linux/skmsg.h > +++ b/include/linux/skmsg.h > @@ -66,7 +66,10 @@ enum sk_psock_state_bits { > }; > > struct sk_psock_link { > - struct list_head list; > + union { > + struct list_head list; > + struct rcu_head rcu; > + }; > struct bpf_map *map; > void *link_raw; > }; > @@ -418,7 +421,7 @@ static inline struct sk_psock_link *sk_psock_init_lin= k(void) > > static inline void sk_psock_free_link(struct sk_psock_link *link) > { > - kfree(link); > + kfree_rcu(link, rcu); > } > > struct sk_psock_link *sk_psock_link_pop(struct sk_psock *psock); > diff --git a/net/core/skmsg.c b/net/core/skmsg.c > index fd20aae30be2..9cebfeecd3c9 100644 > --- a/net/core/skmsg.c > +++ b/net/core/skmsg.c > @@ -791,10 +791,12 @@ static void sk_psock_link_destroy(struct sk_psock *= psock) > { > struct sk_psock_link *link, *tmp; > > + rcu_read_lock(); > list_for_each_entry_safe(link, tmp, &psock->link, list) { > list_del(&link->list); > sk_psock_free_link(link); > } > + rcu_read_unlock(); > } > > void sk_psock_stop(struct sk_psock *psock) > diff --git a/net/core/sock_map.c b/net/core/sock_map.c > index 8598466a3805..8bec4b7a8ec7 100644 > --- a/net/core/sock_map.c > +++ b/net/core/sock_map.c > @@ -142,6 +142,7 @@ static void sock_map_del_link(struct sock *sk, > bool strp_stop =3D false, verdict_stop =3D false; > struct sk_psock_link *link, *tmp; > > + rcu_read_lock(); > spin_lock_bh(&psock->link_lock); I think this is incorrect. spin_lock_bh may sleep in RT and it won't be safe to do in rcu cs. pw-bot: cr > list_for_each_entry_safe(link, tmp, &psock->link, list) { > if (link->link_raw =3D=3D link_raw) { > @@ -159,6 +160,7 @@ static void sock_map_del_link(struct sock *sk, > } > } > spin_unlock_bh(&psock->link_lock); > + rcu_read_unlock(); > if (strp_stop || verdict_stop) { > write_lock_bh(&sk->sk_callback_lock); > if (strp_stop) > -- > 2.34.1 >