| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220815182427.afep7xxchgdbyhd2@kafai-mbp>
Date: Mon, 15 Aug 2022 11:24:27 -0700
From: Martin KaFai Lau <kafai@...com>
To: Hawkins Jiawei <yin31149@...il.com>
Cc: syzbot+5f26f85569bd179c18ce@...kaller.appspotmail.com,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
paskripkin@...il.com, skhan@...uxfoundation.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
18801353760@....com, Jakub Kicinski <kuba@...nel.org>,
bpf@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v5 2/2] net: refactor bpf_sk_reuseport_detach()
On Fri, Aug 05, 2022 at 03:48:36PM +0800, Hawkins Jiawei wrote:
> Refactor sk_user_data dereference using more generic function
> __rcu_dereference_sk_user_data_with_flags(), which improve its
> maintainability
>
> Suggested-by: Jakub Kicinski <kuba@...nel.org>
> Signed-off-by: Hawkins Jiawei <yin31149@...il.com>
> ---
> kernel/bpf/reuseport_array.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/kernel/bpf/reuseport_array.c b/kernel/bpf/reuseport_array.c
> index e2618fb5870e..85fa9dbfa8bf 100644
> --- a/kernel/bpf/reuseport_array.c
> +++ b/kernel/bpf/reuseport_array.c
> @@ -21,14 +21,11 @@ static struct reuseport_array *reuseport_array(struct bpf_map *map)
> /* The caller must hold the reuseport_lock */
> void bpf_sk_reuseport_detach(struct sock *sk)
> {
> - uintptr_t sk_user_data;
> + struct sock __rcu **socks;
>
> write_lock_bh(&sk->sk_callback_lock);
> - sk_user_data = (uintptr_t)sk->sk_user_data;
> - if (sk_user_data & SK_USER_DATA_BPF) {
> - struct sock __rcu **socks;
> -
> - socks = (void *)(sk_user_data & SK_USER_DATA_PTRMASK);
> + socks = __rcu_dereference_sk_user_data_with_flags(sk, SK_USER_DATA_BPF);
syzbot reports 'suspicious rcu_dereference_check() usage':
https://lore.kernel.org/netdev/0000000000007902fc05e6458697@google.com/
rcu_read_lock() does not need to be held here.
One option is to use rcu_access_pointer.
Another option is to use rcu_dereference_check() and pass the
lockdep_is_held(&sk->sk_callback_lock) from here.
> + if (socks) {
> WRITE_ONCE(sk->sk_user_data, NULL);
> /*
> * Do not move this NULL assignment outside of
> --
> 2.25.1
>
Powered by blists - more mailing lists