[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87plvgbp15.fsf@cloudflare.com>
Date: Tue, 26 Mar 2024 23:15:47 +0100
From: Jakub Sitnicki <jakub@...udflare.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>, Edward Adam Davis
<eadavis@...com>, John Fastabend <john.fastabend@...il.com>
Cc: syzbot+c4f4d25859c2e5859988@...kaller.appspotmail.com,
42.hyeyoo@...il.com, andrii@...nel.org, ast@...nel.org,
bpf@...r.kernel.org, daniel@...earbox.net, davem@...emloft.net,
edumazet@...gle.com, kafai@...com, kpsingh@...nel.org, kuba@...nel.org,
linux-kernel@...r.kernel.org, namhyung@...nel.org, netdev@...r.kernel.org,
pabeni@...hat.com, peterz@...radead.org, songliubraving@...com,
syzkaller-bugs@...glegroups.com, yhs@...com
Subject: Re: [PATCH] bpf, sockmap: fix deadlock in rcu_report_exp_cpu_mult
On Mon, Mar 25, 2024 at 01:23 PM +01, Jakub Sitnicki wrote:
> On Sat, Mar 23, 2024 at 12:08 AM -07, Alexei Starovoitov wrote:
>> It seems this bug was causing multiple syzbot reports.
> Any chance we could disallow mutating sockhash from interrupt context?
I've been playing with the repro from one of the other reports:
https://lore.kernel.org/all/CABOYnLzaRiZ+M1v7dPaeObnj_=S4JYmWbgrXaYsyBbWh=553vQ@mail.gmail.com/
syzkaller workload is artificial. So, if we can avoid it, I'd rather not
support modifying sockmap/sockhash in contexts where irqs are disabled,
and lock safety rules are stricter than what we abide to today.
Ideally, we allow task and softirq contexts with irqs enabled (so no
tracing progs attached to timer tick, which syzcaller is using as corpus
here). Otherwise, we will have to cover for that in selftests.
I'm thinking about a restriction like:
---8<---
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index 27d733c0f65e..3692f7256dd6 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -907,6 +907,7 @@ static void sock_hash_delete_from_link(struct bpf_map *map, struct sock *sk,
struct bpf_shtab_elem *elem_probe, *elem = link_raw;
struct bpf_shtab_bucket *bucket;
+ WARN_ON_ONCE(irqs_disabled());
WARN_ON_ONCE(!rcu_read_lock_held());
bucket = sock_hash_select_bucket(htab, elem->hash);
@@ -933,6 +934,10 @@ static long sock_hash_delete_elem(struct bpf_map *map, void *key)
struct bpf_shtab_elem *elem;
int ret = -ENOENT;
+ /* Can't run. We don't play nice with hardirq-safe locks. */
+ if (irqs_disabled())
+ return -EOPNOTSUPP;
+
hash = sock_hash_bucket_hash(key, key_size);
bucket = sock_hash_select_bucket(htab, hash);
@@ -986,6 +991,7 @@ static int sock_hash_update_common(struct bpf_map *map, void *key,
struct sk_psock *psock;
int ret;
+ WARN_ON_ONCE(irqs_disabled());
WARN_ON_ONCE(!rcu_read_lock_held());
if (unlikely(flags > BPF_EXIST))
return -EINVAL;
Powered by blists - more mailing lists