lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aLdnq7EayjFVbGYp@google.com>
Date: Tue, 2 Sep 2025 14:54:51 -0700
From: Namhyung Kim <namhyung@...nel.org>
To: Ian Rogers <irogers@...gle.com>
Cc: Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...hat.com>,
	Arnaldo Carvalho de Melo <acme@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
	Jiri Olsa <jolsa@...nel.org>,
	Adrian Hunter <adrian.hunter@...el.com>,
	Kan Liang <kan.liang@...ux.intel.com>,
	Blake Jones <blakejones@...gle.com>,
	Zhongqiu Han <quic_zhonhan@...cinc.com>,
	Andrii Nakryiko <andrii@...nel.org>,
	Song Liu <songliubraving@...com>,
	Dave Marchevsky <davemarchevsky@...com>,
	linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
	bpf@...r.kernel.org, Howard Chu <howardchu95@...il.com>,
	song@...nel.org, Yonghong Song <yonghong.song@...ux.dev>
Subject: Re: [PATCH v1 0/3] Fix use-after-free race in bpf_prog_info synthesis

Hi Ian,

On Tue, Sep 02, 2025 at 11:17:10AM -0700, Ian Rogers wrote:
> The addition of more use of bpf_prog_info for gather BPF metadata in:
> https://lore.kernel.org/all/20250612194939.162730-1-blakejones@google.com/
> and the ever richer perf trace testing, such as:
> https://lore.kernel.org/all/20250528191148.89118-1-howardchu95@gmail.com/
> frequently triggered a latent perf bug in v6.17 when the perf and
> libbpf updates came together. The bug would cause segvs and was reported here:
> https://lore.kernel.org/lkml/CAP-5=fWJQcmUOP7MuCA2ihKnDAHUCOBLkQFEkQES-1ZZTrgf8Q@mail.gmail.com/
> 
> To fix the issue the 1st and 3rd patch are necessary. Both patches
> address a race of either the sideband thread updating perf's state or
> the kernel state changing over two system calls.

Thanks a lot for the fix!

> 
> The use-after-free was introduced by:
> https://lore.kernel.org/r/20241205084500.823660-4-quic_zhonhan@quicinc.com
> The lack of failing getting the bpf_prog_info for changes in the
> kernel was introduced in:
> https://lore.kernel.org/r/20211011082031.4148337-4-davemarchevsky@fb.com
> 
> As v6.17 is currently actively segv-ing in perf test I'd recommend
> these patches go into v6.17 asap.

Sure, I'll add them to perf-tools tree.

> 
> When running the perf tests on v6.17 I frequently see less critical
> test failures addressed in:
> https://lore.kernel.org/all/20250821221834.1312002-1-irogers@google.com/

Are they all from v6.17?

> 
> Ian Rogers (3):
>   perf bpf-event: Fix use-after-free in synthesis
>   perf bpf-utils: Constify bpil_array_desc
>   perf bpf-utils: Harden get_bpf_prog_info_linear

Reviewed-by: Namhyung Kim <namhyung@...nel.org>

Thanks,
Namhyung

> 
>  tools/perf/util/bpf-event.c | 39 ++++++++++++++++--------
>  tools/perf/util/bpf-utils.c | 61 ++++++++++++++++++++++++-------------
>  2 files changed, 66 insertions(+), 34 deletions(-)
> 
> -- 
> 2.51.0.355.g5224444f11-goog
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ