lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Aug 2018 17:08:44 -0700 From: Roman Gushchin <guro@...com> To: Alexei Starovoitov <alexei.starovoitov@...il.com> CC: Yonghong Song <yhs@...com>, <ast@...com>, <daniel@...earbox.net>, <netdev@...r.kernel.org>, <kernel-team@...com> Subject: Re: [PATCH bpf] bpf: fix a rcu usage warning in bpf_prog_array_copy_core() On Tue, Aug 14, 2018 at 04:59:45PM -0700, Alexei Starovoitov wrote: > On Tue, Aug 14, 2018 at 11:01:12AM -0700, Yonghong Song wrote: > > Commit 394e40a29788 ("bpf: extend bpf_prog_array to store pointers > > to the cgroup storage") refactored the bpf_prog_array_copy_core() > > to accommodate new structure bpf_prog_array_item which contains > > bpf_prog array itself. > > > > In the old code, we had > > perf_event_query_prog_array(): > > mutex_lock(...) > > bpf_prog_array_copy_call(): > > prog = rcu_dereference_check(array, 1)->progs > > bpf_prog_array_copy_core(prog, ...) > > mutex_unlock(...) > > > > With the above commit, we had > > perf_event_query_prog_array(): > > mutex_lock(...) > > bpf_prog_array_copy_call(): > > bpf_prog_array_copy_core(array, ...): > > item = rcu_dereference(array)->items; > > ... > > mutex_unlock(...) > > > > The new code will trigger a lockdep rcu checking warning. > > The fix is to change rcu_dereference() to rcu_dereference_check() > > to prevent such a warning. > > > > Reported-by: syzbot+6e72317008eef84a216b@...kaller.appspotmail.com > > Fixes: 394e40a29788 ("bpf: extend bpf_prog_array to store pointers to the cgroup storage") > > Cc: Roman Gushchin <guro@...com> > > Signed-off-by: Yonghong Song <yhs@...com> > > makes sense to me > Acked-by: Alexei Starovoitov <ast@...nel.org> > > Roman, would you agree? > rcu_dereference_check(<>, 1) always looks a bit strange to me, but if it's the only reasonable way to silence the warning, of course I'm fine with it. Thanks!
Powered by blists - more mailing lists