lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 15 Sep 2020 17:57:57 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Yonghong Song <yhs@...com>
Cc:     bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Kernel Team <kernel-team@...com>,
        Andrii Nakryiko <andriin@...com>,
        Martin KaFai Lau <kafai@...com>
Subject: Re: [PATCH bpf] bpf: fix a rcu warning for bpffs map pretty-print

On Tue, Sep 15, 2020 at 5:44 PM Yonghong Song <yhs@...com> wrote:
>
> Running selftest
>   ./btf_btf -p
> the kernel had the following warning:
>   [   51.528185] WARNING: CPU: 3 PID: 1756 at kernel/bpf/hashtab.c:717 htab_map_get_next_key+0x2eb/0x300
>   [   51.529217] Modules linked in:
>   [   51.529583] CPU: 3 PID: 1756 Comm: test_btf Not tainted 5.9.0-rc1+ #878
>   [   51.530346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-1.el7.centos 04/01/2014
>   [   51.531410] RIP: 0010:htab_map_get_next_key+0x2eb/0x300
>   ...
>   [   51.542826] Call Trace:
>   [   51.543119]  map_seq_next+0x53/0x80
>   [   51.543528]  seq_read+0x263/0x400
>   [   51.543932]  vfs_read+0xad/0x1c0
>   [   51.544311]  ksys_read+0x5f/0xe0
>   [   51.544689]  do_syscall_64+0x33/0x40
>   [   51.545116]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> The related source code in kernel/bpf/hashtab.c:
>   709 static int htab_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
>   710 {
>   711         struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
>   712         struct hlist_nulls_head *head;
>   713         struct htab_elem *l, *next_l;
>   714         u32 hash, key_size;
>   715         int i = 0;
>   716
>   717         WARN_ON_ONCE(!rcu_read_lock_held());
>
> In kernel/bpf/inode.c, bpffs map pretty print calls map->ops->map_get_next_key()
> without holding a rcu_read_lock(), hence causing the above warning.
> To fix the issue, just surrounding map->ops->map_get_next_key() with rcu read lock.
>
> Reported-by: Alexei Starovoitov <ast@...nel.org>
> Cc: Andrii Nakryiko <andriin@...com>
> Cc: Martin KaFai Lau <kafai@...com>
> Fixes: a26ca7c982cb ("bpf: btf: Add pretty print support to the basic arraymap")
> Signed-off-by: Yonghong Song <yhs@...com>
> ---

LGTM.

Acked-by: Andrii Nakryiko <andriin@...com>

>  kernel/bpf/inode.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> index fb878ba3f22f..18f4969552ac 100644
> --- a/kernel/bpf/inode.c
> +++ b/kernel/bpf/inode.c
> @@ -226,10 +226,12 @@ static void *map_seq_next(struct seq_file *m, void *v, loff_t *pos)
>         else
>                 prev_key = key;
>
> +       rcu_read_lock();
>         if (map->ops->map_get_next_key(map, prev_key, key)) {
>                 map_iter(m)->done = true;
> -               return NULL;
> +               key = NULL;
>         }
> +       rcu_read_unlock();
>         return key;
>  }
>
> --
> 2.24.1
>

Powered by blists - more mailing lists