[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <660c11a6b3315_1cee208d3@john.notmuch>
Date: Tue, 02 Apr 2024 07:09:42 -0700
From: John Fastabend <john.fastabend@...il.com>
To: Jakub Sitnicki <jakub@...udflare.com>,
bpf@...r.kernel.org
Cc: netdev@...r.kernel.org,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
kernel-team@...udflare.com,
xingwei lee <xrivendell7@...il.com>,
yue sun <samsun1006219@...il.com>,
syzbot+bc922f476bd65abbd466@...kaller.appspotmail.com,
syzbot+d4066896495db380182e@...kaller.appspotmail.com,
John Fastabend <john.fastabend@...il.com>,
Edward Adam Davis <eadavis@...com>,
Shung-Hsi Yu <shung-hsi.yu@...e.com>
Subject: RE: [PATCH bpf] bpf, sockmap: Prevent lock inversion deadlock in map
delete elem
Jakub Sitnicki wrote:
> syzkaller started using corpuses where a BPF tracing program deletes
> elements from a sockmap/sockhash map. Because BPF tracing programs can be
> invoked from any interrupt context, locks taken during a map_delete_elem
> operation must be hardirq-safe. Otherwise a deadlock due to lock inversion
> is possible, as reported by lockdep:
>
> CPU0 CPU1
> ---- ----
> lock(&htab->buckets[i].lock);
> local_irq_disable();
> lock(&host->lock);
> lock(&htab->buckets[i].lock);
> <Interrupt>
> lock(&host->lock);
>
> Locks in sockmap are hardirq-unsafe by design. We expects elements to be
> deleted from sockmap/sockhash only in task (normal) context with interrupts
> enabled, or in softirq context.
>
> Detect when map_delete_elem operation is invoked from a context which is
> _not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an
> error.
>
> Note that map updates are not affected by this issue. BPF verifier does not
> allow updating sockmap/sockhash from a BPF tracing program today.
>
> Reported-by: xingwei lee <xrivendell7@...il.com>
> Reported-by: yue sun <samsun1006219@...il.com>
> Reported-by: syzbot+bc922f476bd65abbd466@...kaller.appspotmail.com
> Reported-and-tested-by: syzbot+d4066896495db380182e@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=d4066896495db380182e
> Closes: https://syzkaller.appspot.com/bug?extid=bc922f476bd65abbd466
> Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
> ---
> Cc: John Fastabend <john.fastabend@...il.com>
> Cc: Edward Adam Davis <eadavis@...com>
> Cc: Shung-Hsi Yu <shung-hsi.yu@...e.com>
> ---
> net/core/sock_map.c | 6 ++++++
> 1 file changed, 6 insertions(+)
Agree.
Acked-by: John Fastabend <john.fastabend@...il.com>
Powered by blists - more mailing lists