lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aHlqiEaG43iqUsOX@strlen.de>
Date: Thu, 17 Jul 2025 23:26:32 +0200
From: Florian Westphal <fw@...len.de>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Kuniyuki Iwashima <kuniyu@...gle.com>,
	Alexei Starovoitov <ast@...nel.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Andrii Nakryiko <andrii@...nel.org>, Daniel Xu <dxu@...uu.xyz>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	Jozsef Kadlecsik <kadlec@...filter.org>,
	Kuniyuki Iwashima <kuni1840@...il.com>, bpf <bpf@...r.kernel.org>,
	Network Development <netdev@...r.kernel.org>,
	netfilter-devel <netfilter-devel@...r.kernel.org>,
	syzbot+40f772d37250b6d10efc@...kaller.appspotmail.com
Subject: Re: [PATCH v1 bpf] bpf: Disable migration in nf_hook_run_bpf().

Alexei Starovoitov <alexei.starovoitov@...il.com> wrote:
> > Let's call migrate_disable() before calling bpf_prog_run() in
> > nf_hook_run_bpf().

Or use bpf_prog_run_pin_on_cpu() which wraps bpf_prog_run().

> > Fixes: 91721c2d02d3 ("netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link")
> 
> Fixes tag looks wrong.
> I don't think it's Daniel's defrag series.
> No idea why syzbot bisected it to this commit.

Didn't check but I'd wager the bpf prog attach is rejected due to an
unsupported flag before this commit.  Looks like correct tag is

Fixes: fd9c663b9ad6 ("bpf: minimal support for programs hooked into netfilter framework")

I don't see anything that implicitly disables preemption and even 6.4 has
the cant_migrate() call there.

> > +       unsigned int ret;
> >
> > -       return bpf_prog_run(prog, &ctx);
> > +       migrate_disable();
> > +       ret = bpf_prog_run(prog, &ctx);
> > +       migrate_enable();
> 
> The fix looks correct, but we need to root cause it better.
> Why did it start now ?

I guess most people don't have preemptible rcu enabled.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ