From: Ihor Solodrai <ihor.solodrai@linux.dev>
To: sashiko-reviews@lists.linux.dev
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v6 1/3] bpf: Factor out stack_map build ID helpers
Date: Thu, 21 May 2026 16:32:50 -0700 [thread overview]
Message-ID: <8818c106-1e8e-488e-8da4-98c6b079f8b9@linux.dev> (raw)
In-Reply-To: <20260521231600.E14FD1F000E9@smtp.kernel.org>
On 2026-05-21 4:16 p.m., sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
> - [Medium] Data race and incorrect ordering in stack_map_build_id_set_valid causing stale reads
> --
>
> commit 4eb2cc8713ca7f31dcbc75f5166e94dd60761e7c
> Author: Ihor Solodrai <ihor.solodrai@linux.dev>
>
> bpf: Factor out stack_map build ID helpers
>
> This commit factors out helpers from stack_map_get_build_id_offset() to
> prepare for adding a sleepable build ID resolution path. The commit
> message states there are no functional changes.
>
>> diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
>> index da3d328f5c15a..4c753e02c4159 100644
>> --- a/kernel/bpf/stackmap.c
>> +++ b/kernel/bpf/stackmap.c
> [ ... ]
>> @@ -152,6 +152,28 @@ static int fetch_build_id(struct vm_area_struct *vma, unsigned char *build_id, b
> [ ... ]
>> +static inline void stack_map_build_id_set_valid(struct bpf_stack_build_id *id,
>> + u64 offset,
>> + const unsigned char *build_id)
>> +{
>> + id->status = BPF_STACK_BUILD_ID_VALID;
>
> [Severity: Medium]
> In bpf_get_stack(), the destination buffer can be a BPF map value that is
> concurrently readable locklessly by user-space. Since the buffer initially
> contains the raw instruction pointer (ip), does setting status to VALID
> before writing the offset create a data race?
This is a good point. Will fix in the next version.
>
> A concurrent lockless reader polling the status field might observe the
> VALID status while the union still holds the raw ip instead of the correct
> file offset, and before the build_id string is fully copied.
>
> Prior to this patch, the offset was written before the status. Could this
> reordering of assignments cause concurrent readers to observe stale data?
>
>> + id->offset = offset;
>> + if (id->build_id != build_id)
>> + memcpy(id->build_id, build_id, BUILD_ID_SIZE_MAX);
>> +}
>
next prev parent reply other threads:[~2026-05-21 23:32 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 22:50 [PATCH bpf-next v6 0/3] bpf: Implement stack_map_get_build_id_offset_sleepable() Ihor Solodrai
2026-05-21 22:50 ` [PATCH bpf-next v6 1/3] bpf: Factor out stack_map build ID helpers Ihor Solodrai
2026-05-21 23:16 ` sashiko-bot
2026-05-21 23:32 ` Ihor Solodrai [this message]
2026-05-22 17:17 ` Andrii Nakryiko
2026-05-22 17:16 ` Andrii Nakryiko
2026-05-22 17:33 ` Ihor Solodrai
2026-05-22 17:50 ` Andrii Nakryiko
2026-05-21 22:50 ` [PATCH bpf-next v6 2/3] bpf: Avoid faultable build ID reads under mm locks Ihor Solodrai
2026-05-21 23:33 ` bot+bpf-ci
2026-05-21 23:41 ` sashiko-bot
2026-05-22 17:42 ` Andrii Nakryiko
2026-05-22 18:04 ` Ihor Solodrai
2026-05-22 18:14 ` Andrii Nakryiko
2026-05-21 22:50 ` [PATCH bpf-next v6 3/3] bpf: Cache build IDs in sleepable stackmap path Ihor Solodrai
2026-05-21 23:33 ` bot+bpf-ci
2026-05-22 0:13 ` sashiko-bot
2026-05-22 17:46 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8818c106-1e8e-488e-8da4-98c6b079f8b9@linux.dev \
--to=ihor.solodrai@linux.dev \
--cc=bpf@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.