All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Alexei Starovoitov" <alexei.starovoitov@gmail.com>
To: "Sechang Lim" <rhkrqnwk98@gmail.com>,
	"Alexei Starovoitov" <ast@kernel.org>,
	"Daniel Borkmann" <daniel@iogearbox.net>,
	"Andrii Nakryiko" <andrii@kernel.org>
Cc: "Paul Moore" <paul@paul-moore.com>,
	"John Fastabend" <john.fastabend@gmail.com>,
	"Martin KaFai Lau" <martin.lau@linux.dev>,
	"Eduard Zingerman" <eddyz87@gmail.com>,
	"Kumar Kartikeya Dwivedi" <memxor@gmail.com>,
	"Song Liu" <song@kernel.org>,
	"Yonghong Song" <yonghong.song@linux.dev>,
	"Jiri Olsa" <jolsa@kernel.org>, <bpf@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH bpf] bpf: move security_bpf_prog_free() out of RCU callback
Date: Tue, 30 Jun 2026 16:17:26 -0700	[thread overview]
Message-ID: <DJMRMXI4W803.1JAJC33ATPG1M@gmail.com> (raw)
In-Reply-To: <20260626093711.2969648-1-rhkrqnwk98@gmail.com>

On Fri Jun 26, 2026 at 2:37 AM PDT, Sechang Lim wrote:
> __bpf_prog_put_rcu() is the call_rcu() callback for non-sleepable programs.
> security_bpf_prog_free() called from there fires bpf_prog_free in softirq;
> if a sleepable LSM prog is attached to that hook, might_fault() BUGs:
>
>   BUG: sleeping function called from invalid context
>   in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5038
>   preempt_count: 101, expected: 0
>   Call Trace:
>    <IRQ>
>    __bpf_prog_enter_sleepable+0x1cd/0x320 kernel/bpf/trampoline.c:1255
>    bpf_trampoline_6442549705+0x53/0xd7
>    security_bpf_prog_free+0xde/0x130 security/security.c:5465
>    __bpf_prog_put_rcu+0xab/0xd0 kernel/bpf/syscall.c:2365
>    rcu_do_batch kernel/rcu/tree.c:2617 [inline]
>    handle_softirqs+0x236/0x800 kernel/softirq.c:622
>    </IRQ>
>
> The call_rcu/call_rcu_tasks_trace split reflects the freed program's
> sleepability, not that of any attached observer.
>
> Move security_bpf_prog_free() to __bpf_prog_put_noref() before the RCU
> deferral.
>
> Fixes: 1b67772e4e3f ("bpf,lsm: Refactor bpf_prog_alloc/bpf_prog_free LSM hooks")
> Signed-off-by: Sechang Lim <rhkrqnwk98@gmail.com>
> ---
>  kernel/bpf/syscall.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 630d530782fe..f14c3f0f8827 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -2362,7 +2362,6 @@ static void __bpf_prog_put_rcu(struct rcu_head *rcu)
>  	kvfree(aux->func_info);
>  	kfree(aux->func_info_aux);
>  	free_uid(aux->user);
> -	security_bpf_prog_free(aux->prog);
>  	bpf_prog_free(aux->prog);
>  }
>  
> @@ -2378,6 +2377,7 @@ static void __bpf_prog_put_noref(struct bpf_prog *prog, bool deferred)
>  	if (prog->aux->attach_btf)
>  		btf_put(prog->aux->attach_btf);
>  
> +	security_bpf_prog_free(prog);

I don't think you can just move it like that, since LSM side
may rely on RCU GP.
I think removing security_bpf_prog_free from sleepable is cleaner.

pw-bot: cr


  parent reply	other threads:[~2026-06-30 23:17 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-26  9:37 [PATCH bpf] bpf: move security_bpf_prog_free() out of RCU callback Sechang Lim
2026-06-26  9:59 ` sashiko-bot
2026-06-30 23:17 ` Alexei Starovoitov [this message]
2026-07-01  8:05   ` Sechang Lim

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DJMRMXI4W803.1JAJC33ATPG1M@gmail.com \
    --to=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=memxor@gmail.com \
    --cc=paul@paul-moore.com \
    --cc=rhkrqnwk98@gmail.com \
    --cc=song@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.