Re: [PATCH] bpf: test_run: Fix timer mode initialization to NO_MIGRATE mode

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yonghong Song <yonghong.song@linux.dev>
To: Sahil Chandna <chandna.linuxkernel@gmail.com>,
	ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
	martin.lau@linux.dev, song@kernel.org, john.fastabend@gmail.com,
	haoluo@google.com, jolsa@kernel.org, bpf@vger.kernel.org,
	netdev@vger.kernel.org
Cc: david.hunter.linux@gmail.com, skhan@linuxfoundation.org,
	khalid@kernel.org,
	syzbot+1f1fbecb9413cdbfbef8@syzkaller.appspotmail.com
Subject: Re: [PATCH] bpf: test_run: Fix timer mode initialization to NO_MIGRATE mode
Date: Mon, 6 Oct 2025 22:15:25 -0700	[thread overview]
Message-ID: <d0fdced7-a9a5-473e-991f-4f5e4c13f616@linux.dev> (raw)
In-Reply-To: <20251006054320.159321-1-chandna.linuxkernel@gmail.com>



On 10/5/25 10:43 PM, Sahil Chandna wrote:
> By default, the timer mode is being initialized to `NO_PREEMPT`.
> This disables preemption and forces execution in atomic context.
> This can cause issue with PREEMPT_RT when calling spin_lock_bh() due
> to sleeping nature of the lock.
> ...
> BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6107, name: syz.0.17
> preempt_count: 1, expected: 0
> RCU nest depth: 1, expected: 1
> Preemption disabled at:
> [<ffffffff891fce58>] bpf_test_timer_enter+0xf8/0x140 net/bpf/test_run.c:42
> Call Trace:
>   <TASK>
>   dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
>   __might_resched+0x44b/0x5d0 kernel/sched/core.c:8957
>   __rt_spin_lock kernel/locking/spinlock_rt.c:48 [inline]
>   rt_spin_lock+0xc7/0x2c0 kernel/locking/spinlock_rt.c:57
>   spin_lock_bh include/linux/spinlock_rt.h:88 [inline]
>   __sock_map_delete net/core/sock_map.c:421 [inline]
>   sock_map_delete_elem+0xb7/0x170 net/core/sock_map.c:452
>   bpf_prog_2c29ac5cdc6b1842+0x43/0x4b
>   bpf_dispatcher_nop_func include/linux/bpf.h:1332 [inline]
> ...
> Change initialization to NO_MIGRATE mode to prevent this.
>
> Reported-by: syzbot+1f1fbecb9413cdbfbef8@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=1f1fbecb9413cdbfbef8
> Tested-by: syzbot+1f1fbecb9413cdbfbef8@syzkaller.appspotmail.com
> Signed-off-by: Sahil Chandna <chandna.linuxkernel@gmail.com>
> ---
>   net/bpf/test_run.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
> index 4a862d605386..daf966dfed69 100644
> --- a/net/bpf/test_run.c
> +++ b/net/bpf/test_run.c
> @@ -1368,7 +1368,7 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
>   				     const union bpf_attr *kattr,
>   				     union bpf_attr __user *uattr)
>   {
> -	struct bpf_test_timer t = { NO_PREEMPT };
> +	struct bpf_test_timer t = { NO_MIGRATE };

I checked the original reproducer. And changing from
NO_PREEMPT to NO_MIGRATE is needed only with
CONFIG_PREEMPT_RT enabled.

>   	u32 size = kattr->test.data_size_in;
>   	struct bpf_flow_dissector ctx = {};
>   	u32 repeat = kattr->test.repeat;
> @@ -1436,7 +1436,7 @@ int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
>   int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, const union bpf_attr *kattr,
>   				union bpf_attr __user *uattr)
>   {
> -	struct bpf_test_timer t = { NO_PREEMPT };
> +	struct bpf_test_timer t = { NO_MIGRATE };

This change is not needed for the above particular BUG.

>   	struct bpf_prog_array *progs = NULL;
>   	struct bpf_sk_lookup_kern ctx = {};
>   	u32 repeat = kattr->test.repeat;

Checking the git history. I found the earliest NO_PREEMPT usage can be traced
back to this commit:

commit a439184d515fbf4805f57d11fa5dfd4524d2c0eb
Author: Stanislav Fomichev <sdf@google.com>
Date:   Tue Feb 19 10:54:17 2019 -0800

     bpf/test_run: fix unkillable BPF_PROG_TEST_RUN for flow dissector

At that time, migrate_disable/enable() are not used yet.

So I suspect that we can remove NO_PREEMPT/NO_MIGRATE in test_run.c
and use migrate_disable()/migrate_enable() universally.

next prev parent reply	other threads:[~2025-10-07  5:15 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-06  5:43 [PATCH] bpf: test_run: Fix timer mode initialization to NO_MIGRATE mode Sahil Chandna
2025-10-07  0:34 ` David Hunter
2025-10-07  5:15 ` Yonghong Song [this message]
  -- strict thread matches above, loose matches on Subject: below --
2025-10-09 22:50 Brahmajit Das
2025-10-09 23:10 ` Brahmajit Das
2025-10-10  3:43   ` Yonghong Song

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d0fdced7-a9a5-473e-991f-4f5e4c13f616@linux.dev \
    --to=yonghong.song@linux.dev \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=chandna.linuxkernel@gmail.com \
    --cc=daniel@iogearbox.net \
    --cc=david.hunter.linux@gmail.com \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=khalid@kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=netdev@vger.kernel.org \
    --cc=skhan@linuxfoundation.org \
    --cc=song@kernel.org \
    --cc=syzbot+1f1fbecb9413cdbfbef8@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.