From: Yonghong Song <yonghong.song@linux.dev>
To: Sahil Chandna <chandna.sahil@gmail.com>,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, eddyz87@gmail.com, song@kernel.org,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
haoluo@google.com, jolsa@kernel.org, bigeasy@linutronix.de,
bpf@vger.kernel.org
Cc: syzbot+b0cff308140f79a9c4cb@syzkaller.appspotmail.com
Subject: Re: [PATCH bpf-next v2] bpf: use preempt_disable/enable() to protect bpf_bprintf_buffers nesting
Date: Tue, 11 Nov 2025 12:22:51 -0800 [thread overview]
Message-ID: <fce1c70c-c848-415d-8be4-9fba21c70fee@linux.dev> (raw)
In-Reply-To: <20251111170628.410641-1-chandna.sahil@gmail.com>
On 11/11/25 9:06 AM, Sahil Chandna wrote:
> The bpf_bprintf_prepare() and related helpers (bpf_try_get_buffers() /
> bpf_put_buffers()) rely on a per-CPU counter bpf_bprintf_nest_level to
> manage nested buffer usage. However, when invoked from different contexts
> (process, softirq, NMI), the nesting counter can become inconsistent if
> task migration occurs between CPUs during these operations. This can
> result in warnings such as:
>
> WARNING: CPU: 1 PID: 6145 at kernel/bpf/helpers.c:781 bpf_try_get_buffers kernel/bpf/helpers.c:781 [inline]
> WARNING: CPU: 1 PID: 6145 at kernel/bpf/helpers.c:781 bpf_bprintf_prepare+0x12cf/0x13a0 kernel/bpf/helpers.c:834
>
> Having only migrate_disable is insufficient here to prevent nesting,
> hence add preempt_disable()/enable() around buffer acquisition and release.
>
> Reported-by: syzbot+b0cff308140f79a9c4cb@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/all/68f6a4c8.050a0220.1be48.0011.GAE@google.com/
> Fixes: 4223bf833c849 ("bpf: Remove preempt_disable in bpf_try_get_buffers")
> Suggested-by: Yonghong Song <yonghong.song@linux.dev>
> Signed-off-by: Sahil Chandna <chandna.sahil@gmail.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
next prev parent reply other threads:[~2025-11-11 20:23 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-11 17:06 [PATCH bpf-next v2] bpf: use preempt_disable/enable() to protect bpf_bprintf_buffers nesting Sahil Chandna
2025-11-11 20:22 ` Yonghong Song [this message]
2025-11-12 8:23 ` Sebastian Andrzej Siewior
2025-11-14 21:10 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fce1c70c-c848-415d-8be4-9fba21c70fee@linux.dev \
--to=yonghong.song@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bigeasy@linutronix.de \
--cc=bpf@vger.kernel.org \
--cc=chandna.sahil@gmail.com \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=syzbot+b0cff308140f79a9c4cb@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.