From: Namhyung Kim <namhyung@kernel.org>
To: Ian Rogers <irogers@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@redhat.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@kernel.org>,
Adrian Hunter <adrian.hunter@intel.com>,
Kan Liang <kan.liang@linux.intel.com>,
Blake Jones <blakejones@google.com>,
Zhongqiu Han <quic_zhonhan@quicinc.com>,
Andrii Nakryiko <andrii@kernel.org>,
Song Liu <songliubraving@fb.com>,
Dave Marchevsky <davemarchevsky@fb.com>,
linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org,
bpf@vger.kernel.org, Howard Chu <howardchu95@gmail.com>,
song@kernel.org, Yonghong Song <yonghong.song@linux.dev>
Subject: Re: [PATCH v1 0/3] Fix use-after-free race in bpf_prog_info synthesis
Date: Tue, 2 Sep 2025 14:54:51 -0700 [thread overview]
Message-ID: <aLdnq7EayjFVbGYp@google.com> (raw)
In-Reply-To: <20250902181713.309797-1-irogers@google.com>
Hi Ian,
On Tue, Sep 02, 2025 at 11:17:10AM -0700, Ian Rogers wrote:
> The addition of more use of bpf_prog_info for gather BPF metadata in:
> https://lore.kernel.org/all/20250612194939.162730-1-blakejones@google.com/
> and the ever richer perf trace testing, such as:
> https://lore.kernel.org/all/20250528191148.89118-1-howardchu95@gmail.com/
> frequently triggered a latent perf bug in v6.17 when the perf and
> libbpf updates came together. The bug would cause segvs and was reported here:
> https://lore.kernel.org/lkml/CAP-5=fWJQcmUOP7MuCA2ihKnDAHUCOBLkQFEkQES-1ZZTrgf8Q@mail.gmail.com/
>
> To fix the issue the 1st and 3rd patch are necessary. Both patches
> address a race of either the sideband thread updating perf's state or
> the kernel state changing over two system calls.
Thanks a lot for the fix!
>
> The use-after-free was introduced by:
> https://lore.kernel.org/r/20241205084500.823660-4-quic_zhonhan@quicinc.com
> The lack of failing getting the bpf_prog_info for changes in the
> kernel was introduced in:
> https://lore.kernel.org/r/20211011082031.4148337-4-davemarchevsky@fb.com
>
> As v6.17 is currently actively segv-ing in perf test I'd recommend
> these patches go into v6.17 asap.
Sure, I'll add them to perf-tools tree.
>
> When running the perf tests on v6.17 I frequently see less critical
> test failures addressed in:
> https://lore.kernel.org/all/20250821221834.1312002-1-irogers@google.com/
Are they all from v6.17?
>
> Ian Rogers (3):
> perf bpf-event: Fix use-after-free in synthesis
> perf bpf-utils: Constify bpil_array_desc
> perf bpf-utils: Harden get_bpf_prog_info_linear
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Thanks,
Namhyung
>
> tools/perf/util/bpf-event.c | 39 ++++++++++++++++--------
> tools/perf/util/bpf-utils.c | 61 ++++++++++++++++++++++++-------------
> 2 files changed, 66 insertions(+), 34 deletions(-)
>
> --
> 2.51.0.355.g5224444f11-goog
>
next prev parent reply other threads:[~2025-09-02 21:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-02 18:17 [PATCH v1 0/3] Fix use-after-free race in bpf_prog_info synthesis Ian Rogers
2025-09-02 18:17 ` [PATCH v1 1/3] perf bpf-event: Fix use-after-free in synthesis Ian Rogers
2025-09-02 18:17 ` [PATCH v1 2/3] perf bpf-utils: Constify bpil_array_desc Ian Rogers
2025-09-02 18:17 ` [PATCH v1 3/3] perf bpf-utils: Harden get_bpf_prog_info_linear Ian Rogers
2025-09-02 21:54 ` Namhyung Kim [this message]
2025-09-02 22:33 ` [PATCH v1 0/3] Fix use-after-free race in bpf_prog_info synthesis Ian Rogers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aLdnq7EayjFVbGYp@google.com \
--to=namhyung@kernel.org \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=andrii@kernel.org \
--cc=blakejones@google.com \
--cc=bpf@vger.kernel.org \
--cc=davemarchevsky@fb.com \
--cc=howardchu95@gmail.com \
--cc=irogers@google.com \
--cc=jolsa@kernel.org \
--cc=kan.liang@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=quic_zhonhan@quicinc.com \
--cc=song@kernel.org \
--cc=songliubraving@fb.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).