From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: [PATCH AUTOSEL 4.20 48/81] bpf: fix potential deadlock in bpf_prog_register
Date: Thu, 28 Feb 2019 10:07:40 -0500 [thread overview]
Message-ID: <20190228150813.10256-48-sashal@kernel.org> (raw)
In-Reply-To: <20190228150813.10256-1-sashal@kernel.org>
From: Alexei Starovoitov <ast@kernel.org>
[ Upstream commit e16ec34039c701594d55d08a5aa49ee3e1abc821 ]
Lockdep found a potential deadlock between cpu_hotplug_lock, bpf_event_mutex, and cpuctx_mutex:
[ 13.007000] WARNING: possible circular locking dependency detected
[ 13.007587] 5.0.0-rc3-00018-g2fa53f892422-dirty #477 Not tainted
[ 13.008124] ------------------------------------------------------
[ 13.008624] test_progs/246 is trying to acquire lock:
[ 13.009030] 0000000094160d1d (tracepoints_mutex){+.+.}, at: tracepoint_probe_register_prio+0x2d/0x300
[ 13.009770]
[ 13.009770] but task is already holding lock:
[ 13.010239] 00000000d663ef86 (bpf_event_mutex){+.+.}, at: bpf_probe_register+0x1d/0x60
[ 13.010877]
[ 13.010877] which lock already depends on the new lock.
[ 13.010877]
[ 13.011532]
[ 13.011532] the existing dependency chain (in reverse order) is:
[ 13.012129]
[ 13.012129] -> #4 (bpf_event_mutex){+.+.}:
[ 13.012582] perf_event_query_prog_array+0x9b/0x130
[ 13.013016] _perf_ioctl+0x3aa/0x830
[ 13.013354] perf_ioctl+0x2e/0x50
[ 13.013668] do_vfs_ioctl+0x8f/0x6a0
[ 13.014003] ksys_ioctl+0x70/0x80
[ 13.014320] __x64_sys_ioctl+0x16/0x20
[ 13.014668] do_syscall_64+0x4a/0x180
[ 13.015007] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 13.015469]
[ 13.015469] -> #3 (&cpuctx_mutex){+.+.}:
[ 13.015910] perf_event_init_cpu+0x5a/0x90
[ 13.016291] perf_event_init+0x1b2/0x1de
[ 13.016654] start_kernel+0x2b8/0x42a
[ 13.016995] secondary_startup_64+0xa4/0xb0
[ 13.017382]
[ 13.017382] -> #2 (pmus_lock){+.+.}:
[ 13.017794] perf_event_init_cpu+0x21/0x90
[ 13.018172] cpuhp_invoke_callback+0xb3/0x960
[ 13.018573] _cpu_up+0xa7/0x140
[ 13.018871] do_cpu_up+0xa4/0xc0
[ 13.019178] smp_init+0xcd/0xd2
[ 13.019483] kernel_init_freeable+0x123/0x24f
[ 13.019878] kernel_init+0xa/0x110
[ 13.020201] ret_from_fork+0x24/0x30
[ 13.020541]
[ 13.020541] -> #1 (cpu_hotplug_lock.rw_sem){++++}:
[ 13.021051] static_key_slow_inc+0xe/0x20
[ 13.021424] tracepoint_probe_register_prio+0x28c/0x300
[ 13.021891] perf_trace_event_init+0x11f/0x250
[ 13.022297] perf_trace_init+0x6b/0xa0
[ 13.022644] perf_tp_event_init+0x25/0x40
[ 13.023011] perf_try_init_event+0x6b/0x90
[ 13.023386] perf_event_alloc+0x9a8/0xc40
[ 13.023754] __do_sys_perf_event_open+0x1dd/0xd30
[ 13.024173] do_syscall_64+0x4a/0x180
[ 13.024519] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 13.024968]
[ 13.024968] -> #0 (tracepoints_mutex){+.+.}:
[ 13.025434] __mutex_lock+0x86/0x970
[ 13.025764] tracepoint_probe_register_prio+0x2d/0x300
[ 13.026215] bpf_probe_register+0x40/0x60
[ 13.026584] bpf_raw_tracepoint_open.isra.34+0xa4/0x130
[ 13.027042] __do_sys_bpf+0x94f/0x1a90
[ 13.027389] do_syscall_64+0x4a/0x180
[ 13.027727] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 13.028171]
[ 13.028171] other info that might help us debug this:
[ 13.028171]
[ 13.028807] Chain exists of:
[ 13.028807] tracepoints_mutex --> &cpuctx_mutex --> bpf_event_mutex
[ 13.028807]
[ 13.029666] Possible unsafe locking scenario:
[ 13.029666]
[ 13.030140] CPU0 CPU1
[ 13.030510] ---- ----
[ 13.030875] lock(bpf_event_mutex);
[ 13.031166] lock(&cpuctx_mutex);
[ 13.031645] lock(bpf_event_mutex);
[ 13.032135] lock(tracepoints_mutex);
[ 13.032441]
[ 13.032441] *** DEADLOCK ***
[ 13.032441]
[ 13.032911] 1 lock held by test_progs/246:
[ 13.033239] #0: 00000000d663ef86 (bpf_event_mutex){+.+.}, at: bpf_probe_register+0x1d/0x60
[ 13.033909]
[ 13.033909] stack backtrace:
[ 13.034258] CPU: 1 PID: 246 Comm: test_progs Not tainted 5.0.0-rc3-00018-g2fa53f892422-dirty #477
[ 13.034964] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
[ 13.035657] Call Trace:
[ 13.035859] dump_stack+0x5f/0x8b
[ 13.036130] print_circular_bug.isra.37+0x1ce/0x1db
[ 13.036526] __lock_acquire+0x1158/0x1350
[ 13.036852] ? lock_acquire+0x98/0x190
[ 13.037154] lock_acquire+0x98/0x190
[ 13.037447] ? tracepoint_probe_register_prio+0x2d/0x300
[ 13.037876] __mutex_lock+0x86/0x970
[ 13.038167] ? tracepoint_probe_register_prio+0x2d/0x300
[ 13.038600] ? tracepoint_probe_register_prio+0x2d/0x300
[ 13.039028] ? __mutex_lock+0x86/0x970
[ 13.039337] ? __mutex_lock+0x24a/0x970
[ 13.039649] ? bpf_probe_register+0x1d/0x60
[ 13.039992] ? __bpf_trace_sched_wake_idle_without_ipi+0x10/0x10
[ 13.040478] ? tracepoint_probe_register_prio+0x2d/0x300
[ 13.040906] tracepoint_probe_register_prio+0x2d/0x300
[ 13.041325] bpf_probe_register+0x40/0x60
[ 13.041649] bpf_raw_tracepoint_open.isra.34+0xa4/0x130
[ 13.042068] ? __might_fault+0x3e/0x90
[ 13.042374] __do_sys_bpf+0x94f/0x1a90
[ 13.042678] do_syscall_64+0x4a/0x180
[ 13.042975] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 13.043382] RIP: 0033:0x7f23b10a07f9
[ 13.045155] RSP: 002b:00007ffdef42fdd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000141
[ 13.045759] RAX: ffffffffffffffda RBX: 00007ffdef42ff70 RCX: 00007f23b10a07f9
[ 13.046326] RDX: 0000000000000070 RSI: 00007ffdef42fe10 RDI: 0000000000000011
[ 13.046893] RBP: 00007ffdef42fdf0 R08: 0000000000000038 R09: 00007ffdef42fe10
[ 13.047462] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 13.048029] R13: 0000000000000016 R14: 00007f23b1db4690 R15: 0000000000000000
Since tracepoints_mutex will be taken in tracepoint_probe_register/unregister()
there is no need to take bpf_event_mutex too.
bpf_event_mutex is protecting modifications to prog array used in kprobe/perf bpf progs.
bpf_raw_tracepoints don't need to take this mutex.
Fixes: c4f6699dfcb8 ("bpf: introduce BPF_RAW_TRACEPOINT")
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/bpf_trace.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 9864a35c8bb57..6c28d519447d1 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -1158,22 +1158,12 @@ static int __bpf_probe_register(struct bpf_raw_event_map *btp, struct bpf_prog *
int bpf_probe_register(struct bpf_raw_event_map *btp, struct bpf_prog *prog)
{
- int err;
-
- mutex_lock(&bpf_event_mutex);
- err = __bpf_probe_register(btp, prog);
- mutex_unlock(&bpf_event_mutex);
- return err;
+ return __bpf_probe_register(btp, prog);
}
int bpf_probe_unregister(struct bpf_raw_event_map *btp, struct bpf_prog *prog)
{
- int err;
-
- mutex_lock(&bpf_event_mutex);
- err = tracepoint_probe_unregister(btp->tp, (void *)btp->bpf_func, prog);
- mutex_unlock(&bpf_event_mutex);
- return err;
+ return tracepoint_probe_unregister(btp->tp, (void *)btp->bpf_func, prog);
}
int bpf_get_perf_event_info(const struct perf_event *event, u32 *prog_id,
--
2.19.1
next prev parent reply other threads:[~2019-02-28 15:09 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-28 15:06 [PATCH AUTOSEL 4.20 01/81] ARM: OMAP: dts: N950/N9: fix onenand timings Sasha Levin
2019-02-28 15:06 ` [PATCH AUTOSEL 4.20 02/81] ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags Sasha Levin
2019-02-28 15:06 ` [PATCH AUTOSEL 4.20 03/81] ARM: dts: sun8i: h3: Add ethernet0 alias to Beelink X2 Sasha Levin
2019-02-28 15:06 ` [PATCH AUTOSEL 4.20 04/81] arm: dts: meson: Fix IRQ trigger type for macirq Sasha Levin
2019-02-28 15:06 ` [PATCH AUTOSEL 4.20 05/81] ARM: dts: meson8b: odroidc1: mark the SD card detection GPIO active-low Sasha Levin
2019-02-28 15:06 ` [PATCH AUTOSEL 4.20 06/81] ARM: dts: meson8b: ec100: " Sasha Levin
2019-02-28 15:06 ` [PATCH AUTOSEL 4.20 07/81] ARM: dts: meson8m2: mxiii-plus: " Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 08/81] signal: Make siginmask safe when passed a signal of 0 Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 09/81] ARM: dts: imx6sx: correct backward compatible of gpt Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 10/81] arm64: dts: renesas: r8a7796: Enable DMA for SCIF2 Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 11/81] arm64: dts: renesas: r8a77965: " Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 12/81] soc: fsl: qbman: avoid race in clearing QMan interrupt Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 13/81] pinctrl: mcp23s08: spi: Fix regmap allocation for mcp23s18 Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 14/81] wlcore: sdio: Fixup power on/off sequence Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 15/81] bpftool: Fix prog dump by tag Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 16/81] bpftool: fix percpu maps updating Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 17/81] bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt() Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 18/81] ARM: pxa: ssp: unneeded to free devm_ allocated data Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 19/81] ARM: dts: omap3-gta04: Fix graph_port warning Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 20/81] ARM: dts: n900: fix mmc1 card detect gpio polarity Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 21/81] ARM: dts: am335x-shc.dts: fix wrong cd pin level Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 22/81] arm64: dts: add msm8996 compatible to gicv3 Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 23/81] batman-adv: release station info tidstats Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 24/81] MIPS: DTS: jz4740: Correct interrupt number of DMA core Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 25/81] DTS: CI20: Fix bugs in ci20's device tree Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 26/81] usb: phy: fix link errors Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 27/81] usb: dwc3: exynos: Fix error handling of clk_prepare_enable Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 28/81] irqchip/gic-v4: Fix occasional VLPI drop Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 29/81] sk_msg: Always cancel strp work before freeing the psock Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 30/81] irqchip/gic-v3-its: Gracefully fail on LPI exhaustion Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 31/81] irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 32/81] drm/amdgpu: Add missing power attribute to APU check Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 33/81] drm/radeon: check if device is root before getting pci speed caps Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 34/81] debugfs: return error values, not NULL Sasha Levin
2019-02-28 15:25 ` Greg Kroah-Hartman
2019-03-11 17:22 ` Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 35/81] debugfs: debugfs_lookup() should return NULL if not found Sasha Levin
2019-02-28 15:25 ` Greg Kroah-Hartman
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 36/81] binder: fix CONFIG_ANDROID_BINDER_DEVICES Sasha Levin
2019-02-28 15:24 ` Greg Kroah-Hartman
2019-03-11 17:23 ` Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 37/81] drm/amdgpu: Transfer fences to dmabuf importer Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 38/81] net: stmmac: Fallback to Platform Data clock in Watchdog conversion Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 39/81] net: stmmac: Send TSO packets always from Queue 0 Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 40/81] net: stmmac: Disable EEE mode earlier in XMIT callback Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 41/81] irqchip/gic-v3-its: Fix ITT_entry_size accessor Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 42/81] relay: check return of create_buf_file() properly Sasha Levin
2019-02-28 15:26 ` Greg Kroah-Hartman
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 43/81] blk-mq: protect debugfs_create_files() from failures Sasha Levin
2019-02-28 15:26 ` Greg Kroah-Hartman
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 44/81] ath10k: correct bus type for WCN3990 Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 45/81] bpf, selftests: fix handling of sparse CPU allocations Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 46/81] bpf: run bpf programs with preemption disabled Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 47/81] bpf: fix lockdep false positive in percpu_freelist Sasha Levin
2019-02-28 15:07 ` Sasha Levin [this message]
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 49/81] bpf: Fix syscall's stackmap lookup potential deadlock Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 50/81] drm/amdgpu: Implement doorbell self-ring for NBIO 7.4 Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 51/81] drm/amdgpu: fix the incorrect external id for raven series Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 52/81] drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 53/81] dmaengine: at_xdmac: Fix wrongfull report of a channel as in use Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 54/81] vsock/virtio: fix kernel panic after device hot-unplug Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 55/81] vsock/virtio: reset connected sockets on device removal Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 56/81] dmaengine: dmatest: Abort test in case of mapping error Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 57/81] selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 58/81] selftests: netfilter: add simple masq/redirect test cases Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 59/81] netfilter: nf_nat: skip nat clash resolution for same-origin entries Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 60/81] arm64: ptdump: Don't iterate kernel page tables using PTRS_PER_PXX Sasha Levin
2019-02-28 15:14 ` Will Deacon
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 61/81] s390/qeth: release cmd buffer in error paths Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 62/81] s390/qeth: fix use-after-free in error path Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 63/81] s390/qeth: cancel close_dev work before removing a card Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 64/81] s390/qeth: conclude all event processing before offlining " Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 65/81] perf symbols: Filter out hidden symbols from labels Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 66/81] perf trace: Support multiple "vfs_getname" probes Sasha Levin
2019-02-28 15:07 ` [PATCH AUTOSEL 4.20 67/81] MIPS: Loongson: Introduce and use loongson_llsc_mb() Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 68/81] MIPS: Remove function size check in get_frame_info() Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 69/81] Revert "scsi: libfc: Add WARN_ON() when deleting rports" Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 70/81] i2c: omap: Use noirq system sleep pm ops to idle device for suspend Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 71/81] drm/amdgpu: use spin_lock_irqsave to protect vm_manager.pasid_idr Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 72/81] drm/omap: dsi: Fix crash in DSI debug dumps Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 73/81] drm/omap: dsi: Fix OF platform depopulate Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 74/81] drm/omap: dsi: Hack-fix DSI bus flags Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 75/81] nvme: lock NS list changes while handling command effects Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 76/81] nvme-pci: fix rapid add remove sequence Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 77/81] fs: ratelimit __find_get_block_slow() failure message Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 78/81] qed: Fix EQ full firmware assert Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 79/81] qed: Consider TX tcs while deriving the max num_queues for PF Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 80/81] qede: Fix system crash on configuring channels Sasha Levin
2019-02-28 15:08 ` [PATCH AUTOSEL 4.20 81/81] blk-iolatency: fix IO hang due to negative inflight counter Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190228150813.10256-48-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox