From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oo1-f46.google.com (mail-oo1-f46.google.com [209.85.161.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEF9629C327 for ; Tue, 30 Jun 2026 23:17:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.46 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782861450; cv=none; b=ZzSAqCG8nqKR9+OpzRW1fBggQmhczsNTYcdvtW10j0LIrjO0S3djKT7bA0YsS1iaChWZOK0xTWdwrIRMit50YemxG+JNTBQ6/YB80MM5wtsEUju0Egqk0LXicIZ/xK6j7PP/u1UWQ9e2FS2v3ewlsEZYgHFyOTRmw/+A4cxp9N8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782861450; c=relaxed/simple; bh=grQNBSOOrrvp6LYiktIUzOeC/U4NKJ8O9LNU8RX4CE8=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=UzTI32MUrWwNKrcv65QndWUgkGhU92JKAcyG+gt0Nd9HUK8t5QsP7FiFWNfnjZ8DeBw36kiv92OaXolFesQupozcc2jwoc339XLyDoHuaCIk/6LkVzD2HBlrS+ZmigL56HZRQ+2fDNFr9UyuQWGy24NzOkO6EkucIc2G2DNy5zQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NMJihUGB; arc=none smtp.client-ip=209.85.161.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NMJihUGB" Received: by mail-oo1-f46.google.com with SMTP id 006d021491bc7-69eb8b6bea8so15380eaf.3 for ; Tue, 30 Jun 2026 16:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782861448; x=1783466248; darn=vger.kernel.org; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=JLQmE8n/uF1NhvarCMC8vD9mc3DyBSsAZJ3F/E0uH6s=; b=NMJihUGBfuUDmhUbQoVZJ8XZvq5QsmYn1Ih8oke2z6zWD4jE913rumuzduiREdnIGf aDEfNG9vienExNx5Mew+KGHwJAdMNhL+0I5gmKbb/eV2LwfYuZyFZH6opqeNWQLmBP9h lzmaTVECNWivtPu9fAjZCrsEZtslqoKtCQ/vL/mlljwKCMUiJbBoSMW+wVtpB4MaAhcM BltjQ27zCeOK+XUaXirknRxXN3QS+bLbyT8Bd/x27QQwbeZdsOYVGakm272FiTrfmGNE PBtvRd0UxKVOWOaIiTbVkLmmm9w+l8Sr2Sew+ekim21X77JQeoWU3/do58+lMpgwGIZJ YEmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782861448; x=1783466248; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=JLQmE8n/uF1NhvarCMC8vD9mc3DyBSsAZJ3F/E0uH6s=; b=hjs4eToai5xWf2eFgL/2E1H+nJNsSZdEiuHIfsJEoVmLLFJ8YdIwt+wTL6GYWv7gma g2ZTTMQ9LePEK872dVSf+KiqzdkkAD2R6qFepQF4yLcM2FozhMDRh5VtIr0XFpHP9Qx8 oZDqb+d5Xsp2TkFeWFk7inDmtFdw5D30DkCjoKqY1HIQTNItCZ5lxiEBjq6aqadts244 Ul+Q5mEeC3LNl4XWks9sHMDRdCJtqbgQLFcgsodg2jlSyyvp+K4JtbbwifWXTIasnld0 iwM3NY64TNJa1aSWyp9fTwh6l17ZcEUzv43ptOd7dzPBi4DMxg+UOKoraSgPtt4accxF NOyA== X-Forwarded-Encrypted: i=1; AFNElJ97siBw/bPW/7JiNWZYFnFd0VE7cjxZVQeUcuC5e1yEIS4vHQEhh5vllYmBW387Yx5bYqhCnm14pm3ncNs=@vger.kernel.org X-Gm-Message-State: AOJu0YzLvxzRCB5P6embwNsbk5g9YXMa7tCWSmMRCR+ZM/d3zSj8ao5X MvFN3Wl36+MnKfDnsJLln5obu0rvNoO2/EJXC4arl+Q5+It4NKmbIeqP X-Gm-Gg: AfdE7ckyMbmzOrwfWio/fzym8PKKpPhzpk1/CBsTV4ICA5X3Z/DqXcaLhLcR5SI/hGw ls3RgV7jEWcEJQWksZQqaxC9/OX1JYDti8YXKenpzX3JKPptfMN+SFCjuuhsO4666CF8XYaMncg 81vfQ87aFxxEQnpel72mAskzZ1eGFXT/WcgHJIZDTxQdjaGQ+j3wMvjobNK2baLaG5oTN6Tl9Iw P0ZXfnLJghV5YvaQmguVxcO9Nvi5lDgAzRaMk9VGwBdmg4B8yWoX7aSowaOdi+dYTQU+e4QkcmA lzVHuiUbBg0qfn7jwJ9fFKR/E6D+6lIw/eJVE6lu5mDxpO9EnxbHb8ndcJf9u1ZXTgiLwcXooKL A+cREzhOByfcJww/pPzWoQKfifKuYBDDvGXnowulIqQrXC4pcEZs9EKRhYqdnevE3BgME6GMtwl oZo/wjmaqM+SmRMnpVw64gx8aP3M7BlEoNfA1GycS+vsFkEr2zcCpWxm5ndOiBQMiK7hLRupMoE 2J8IDcWepC6lJfhng== X-Received: by 2002:a05:6820:2013:b0:6a1:7cce:a3a6 with SMTP id 006d021491bc7-6a196c9725dmr1602986eaf.54.1782861447750; Tue, 30 Jun 2026 16:17:27 -0700 (PDT) Received: from localhost ([2a03:2880:10ff:54::]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-44c6a58cb27sm224824fac.17.2026.06.30.16.17.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 Jun 2026 16:17:27 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 30 Jun 2026 16:17:26 -0700 Message-Id: Cc: "Paul Moore" , "John Fastabend" , "Martin KaFai Lau" , "Eduard Zingerman" , "Kumar Kartikeya Dwivedi" , "Song Liu" , "Yonghong Song" , "Jiri Olsa" , , Subject: Re: [PATCH bpf] bpf: move security_bpf_prog_free() out of RCU callback From: "Alexei Starovoitov" To: "Sechang Lim" , "Alexei Starovoitov" , "Daniel Borkmann" , "Andrii Nakryiko" X-Mailer: aerc References: <20260626093711.2969648-1-rhkrqnwk98@gmail.com> In-Reply-To: <20260626093711.2969648-1-rhkrqnwk98@gmail.com> On Fri Jun 26, 2026 at 2:37 AM PDT, Sechang Lim wrote: > __bpf_prog_put_rcu() is the call_rcu() callback for non-sleepable program= s. > security_bpf_prog_free() called from there fires bpf_prog_free in softirq= ; > if a sleepable LSM prog is attached to that hook, might_fault() BUGs: > > BUG: sleeping function called from invalid context > in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5038 > preempt_count: 101, expected: 0 > Call Trace: > > __bpf_prog_enter_sleepable+0x1cd/0x320 kernel/bpf/trampoline.c:1255 > bpf_trampoline_6442549705+0x53/0xd7 > security_bpf_prog_free+0xde/0x130 security/security.c:5465 > __bpf_prog_put_rcu+0xab/0xd0 kernel/bpf/syscall.c:2365 > rcu_do_batch kernel/rcu/tree.c:2617 [inline] > handle_softirqs+0x236/0x800 kernel/softirq.c:622 > > > The call_rcu/call_rcu_tasks_trace split reflects the freed program's > sleepability, not that of any attached observer. > > Move security_bpf_prog_free() to __bpf_prog_put_noref() before the RCU > deferral. > > Fixes: 1b67772e4e3f ("bpf,lsm: Refactor bpf_prog_alloc/bpf_prog_free LSM = hooks") > Signed-off-by: Sechang Lim > --- > kernel/bpf/syscall.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c > index 630d530782fe..f14c3f0f8827 100644 > --- a/kernel/bpf/syscall.c > +++ b/kernel/bpf/syscall.c > @@ -2362,7 +2362,6 @@ static void __bpf_prog_put_rcu(struct rcu_head *rcu= ) > kvfree(aux->func_info); > kfree(aux->func_info_aux); > free_uid(aux->user); > - security_bpf_prog_free(aux->prog); > bpf_prog_free(aux->prog); > } > =20 > @@ -2378,6 +2377,7 @@ static void __bpf_prog_put_noref(struct bpf_prog *p= rog, bool deferred) > if (prog->aux->attach_btf) > btf_put(prog->aux->attach_btf); > =20 > + security_bpf_prog_free(prog); I don't think you can just move it like that, since LSM side may rely on RCU GP. I think removing security_bpf_prog_free from sleepable is cleaner. pw-bot: cr