From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Dumazet Subject: Re: [PATCH net-next 2/8] bpf: introduce BPF_PROG_QUERY command Date: Fri, 02 Feb 2018 06:28:43 -0800 Message-ID: <1517581723.3715.127.camel@gmail.com> References: <20171002234857.3707580-1-ast@fb.com> <20171002234857.3707580-3-ast@fb.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: Daniel Borkmann , Tejun Heo , David Ahern , netdev@vger.kernel.org, kernel-team@fb.com To: Alexei Starovoitov , "David S . Miller" Return-path: Received: from mail-pl0-f65.google.com ([209.85.160.65]:37608 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751469AbeBBO2p (ORCPT ); Fri, 2 Feb 2018 09:28:45 -0500 Received: by mail-pl0-f65.google.com with SMTP id ay8so6311807plb.4 for ; Fri, 02 Feb 2018 06:28:45 -0800 (PST) In-Reply-To: <20171002234857.3707580-3-ast@fb.com> Sender: netdev-owner@vger.kernel.org List-ID: On Mon, 2017-10-02 at 16:48 -0700, Alexei Starovoitov wrote: > introduce BPF_PROG_QUERY command to retrieve a set of either > attached programs to given cgroup or a set of effective programs > that will execute for events within a cgroup > ... > + > +int bpf_prog_array_copy_to_user(struct bpf_prog_array __rcu *progs, > + __u32 __user *prog_ids) > +{ > + struct bpf_prog **prog; > + u32 cnt = 0, id; > + > + rcu_read_lock(); > + prog = rcu_dereference(progs)->progs; > + for (; *prog; prog++) { > + id = (*prog)->aux->id; > + if (copy_to_user(prog_ids + cnt, &id, sizeof(id))) { > + rcu_read_unlock(); > + return -EFAULT; > + } > + cnt++; > + } > + rcu_read_unlock(); > + return 0; > +} We can not use copy_to_user() inside rcu_read_lock() section. CONFIG_DEBUG_ATOMIC_SLEEP=y would have detected this problem. Courtesy of syzbot, obviously.