* Patch "bpf, trace: use READ_ONCE for retrieving file ptr" has been added to the 4.6-stable tree
@ 2016-06-17 15:36 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-06-17 15:36 UTC (permalink / raw)
To: daniel, ast, davem, gregkh; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
bpf, trace: use READ_ONCE for retrieving file ptr
to the 4.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bpf-trace-use-read_once-for-retrieving-file-ptr.patch
and it can be found in the queue-4.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From foo@baz Fri Jun 17 08:34:39 PDT 2016
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Sat, 4 Jun 2016 20:50:59 +0200
Subject: bpf, trace: use READ_ONCE for retrieving file ptr
From: Daniel Borkmann <daniel@iogearbox.net>
[ Upstream commit 5b6c1b4d46b0dae4edea636a776d09f2064f4cd7 ]
In bpf_perf_event_read() and bpf_perf_event_output(), we must use
READ_ONCE() for fetching the struct file pointer, which could get
updated concurrently, so we must prevent the compiler from potential
refetching.
We already do this with tail calls for fetching the related bpf_prog,
but not so on stored perf events. Semantics for both are the same
with regards to updates.
Fixes: a43eec304259 ("bpf: introduce bpf_perf_event_output() helper")
Fixes: 35578d798400 ("bpf: Implement function bpf_perf_event_read() that get the selected hardware PMU conuter")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/bpf_trace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -194,7 +194,7 @@ static u64 bpf_perf_event_read(u64 r1, u
if (unlikely(index >= array->map.max_entries))
return -E2BIG;
- file = (struct file *)array->ptrs[index];
+ file = READ_ONCE(array->ptrs[index]);
if (unlikely(!file))
return -ENOENT;
@@ -238,7 +238,7 @@ static u64 bpf_perf_event_output(u64 r1,
if (unlikely(index >= array->map.max_entries))
return -E2BIG;
- file = (struct file *)array->ptrs[index];
+ file = READ_ONCE(array->ptrs[index]);
if (unlikely(!file))
return -ENOENT;
Patches currently in stable-queue which might be from daniel@iogearbox.net are
queue-4.6/bpf-trace-use-read_once-for-retrieving-file-ptr.patch
queue-4.6/bpf-use-mount_nodev-not-mount_ns-to-mount-the-bpf-filesystem.patch
queue-4.6/bpf-inode-disallow-userns-mounts.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-06-17 15:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-17 15:36 Patch "bpf, trace: use READ_ONCE for retrieving file ptr" has been added to the 4.6-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).