From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jakub Sitnicki <jakub@cloudflare.com>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>
Subject: [PATCH 5.4 22/96] bpf, sockmap: Dont sleep while holding RCU lock on tear-down
Date: Thu, 13 Feb 2020 07:20:29 -0800 [thread overview]
Message-ID: <20200213151847.788857297@linuxfoundation.org> (raw)
In-Reply-To: <20200213151839.156309910@linuxfoundation.org>
From: Jakub Sitnicki <jakub@cloudflare.com>
commit db6a5018b6e008c1d69c6628cdaa9541b8e70940 upstream.
rcu_read_lock is needed to protect access to psock inside sock_map_unref
when tearing down the map. However, we can't afford to sleep in lock_sock
while in RCU read-side critical section. Grab the RCU lock only after we
have locked the socket.
This fixes RCU warnings triggerable on a VM with 1 vCPU when free'ing a
sockmap/sockhash that contains at least one socket:
| =============================
| WARNING: suspicious RCU usage
| 5.5.0-04005-g8fc91b972b73 #450 Not tainted
| -----------------------------
| include/linux/rcupdate.h:272 Illegal context switch in RCU read-side critical section!
|
| other info that might help us debug this:
|
|
| rcu_scheduler_active = 2, debug_locks = 1
| 4 locks held by kworker/0:1/62:
| #0: ffff88813b019748 ((wq_completion)events){+.+.}, at: process_one_work+0x1d7/0x5e0
| #1: ffffc900000abe50 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x1d7/0x5e0
| #2: ffffffff82065d20 (rcu_read_lock){....}, at: sock_map_free+0x5/0x170
| #3: ffff8881368c5df8 (&stab->lock){+...}, at: sock_map_free+0x64/0x170
|
| stack backtrace:
| CPU: 0 PID: 62 Comm: kworker/0:1 Not tainted 5.5.0-04005-g8fc91b972b73 #450
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
| Workqueue: events bpf_map_free_deferred
| Call Trace:
| dump_stack+0x71/0xa0
| ___might_sleep+0x105/0x190
| lock_sock_nested+0x28/0x90
| sock_map_free+0x95/0x170
| bpf_map_free_deferred+0x58/0x80
| process_one_work+0x260/0x5e0
| worker_thread+0x4d/0x3e0
| kthread+0x108/0x140
| ? process_one_work+0x5e0/0x5e0
| ? kthread_park+0x90/0x90
| ret_from_fork+0x3a/0x50
| =============================
| WARNING: suspicious RCU usage
| 5.5.0-04005-g8fc91b972b73-dirty #452 Not tainted
| -----------------------------
| include/linux/rcupdate.h:272 Illegal context switch in RCU read-side critical section!
|
| other info that might help us debug this:
|
|
| rcu_scheduler_active = 2, debug_locks = 1
| 4 locks held by kworker/0:1/62:
| #0: ffff88813b019748 ((wq_completion)events){+.+.}, at: process_one_work+0x1d7/0x5e0
| #1: ffffc900000abe50 ((work_completion)(&map->work)){+.+.}, at: process_one_work+0x1d7/0x5e0
| #2: ffffffff82065d20 (rcu_read_lock){....}, at: sock_hash_free+0x5/0x1d0
| #3: ffff888139966e00 (&htab->buckets[i].lock){+...}, at: sock_hash_free+0x92/0x1d0
|
| stack backtrace:
| CPU: 0 PID: 62 Comm: kworker/0:1 Not tainted 5.5.0-04005-g8fc91b972b73-dirty #452
| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014
| Workqueue: events bpf_map_free_deferred
| Call Trace:
| dump_stack+0x71/0xa0
| ___might_sleep+0x105/0x190
| lock_sock_nested+0x28/0x90
| sock_hash_free+0xec/0x1d0
| bpf_map_free_deferred+0x58/0x80
| process_one_work+0x260/0x5e0
| worker_thread+0x4d/0x3e0
| kthread+0x108/0x140
| ? process_one_work+0x5e0/0x5e0
| ? kthread_park+0x90/0x90
| ret_from_fork+0x3a/0x50
Fixes: 7e81a3530206 ("bpf: Sockmap, ensure sock lock held during tear down")
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20200206111652.694507-2-jakub@cloudflare.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/sock_map.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -234,7 +234,6 @@ static void sock_map_free(struct bpf_map
int i;
synchronize_rcu();
- rcu_read_lock();
raw_spin_lock_bh(&stab->lock);
for (i = 0; i < stab->map.max_entries; i++) {
struct sock **psk = &stab->sks[i];
@@ -243,12 +242,13 @@ static void sock_map_free(struct bpf_map
sk = xchg(psk, NULL);
if (sk) {
lock_sock(sk);
+ rcu_read_lock();
sock_map_unref(sk, psk);
+ rcu_read_unlock();
release_sock(sk);
}
}
raw_spin_unlock_bh(&stab->lock);
- rcu_read_unlock();
synchronize_rcu();
@@ -859,19 +859,19 @@ static void sock_hash_free(struct bpf_ma
int i;
synchronize_rcu();
- rcu_read_lock();
for (i = 0; i < htab->buckets_num; i++) {
bucket = sock_hash_select_bucket(htab, i);
raw_spin_lock_bh(&bucket->lock);
hlist_for_each_entry_safe(elem, node, &bucket->head, node) {
hlist_del_rcu(&elem->node);
lock_sock(elem->sk);
+ rcu_read_lock();
sock_map_unref(elem->sk, elem);
+ rcu_read_unlock();
release_sock(elem->sk);
}
raw_spin_unlock_bh(&bucket->lock);
}
- rcu_read_unlock();
bpf_map_area_free(htab->buckets);
kfree(htab);
next prev parent reply other threads:[~2020-02-13 15:46 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-13 15:20 [PATCH 5.4 00/96] 5.4.20-stable review Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 01/96] ASoC: pcm: update FE/BE trigger order based on the command Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 02/96] hv_sock: Remove the accept port restriction Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 03/96] IB/mlx4: Fix memory leak in add_gid error flow Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 04/96] IB/srp: Never use immediate data if it is disabled by a user Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 05/96] IB/mlx4: Fix leak in id_map_find_del Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 06/96] RDMA/netlink: Do not always generate an ACK for some netlink operations Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 07/96] RDMA/i40iw: fix a potential NULL pointer dereference Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 08/96] RDMA/core: Fix locking in ib_uverbs_event_read Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 09/96] RDMA/uverbs: Verify MR access flags Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 10/96] RDMA/cma: Fix unbalanced cm_id reference count during address resolve Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 11/96] RDMA/umem: Fix ib_umem_find_best_pgsz() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 12/96] scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 13/96] PCI/IOV: Fix memory leak in pci_iov_add_virtfn() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 14/96] ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 15/96] PCI/switchtec: Use dma_set_mask_and_coherent() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 16/96] PCI/switchtec: Fix vep_vector_number ioread width Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 17/96] PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30 Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 18/96] PCI: Dont disable bridge BARs when assigning bus resources Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 19/96] PCI/AER: Initialize aer_fifo Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 20/96] iwlwifi: mvm: avoid use after free for pmsr request Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 21/96] bpftool: Dont crash on missing xlated program instructions Greg Kroah-Hartman
2020-02-13 15:20 ` Greg Kroah-Hartman [this message]
2020-02-13 15:20 ` [PATCH 5.4 23/96] bpf, sockhash: Synchronize_rcu before freeing map Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 24/96] selftests/bpf: Test freeing sockmap/sockhash with a socket in it Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 25/96] bpf: Improve bucket_log calculation logic Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 26/96] bpf, sockmap: Check update requirements after locking Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 27/96] nfs: NFS_SWAP should depend on SWAP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 28/96] NFS: Revalidate the file size on a fatal write error Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 29/96] NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 30/96] NFS: Fix fix of show_nfs_errors Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 31/96] NFSv4: pnfs_roc() must use cred_fscmp() to compare creds Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 32/96] NFSv4: try lease recovery on NFS4ERR_EXPIRED Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 33/96] NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 34/96] x86/boot: Handle malformed SRAT tables during early ACPI parsing Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 35/96] rtc: hym8563: Return -EINVAL if the time is known to be invalid Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 36/96] rtc: i2c/spi: Avoid inclusion of REGMAP support when not needed Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 37/96] rtc: cmos: Stop using shared IRQ Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 38/96] watchdog: qcom: Use platform_get_irq_optional() for bark irq Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 39/96] ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 40/96] platform/x86: intel_mid_powerbtn: Take a copy of ddata Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 41/96] arm64: dts: qcom: msm8998: Fix tcsr syscon size Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 42/96] arm64: dts: uDPU: fix broken ethernet Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 43/96] ARM: dts: at91: Reenable UART TX pull-ups Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 44/96] ARM: dts: am43xx: add support for clkout1 clock Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 45/96] arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 46/96] arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 47/96] ARM: dts: meson8: use the actual frequency for the GPUs 182.1MHz OPP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 48/96] ARM: dts: meson8b: use the actual frequency for the GPUs 364MHz OPP Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 49/96] ARM: dts: at91: sama5d3: fix maximum peripheral clock rates Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 50/96] ARM: dts: at91: sama5d3: define clock rate range for tcb1 Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 51/96] tools/power/acpi: fix compilation error Greg Kroah-Hartman
2020-02-13 15:20 ` [PATCH 5.4 52/96] soc: qcom: rpmhpd: Set active_only for active only power domains Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 53/96] Revert "powerpc/pseries/iommu: Dont use dma_iommu_ops on secure guests" Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 54/96] powerpc/ptdump: Fix W+X verification call in mark_rodata_ro() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 55/96] powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 56/96] powerpc/papr_scm: Fix leaking bus_desc.provider_name in some paths Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 57/96] powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 58/96] powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 59/96] iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 60/96] ARM: at91: pm: use SAM9X60 PMCs compatible Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 61/96] ARM: at91: pm: use of_device_id array to find the proper shdwc node Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 62/96] KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 63/96] ARM: 8949/1: mm: mark free_memmap as __init Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 64/96] sched/uclamp: Fix a bug in propagating uclamp value in new cgroups Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 65/96] arm64: cpufeature: Fix the type of no FP/SIMD capability Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 66/96] arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 67/96] arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 68/96] KVM: arm/arm64: Fix young bit from mmu notifier Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 69/96] KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 70/96] KVM: arm: Make inject_abt32() inject an external abort instead Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 71/96] KVM: arm64: pmu: Dont increment SW_INCR if PMCR.E is unset Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 72/96] KVM: arm64: pmu: Fix chained SW_INCR counters Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 73/96] KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 74/96] arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 75/96] mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 76/96] mtd: sharpslpart: Fix unsigned comparison to zero Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 77/96] crypto: testmgr - dont try to decrypt uninitialized buffers Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 78/96] crypto: artpec6 - return correct error code for failed setkey() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 79/96] crypto: atmel-sha - fix error handling when setting hmac key Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 80/96] crypto: caam/qi2 - fix typo in algorithms driver name Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 81/96] drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 82/96] media: i2c: adv748x: Fix unsafe macros Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 83/96] dt-bindings: iio: adc: ad7606: Fix wrong maxItems value Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 84/96] bcache: avoid unnecessary btree nodes flushing in btree_flush_write() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 85/96] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" Greg Kroah-Hartman
2020-02-13 16:01 ` Stephen Smalley
2020-02-13 16:27 ` Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 86/96] selinux: fix regression introduced by move_mount(2) syscall Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 87/96] pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 88/96] pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 89/96] regmap: fix writes to non incrementing registers Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 90/96] mfd: max77650: Select REGMAP_IRQ in Kconfig Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 91/96] clk: meson: g12a: fix missing uart2 in regmap table Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 92/96] dmaengine: axi-dmac: add a check for devm_regmap_init_mmio Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 93/96] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 94/96] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 95/96] libertas: dont exit from lbs_ibss_join_existing() with RCU read lock held Greg Kroah-Hartman
2020-02-13 15:21 ` [PATCH 5.4 96/96] libertas: make lbs_ibss_join_existing() return error code on rates overflow Greg Kroah-Hartman
2020-02-13 22:27 ` [PATCH 5.4 00/96] 5.4.20-stable review Guenter Roeck
2020-02-13 23:05 ` Greg Kroah-Hartman
2020-02-14 7:55 ` Geert Uytterhoeven
2020-02-14 15:23 ` Greg Kroah-Hartman
2020-02-14 0:42 ` shuah
2020-02-14 10:22 ` Naresh Kamboju
2020-02-14 10:27 ` Jon Hunter
2020-02-14 16:12 ` Jeffrin Jose
2020-02-14 16:27 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200213151847.788857297@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=daniel@iogearbox.net \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).