bpf, sockmap: Revert buggy deadlock fix in the sockhash and sockmap
syzbot reported a splat and bisected it to recent commited17aa92dc("bpf, sockmap: fix deadlocks in the sockhash and sockmap"): [...] WARNING: CPU: 1 PID: 9280 at kernel/softirq.c:376 __local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 Modules linked in: CPU: 1 PID: 9280 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-13249-gd319f344561d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 RIP: 0010:__local_bh_enable_ip+0xbe/0x130 kernel/softirq.c:376 [...] Call Trace: <TASK> spin_unlock_bh include/linux/spinlock.h:395 [inline] sock_map_del_link+0x2ea/0x510 net/core/sock_map.c:165 sock_map_unref+0xb0/0x1d0 net/core/sock_map.c:184 sock_hash_delete_elem+0x1ec/0x2a0 net/core/sock_map.c:945 map_delete_elem kernel/bpf/syscall.c:1536 [inline] __sys_bpf+0x2edc/0x53e0 kernel/bpf/syscall.c:5053 __do_sys_bpf kernel/bpf/syscall.c:5166 [inline] __se_sys_bpf kernel/bpf/syscall.c:5164 [inline] __x64_sys_bpf+0x79/0xc0 kernel/bpf/syscall.c:5164 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fe8f7c8c169 </TASK> [...] Revert for now until we have a proper solution. Fixes:ed17aa92dc("bpf, sockmap: fix deadlocks in the sockhash and sockmap") Reported-by: syzbot+49f6cef45247ff249498@syzkaller.appspotmail.com Cc: Hsin-Wei Hung <hsinweih@uci.edu> Cc: Xin Liu <liuxin350@huawei.com> Cc: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/000000000000f1db9605f939720e@google.com/
This commit is contained in:
Daniel Borkmann
Родитель
23acb14af1
Коммит
8c5c2a4898
|
|
@ -414,9 +414,8 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
|
|||
{
|
||||
struct sock *sk;
|
||||
int err = 0;
|
||||
unsigned long flags;
|
||||
|
||||
raw_spin_lock_irqsave(&stab->lock, flags);
|
||||
raw_spin_lock_bh(&stab->lock);
|
||||
sk = *psk;
|
||||
if (!sk_test || sk_test == sk)
|
||||
sk = xchg(psk, NULL);
|
||||
|
|
@ -426,7 +425,7 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
|
|||
else
|
||||
err = -EINVAL;
|
||||
|
||||
raw_spin_unlock_irqrestore(&stab->lock, flags);
|
||||
raw_spin_unlock_bh(&stab->lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
|
@ -933,12 +932,11 @@ static long sock_hash_delete_elem(struct bpf_map *map, void *key)
|
|||
struct bpf_shtab_bucket *bucket;
|
||||
struct bpf_shtab_elem *elem;
|
||||
int ret = -ENOENT;
|
||||
unsigned long flags;
|
||||
|
||||
hash = sock_hash_bucket_hash(key, key_size);
|
||||
bucket = sock_hash_select_bucket(htab, hash);
|
||||
|
||||
raw_spin_lock_irqsave(&bucket->lock, flags);
|
||||
raw_spin_lock_bh(&bucket->lock);
|
||||
elem = sock_hash_lookup_elem_raw(&bucket->head, hash, key, key_size);
|
||||
if (elem) {
|
||||
hlist_del_rcu(&elem->node);
|
||||
|
|
@ -946,7 +944,7 @@ static long sock_hash_delete_elem(struct bpf_map *map, void *key)
|
|||
sock_hash_free_elem(htab, elem);
|
||||
ret = 0;
|
||||
}
|
||||
raw_spin_unlock_irqrestore(&bucket->lock, flags);
|
||||
raw_spin_unlock_bh(&bucket->lock);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче