mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
930651a75bf1ba6893a8b8475270664ebdb6cf4a
linux/kernel
History
Eric Dumazet 930651a75b bpf: do not disable/enable BH in bpf_map_free_id() 
syzkaller reported following splat [1]

Since hard irq are disabled by the caller, bpf_map_free_id()
should not try to enable/disable BH.

Another solution would be to change htab_map_delete_elem() to
defer the free_htab_elem() call after
raw_spin_unlock_irqrestore(&b->lock, flags), but this might be not
enough to cover other code paths.

[1]
WARNING: CPU: 1 PID: 8052 at kernel/softirq.c:161 __local_bh_enable_ip
+0x1e/0x160 kernel/softirq.c:161
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 8052 Comm: syz-executor1 Not tainted 4.13.0-next-20170915+
#23
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 panic+0x1e4/0x417 kernel/panic.c:181
 __warn+0x1c4/0x1d9 kernel/panic.c:542
 report_bug+0x211/0x2d0 lib/bug.c:183
 fixup_bug+0x40/0x90 arch/x86/kernel/traps.c:178
 do_trap_no_signal arch/x86/kernel/traps.c:212 [inline]
 do_trap+0x260/0x390 arch/x86/kernel/traps.c:261
 do_error_trap+0x120/0x390 arch/x86/kernel/traps.c:298
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:311
 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:905
RIP: 0010:__local_bh_enable_ip+0x1e/0x160 kernel/softirq.c:161
RSP: 0018:ffff8801cdcd7748 EFLAGS: 00010046
RAX: 0000000000000082 RBX: 0000000000000201 RCX: 0000000000000000
RDX: 1ffffffff0b5933c RSI: 0000000000000201 RDI: ffffffff85ac99e0
RBP: ffff8801cdcd7758 R08: ffffffff85b87158 R09: 1ffff10039b9aec6
R10: ffff8801c99f24c0 R11: 0000000000000002 R12: ffffffff817b0b47
R13: dffffc0000000000 R14: ffff8801cdcd77e8 R15: 0000000000000001
 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:176 [inline]
 _raw_spin_unlock_bh+0x30/0x40 kernel/locking/spinlock.c:207
 spin_unlock_bh include/linux/spinlock.h:361 [inline]
 bpf_map_free_id kernel/bpf/syscall.c:197 [inline]
 __bpf_map_put+0x267/0x320 kernel/bpf/syscall.c:227
 bpf_map_put+0x1a/0x20 kernel/bpf/syscall.c:235
 bpf_map_fd_put_ptr+0x15/0x20 kernel/bpf/map_in_map.c:96
 free_htab_elem+0xc3/0x1b0 kernel/bpf/hashtab.c:658
 htab_map_delete_elem+0x74d/0x970 kernel/bpf/hashtab.c:1063
 map_delete_elem kernel/bpf/syscall.c:633 [inline]
 SYSC_bpf kernel/bpf/syscall.c:1479 [inline]
 SyS_bpf+0x2188/0x46a0 kernel/bpf/syscall.c:1451
 entry_SYSCALL_64_fastpath+0x1f/0xbe

Fixes: f3f1c054c2 ("bpf: Introduce bpf_map ID")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Martin KaFai Lau <kafai@fb.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-09-19 15:42:54 -07:00
..
bpf
bpf: do not disable/enable BH in bpf_map_free_id()
2017-09-19 15:42:54 -07:00
cgroup
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-09-12 11:30:56 -07:00
configs
ANDROID: binder: add hwbinder,vndbinder to BINDER_DEVICES.
2017-08-22 18:43:23 -07:00
debug
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
2017-03-02 08:42:34 +01:00
events
Merge branch 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
2017-09-06 22:25:25 -07:00
gcov
gcov: support GCC 7.1
2017-05-12 15:57:15 -07:00
irq
Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-09-12 11:25:56 -07:00
livepatch
livepatch: Fix stacking of patches with respect to RCU
2017-06-20 10:42:19 +02:00
locking
mm: treewide: remove GFP_TEMPORARY allocation flag
2017-09-13 18:53:16 -07:00
power
Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-09-12 11:30:56 -07:00
printk
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
2017-09-07 21:00:52 -07:00
rcu
treewide: make "nr_cpu_ids" unsigned
2017-09-08 18:26:48 -07:00
sched
sched/wait: Introduce wakeup boomark in wake_up_page_bit
2017-09-14 09:56:18 -07:00
time
drivers/pps: aesthetic tweaks to PPS-related content
2017-09-08 18:26:51 -07:00
trace
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-09-16 11:28:59 -07:00
.gitignore
acct.c
fs: make the buf argument to __kernel_write a void pointer
2017-09-04 19:05:15 -04:00
async.c
async: Adjust system_state checks
2017-05-23 10:01:37 +02:00
audit_fsnotify.c
Merge branch 'fsnotify' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2017-05-03 11:05:15 -07:00
audit_tree.c
Merge branch 'fsnotify' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2017-05-03 11:05:15 -07:00
audit_watch.c
Merge tag 'audit-pr-20170816' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit
2017-08-16 16:48:34 -07:00
audit.c
audit: update the function comments
2017-09-05 09:46:59 -04:00
audit.h
ipc: mqueue: Replace timespec with timespec64
2017-09-03 20:21:24 -04:00
auditfilter.c
audit: kernel generated netlink traffic should have a portid of 0
2017-05-02 10:16:05 -04:00
auditsc.c
Merge branch 'work.ipc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-09-14 17:37:26 -07:00
backtracetest.c
bounds.c
capability.c
compat.c
semtimedop(): move compat to native
2017-07-15 20:46:47 -04:00
configs.c
context_tracking.c
cpu_pm.c
PM / CPU: replace raw_notifier with atomic_notifier
2017-07-31 13:09:49 +02:00
cpu.c
Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2017-09-04 13:53:53 -07:00
crash_core.c
kdump: protect vmcoreinfo data under the crash memory
2017-07-12 16:26:00 -07:00
crash_dump.c
cred.c
doc: ReSTify credentials.txt
2017-05-18 10:30:19 -06:00
delayacct.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
dma.c
elfcore.c
exec_domain.c
exit.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2017-09-11 18:34:47 -07:00
extable.c
lib/extable.c: use bsearch() library function in search_extable()
2017-07-10 16:32:35 -07:00
fork.c
Merge tag 'selinux-pr-20170831' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
2017-09-12 13:21:00 -07:00
freezer.c
futex_compat.c
futex.c
futex: Remove duplicated code and fix undefined behaviour
2017-08-25 22:49:59 +02:00
groups.c
kernel/groups.c: use sort library function
2017-07-10 16:32:34 -07:00
hung_task.c
kernel/hung_task.c: defer showing held locks
2017-05-08 17:15:10 -07:00
irq_work.c
jump_label.c
jump_label: Provide hotplug context variants
2017-08-10 12:28:59 +02:00
kallsyms.c
kernel/kallsyms.c: replace all_var with IS_ENABLED(CONFIG_KALLSYMS_ALL)
2017-07-10 16:32:34 -07:00
kcmp.c
kcmp: add KCMP_EPOLL_TFD mode to compare epoll target files
2017-07-12 16:26:01 -07:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: support compat processes
2017-09-08 18:26:51 -07:00
kexec_core.c
x86/mm, kexec: Allow kexec to be used with SME
2017-07-18 11:38:04 +02:00
kexec_file.c
kexec_file: adjust declaration of kexec_purgatory
2017-07-12 16:26:02 -07:00
kexec_internal.h
kexec_file: adjust declaration of kexec_purgatory
2017-07-12 16:26:02 -07:00
kexec.c
kdump: protect vmcoreinfo data under the crash memory
2017-07-12 16:26:00 -07:00
kmod.c
kmod: move #ifdef CONFIG_MODULES wrapper to Makefile
2017-09-08 18:26:51 -07:00
kprobes.c
kprobes: Ensure that jprobe probepoints are at function entry
2017-07-08 11:05:35 +02:00
ksysfs.c
kexec: move vmcoreinfo out of the kernel's .bss section
2017-07-12 16:25:59 -07:00
kthread.c
kernel/kthread.c: kthread_worker: don't hog the cpu
2017-08-31 16:33:15 -07:00
latencytop.c
sched/headers: Prepare to move sched_info_on() and force_schedstat_enabled() from <linux/sched.h> to <linux/sched/stat.h>
2017-03-02 08:42:39 +01:00
Makefile
kmod: move #ifdef CONFIG_MODULES wrapper to Makefile
2017-09-08 18:26:51 -07:00
memremap.c
mm/device-public-memory: device memory cache coherent with CPU
2017-09-08 18:26:46 -07:00
module_signing.c
module-internal.h
module.c
module: fix ddebug_remove_module()
2017-07-25 15:08:32 +02:00
notifier.c
kernel/notifier.c: simplify expression
2017-02-24 17:46:56 -08:00
nsproxy.c
perf: Add PERF_RECORD_NAMESPACES to include namespaces related info
2017-03-13 15:57:41 -03:00
padata.c
padata: Avoid nested calls to cpus_read_lock() in pcrypt_init_padata()
2017-05-26 10:10:37 +02:00
panic.c
locking/refcounts, x86/asm: Implement fast refcount overflow protection
2017-08-17 10:40:26 +02:00
params.c
boot/param: Move next_arg() function to lib/cmdline.c for later reuse
2017-04-18 10:37:13 +02:00
pid_namespace.c
userns,pidns: Verify the userns for new pid namespaces
2017-07-20 07:43:58 -05:00
pid.c
pids: make task_tgid_nr_ns() safe
2017-08-21 12:47:31 -07:00
profile.c
sched/headers: Prepare to move sched_info_on() and force_schedstat_enabled() from <linux/sched.h> to <linux/sched/stat.h>
2017-03-02 08:42:39 +01:00
ptrace.c
signal: Remove kernel interal si_code magic
2017-07-24 14:30:28 -05:00
range.c
reboot.c
relay.c
Merge branch 'work.splice' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2017-05-02 11:38:06 -07:00
resource.c
seccomp.c
seccomp: Switch from atomic_t to recount_t
2017-06-26 09:24:00 -07:00
signal.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2017-09-11 18:34:47 -07:00
smp.c
treewide: make "nr_cpu_ids" unsigned
2017-09-08 18:26:48 -07:00
smpboot.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
smpboot.h
softirq.c
sched/core: Remove 'task' parameter and rename tsk_restore_flags() to current_restore_flags()
2017-04-11 09:06:32 +02:00
stacktrace.c
stacktrace/x86: add function for detecting reliable stack traces
2017-03-08 09:18:02 +01:00
stop_machine.c
stop_machine: Provide stop_machine_cpuslocked()
2017-05-26 10:10:36 +02:00
sys_ni.c
sys.c
prctl: Allow local CAP_SYS_ADMIN changing exe_file
2017-07-20 07:46:07 -05:00
sysctl_binary.c
fs: fix kernel_write prototype
2017-09-04 19:05:15 -04:00
sysctl.c
kernel/watchdog: split up config options
2017-07-12 16:26:02 -07:00
task_work.c
task_work: Replace spin_unlock_wait() with lock/unlock pair
2017-07-25 10:08:58 -07:00
taskstats.c
taskstats: add e/u/stime for TGID command
2017-05-08 17:15:12 -07:00
test_kprobes.c
torture.c
torture: Fix typo suppressing CPU-hotplug statistics
2017-07-25 13:04:45 -07:00
tracepoint.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/task.h>
2017-03-02 08:42:35 +01:00
tsacct.c
sched/headers: Prepare to move cputime functionality from <linux/sched.h> into <linux/sched/cputime.h>
2017-03-02 08:42:39 +01:00
ucount.c
ucount: Remove the atomicity from ucount->count
2017-03-06 15:26:37 -06:00
uid16.c
sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h>
2017-03-02 08:42:31 +01:00
umh.c
kmod: split out umh code into its own file
2017-09-08 18:26:50 -07:00
up.c
smp: Avoid using two cache lines for struct call_single_data
2017-08-29 15:14:38 +02:00
user_namespace.c
userns,pidns: Verify the userns for new pid namespaces
2017-07-20 07:43:58 -05:00
user-return-notifier.c
user.c
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h>
2017-03-02 08:42:29 +01:00
utsname_sysctl.c
sched/headers: Remove <linux/rwsem.h> from <linux/sched.h>
2017-03-03 01:45:36 +01:00
utsname.c
sched/headers: Prepare to move the task_lock()/unlock() APIs to <linux/sched/task.h>
2017-03-02 08:42:38 +01:00
watchdog_hld.c
kernel/watchdog: Prevent false positives with turbo modes
2017-08-18 12:35:02 +02:00
watchdog.c
kernel/watchdog: Prevent false positives with turbo modes
2017-08-18 12:35:02 +02:00
workqueue_internal.h
workqueue.c
Merge branch 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
2017-09-06 21:59:31 -07:00