OpenCloudOS-Kernel/net
Yonghong Song b910eaaaa4 bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper
Jiri Olsa reported a bug ([1]) in kernel where cgroup local
storage pointer may be NULL in bpf_get_local_storage() helper.
There are two issues uncovered by this bug:
  (1). kprobe or tracepoint prog incorrectly sets cgroup local storage
       before prog run,
  (2). due to change from preempt_disable to migrate_disable,
       preemption is possible and percpu storage might be overwritten
       by other tasks.

This issue (1) is fixed in [2]. This patch tried to address issue (2).
The following shows how things can go wrong:
  task 1:   bpf_cgroup_storage_set() for percpu local storage
         preemption happens
  task 2:   bpf_cgroup_storage_set() for percpu local storage
         preemption happens
  task 1:   run bpf program

task 1 will effectively use the percpu local storage setting by task 2
which will be either NULL or incorrect ones.

Instead of just one common local storage per cpu, this patch fixed
the issue by permitting 8 local storages per cpu and each local
storage is identified by a task_struct pointer. This way, we
allow at most 8 nested preemption between bpf_cgroup_storage_set()
and bpf_cgroup_storage_unset(). The percpu local storage slot
is released (calling bpf_cgroup_storage_unset()) by the same task
after bpf program finished running.
bpf_test_run() is also fixed to use the new bpf_cgroup_storage_set()
interface.

The patch is tested on top of [2] with reproducer in [1].
Without this patch, kernel will emit error in 2-3 minutes.
With this patch, after one hour, still no error.

 [1] https://lore.kernel.org/bpf/CAKH8qBuXCfUz=w8L+Fj74OaUpbosO29niYwTki7e3Ag044_aww@mail.gmail.com/T
 [2] https://lore.kernel.org/bpf/20210309185028.3763817-1-yhs@fb.com

Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Roman Gushchin <guro@fb.com>
Link: https://lore.kernel.org/bpf/20210323055146.3334476-1-yhs@fb.com
2021-03-25 18:31:36 -07:00
..
6lowpan 6lowpan: Fix some typos in nhc_udp.c 2021-03-24 17:52:11 -07:00
9p net: 9p: advance iov on empty read 2021-03-03 16:57:59 -08:00
802
8021q net: bridge: resolve forwarding path for VLAN tag actions in bridge devices 2021-03-24 12:48:38 -07:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-02-12 16:40:28 -08:00
atm net: atm: pppoatm: use new API for wakeup tasklet 2021-01-29 18:24:05 -08:00
ax25 net: ax25: Fix fall-through warnings for Clang 2021-03-10 12:45:15 -08:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
bluetooth Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kern 2021-02-11 14:59:01 -08:00
bpf bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper 2021-03-25 18:31:36 -07:00
bpfilter net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
caif net: caif: Use netif_rx_any_context(). 2021-02-15 13:21:48 -08:00
can can: isotp: tx-path: zero initialize outgoing CAN frames 2021-03-20 20:21:35 +01:00
ceph libceph: remove osdtimeout option entirely 2021-02-16 12:09:52 +01:00
core Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-03-25 16:30:46 -07:00
dcb net: dcb: use obj-$(CONFIG_DCB) form in net/Makefile 2021-01-27 17:03:52 -08:00
dccp ipv6: weaken the v4mapped source check 2021-03-18 11:19:23 -07:00
decnet net: decnet: Fixed multiple Coding Style issues 2021-03-24 16:25:21 -07:00
dns_resolver net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
ethernet ethernet: avoid retpoline overhead on TEB (GENEVE, NvGRE, VxLAN) GRO 2021-03-18 19:51:12 -07:00
ethtool ethtool: Add common function for filling out strings 2021-03-17 11:42:30 -07:00
hsr /net/hsr: fix misspellings using codespell tool 2021-03-18 19:13:41 -07:00
ieee802154 treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
ife net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
ipv4 Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-03-25 16:30:46 -07:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
iucv net/af_iucv: build SG skbs for TRANS_HIPER sockets 2021-01-28 20:36:22 -08:00
kcm net: group skb_shinfo zerocopy related bits together. 2021-01-07 16:08:37 -08:00
key af_key: relax availability checks for skb size calculation 2021-01-04 10:05:50 +01:00
l2tp net: l2tp: Fix a typo 2021-03-22 13:17:49 -07:00
l3mdev net: l3mdev: use obj-$(CONFIG_NET_L3_MASTER_DEV) form in net/Makefile 2021-01-27 17:03:52 -08:00
lapb net: lapb: Make "lapb_t1timer_running" able to detect an already running timer 2021-03-23 14:14:50 -07:00
llc net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
mac80211 mac80211: choose first enabled channel for monitor 2021-03-16 21:20:47 +01:00
mac802154 net: mac802154: convert tasklets to use new tasklet_setup() API 2020-11-07 10:40:56 -08:00
mpls net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0 2021-03-09 16:12:20 -08:00
mptcp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
ncsi net/ncsi: Use real net-device for response handler 2020-12-23 12:22:23 -08:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
netlabel cipso,calipso: resolve a number of problems with the DOI refcounts 2021-03-04 15:26:57 -08:00
netlink mptcp: avoid lock_fast usage in accept path 2021-02-12 16:31:46 -08:00
netrom
nfc TTY/Serial driver changes for 5.12-rc1 2021-02-20 21:28:04 -08:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
packet net/packet: Fix a typo in af_packet.c 2021-03-24 17:52:11 -07:00
phonet
psample psample: Add additional metadata attributes 2021-03-14 15:00:43 -07:00
qrtr net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() 2021-03-14 14:28:22 -07:00
rds net/rds: Drop duplicate sin and sin6 assignments 2021-03-10 12:45:15 -08:00
rfkill rfkill: add a reason to the HW rfkill state 2020-12-11 12:47:17 +01:00
rose net: rose: Fix fall-through warnings for Clang 2021-03-10 12:45:15 -08:00
rxrpc rxrpc: Fix dependency on IPv6 in udp tunnel config 2021-02-12 16:42:05 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
sctp sctp: move sk_route_caps check and set into sctp_outq_flush_transports 2021-03-19 11:34:49 -07:00
smc net/smc: use memcpy instead of snprintf to avoid out of bounds read 2021-01-12 20:22:01 -08:00
strparser
sunrpc Miscellaneous NFSD fixes for v5.12-rc. 2021-03-16 10:22:50 -07:00
switchdev net: bridge: propagate extack through switchdev_port_attr_set 2021-02-14 17:38:11 -08:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
tls net/tls: Fix a typo in tls_device.c 2021-03-24 17:52:11 -07:00
unix af_unix: handle idmapped mounts 2021-01-24 14:27:18 +01:00
vmw_vsock selinux: vsock: Set SID for socket returned by accept() 2021-03-19 13:46:55 -07:00
wireless wireless/nl80211: fix wdev_id may be used uninitialized 2021-03-16 21:20:47 +01:00
x25 net: x25: Remove unimplemented X.25-over-LLC code stubs 2020-12-12 17:15:33 -08:00
xdp bpf, xdp: Restructure redirect actions 2021-03-10 01:06:34 +01:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2021-02-09 11:23:41 -08:00
Kconfig net: add CONFIG_PCPU_DEV_REFCNT 2021-03-19 13:38:46 -07:00
Makefile net: l3mdev: use obj-$(CONFIG_NET_L3_MASTER_DEV) form in net/Makefile 2021-01-27 17:03:52 -08:00
compat.c iov_iter: transparently handle compat iovecs in import_iovec 2020-10-03 00:02:13 -04:00
devres.c
socket.c io_uring-worker.v3-2021-02-25 2021-02-27 08:29:02 -08:00
sysctl_net.c