Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-05-17 06:38:43 +0200
committerJiri Slaby <jslaby@suse.cz>2019-05-17 06:38:51 +0200
commit69adac285a1a7a442322e56b26335af2027ed0e3 (patch)
tree36f831b424759b6b6014a0c5e7dc68a2d9cb9f2c
parent1193d2eca279527d19560119cce33359a1094098 (diff)
flow_dissector: disable preemption around BPF calls
-rw-r--r--patches.kernel.org/5.1.3-032-flow_dissector-disable-preemption-around-BPF-ca.patch75
-rw-r--r--series.conf1
2 files changed, 76 insertions, 0 deletions
diff --git a/patches.kernel.org/5.1.3-032-flow_dissector-disable-preemption-around-BPF-ca.patch b/patches.kernel.org/5.1.3-032-flow_dissector-disable-preemption-around-BPF-ca.patch
new file mode 100644
index 0000000000..82dc4455f4
--- /dev/null
+++ b/patches.kernel.org/5.1.3-032-flow_dissector-disable-preemption-around-BPF-ca.patch
@@ -0,0 +1,75 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Mon, 13 May 2019 09:38:55 -0700
+Subject: [PATCH] flow_dissector: disable preemption around BPF calls
+References: bnc#1012628
+Patch-mainline: 5.1.3
+Git-commit: b1c17a9a353878602fd5bfe9103e4afe5e9a3f96
+
+[ Upstream commit b1c17a9a353878602fd5bfe9103e4afe5e9a3f96 ]
+
+Various things in eBPF really require us to disable preemption
+before running an eBPF program.
+
+syzbot reported :
+
+BUG: assuming atomic context at net/core/flow_dissector.c:737
+in_atomic(): 0, irqs_disabled(): 0, pid: 24710, name: syz-executor.3
+2 locks held by syz-executor.3/24710:
+ #0: 00000000e81a4bf1 (&tfile->napi_mutex){+.+.}, at: tun_get_user+0x168e/0x3ff0 drivers/net/tun.c:1850
+ #1: 00000000254afebd (rcu_read_lock){....}, at: __skb_flow_dissect+0x1e1/0x4bb0 net/core/flow_dissector.c:822
+CPU: 1 PID: 24710 Comm: syz-executor.3 Not tainted 5.1.0+ #6
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0x172/0x1f0 lib/dump_stack.c:113
+ __cant_sleep kernel/sched/core.c:6165 [inline]
+ __cant_sleep.cold+0xa3/0xbb kernel/sched/core.c:6142
+ bpf_flow_dissect+0xfe/0x390 net/core/flow_dissector.c:737
+ __skb_flow_dissect+0x362/0x4bb0 net/core/flow_dissector.c:853
+ skb_flow_dissect_flow_keys_basic include/linux/skbuff.h:1322 [inline]
+ skb_probe_transport_header include/linux/skbuff.h:2500 [inline]
+ skb_probe_transport_header include/linux/skbuff.h:2493 [inline]
+ tun_get_user+0x2cfe/0x3ff0 drivers/net/tun.c:1940
+ tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:2037
+ call_write_iter include/linux/fs.h:1872 [inline]
+ do_iter_readv_writev+0x5fd/0x900 fs/read_write.c:693
+ do_iter_write fs/read_write.c:970 [inline]
+ do_iter_write+0x184/0x610 fs/read_write.c:951
+ vfs_writev+0x1b3/0x2f0 fs/read_write.c:1015
+ do_writev+0x15b/0x330 fs/read_write.c:1058
+ __do_sys_writev fs/read_write.c:1131 [inline]
+ __se_sys_writev fs/read_write.c:1128 [inline]
+ __x64_sys_writev+0x75/0xb0 fs/read_write.c:1128
+ do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+Fixes: d58e468b1112 ("flow_dissector: implements flow dissector BPF hook")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Cc: Petar Penkov <ppenkov@google.com>
+Cc: Stanislav Fomichev <sdf@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/core/flow_dissector.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
+index 94a450b2191a..139470d8d3c0 100644
+--- a/net/core/flow_dissector.c
++++ b/net/core/flow_dissector.c
+@@ -712,7 +712,10 @@ bool __skb_flow_bpf_dissect(struct bpf_prog *prog,
+ flow_keys->thoff = flow_keys->nhoff;
+
+ bpf_compute_data_pointers((struct sk_buff *)skb);
++
++ preempt_disable();
+ result = BPF_PROG_RUN(prog, skb);
++ preempt_enable();
+
+ /* Restore state */
+ memcpy(cb, &cb_saved, sizeof(cb_saved));
+--
+2.21.0
+
diff --git a/series.conf b/series.conf
index bd40ea3105..b36db4eeb8 100644
--- a/series.conf
+++ b/series.conf
@@ -117,6 +117,7 @@
patches.kernel.org/5.1.3-029-tuntap-fix-dividing-by-zero-in-ebpf-queue-selec.patch
patches.kernel.org/5.1.3-030-tuntap-synchronize-through-tfiles-array-instead.patch
patches.kernel.org/5.1.3-031-net-phy-fix-phy_validate_pause.patch
+ patches.kernel.org/5.1.3-032-flow_dissector-disable-preemption-around-BPF-ca.patch
########################################################
# Build fixes that apply to the vanilla kernel too.