diff options
| author |   Hou Tao <houtao1@huawei.com> | 2025-05-26 14:25:34 +0800 |
|---|---|---|
| committer |   Alexei Starovoitov <ast@kernel.org> | 2025-05-27 10:45:59 -0700 |
| commit | d4965578267e2e81f67c86e2608481e77e9c8569 (patch) | |
| tree | 8e2808bbfe81b419d6fc5f3b63b3fd88b8af55e9 | |
| parent | bpf: Avoid __bpf_prog_ret0_warn when jit fails (diff) | |
| download | linux-rng-d4965578267e2e81f67c86e2608481e77e9c8569.tar.xz linux-rng-d4965578267e2e81f67c86e2608481e77e9c8569.zip | |
bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf
program. When BPF JIT is disabled or under 32-bit host,
bpf_map_lookup_percpu_elem() will not be inlined. Using it in a
sleepable bpf program will trigger the warning in
bpf_map_lookup_percpu_elem(), because the bpf program only holds
rcu_read_lock_trace lock. Therefore, add the missed check.
Reported-by: syzbot+dce5aae19ae4d6399986@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/bpf/000000000000176a130617420310@google.com/
Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20250526062534.1105938-1-houtao@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
| -rw-r--r-- | kernel/bpf/helpers.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 376403707a85..b71e428ad936 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -130,7 +130,8 @@ const struct bpf_func_proto bpf_map_peek_elem_proto = { BPF_CALL_3(bpf_map_lookup_percpu_elem, struct bpf_map *, map, void *, key, u32, cpu) { - WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_bh_held()); + WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_trace_held() && + !rcu_read_lock_bh_held()); return (unsigned long) map->ops->map_lookup_percpu_elem(map, key, cpu); } |