On 02/03/2018 12:14 AM, Alexei Starovoitov wrote: > 1. move copy_to_user out of rcu section to fix the following issue: > > ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side > critical section! > stack backtrace: > __dump_stack lib/dump_stack.c:17 [inline] > dump_stack+0x194/0x257 lib/dump_stack.c:53 > lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592 > rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline] > ___might_sleep+0x385/0x470 kernel/sched/core.c:6079 > __might_sleep+0x95/0x190 kernel/sched/core.c:6067 > __might_fault+0xab/0x1d0 mm/memory.c:4532 > _copy_to_user+0x2c/0xc0 lib/usercopy.c:25 > copy_to_user include/linux/uaccess.h:155 [inline] > bpf_prog_array_copy_to_user+0x217/0x4d0 kernel/bpf/core.c:1587 > bpf_prog_array_copy_info+0x17b/0x1c0 kernel/bpf/core.c:1685 > perf_event_query_prog_array+0x196/0x280 kernel/trace/bpf_trace.c:877 > _perf_ioctl kernel/events/core.c:4737 [inline] > perf_ioctl+0x3e1/0x1480 kernel/events/core.c:4757 > > 2. move *prog under rcu, since it's not ok to dereference it afterwards > > 3. in a rare case of prog array being swapped between bpf_prog_array_length() > and bpf_prog_array_copy_to_user() calls make sure to copy zeros to user > space, > so the user doesn't walk over uninited prog_ids while kernel reported > uattr->query.prog_cnt > 0 > > Reported-by: [email protected] > Fixes: 468e2f64d220 ("bpf: introduce BPF_PROG_QUERY command") > Signed-off-by: Alexei Starovoitov <[email protected]>
LGTM, fix applied to bpf tree, thanks Alexei!
