• Yonghong Song's avatar
    bpf: fix a rcu usage warning in bpf_prog_array_copy_core() · 965931e3
    Yonghong Song authored
    Commit 394e40a2 ("bpf: extend bpf_prog_array to store pointers
    to the cgroup storage") refactored the bpf_prog_array_copy_core()
    to accommodate new structure bpf_prog_array_item which contains
    bpf_prog array itself.
    
    In the old code, we had
       perf_event_query_prog_array():
         mutex_lock(...)
         bpf_prog_array_copy_call():
           prog = rcu_dereference_check(array, 1)->progs
           bpf_prog_array_copy_core(prog, ...)
         mutex_unlock(...)
    
    With the above commit, we had
       perf_event_query_prog_array():
         mutex_lock(...)
         bpf_prog_array_copy_call():
           bpf_prog_array_copy_core(array, ...):
             item = rcu_dereference(array)->items;
             ...
         mutex_unlock(...)
    
    The new code will trigger a lockdep rcu checking warning.
    The fix is to change rcu_dereference() to rcu_dereference_check()
    to prevent such a warning.
    
    Reported-by: syzbot+6e72317008eef84a216b@syzkaller.appspotmail.com
    Fixes: 394e40a2 ("bpf: extend bpf_prog_array to store pointers to the cgroup storage")
    Cc: Roman Gushchin <guro@fb.com>
    Signed-off-by: default avatarYonghong Song <yhs@fb.com>
    Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Acked-by: default avatarRoman Gushchin <guro@fb.com>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    965931e3
core.c 45.8 KB