tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

bpf: fix raw_tp test run in preempt kernel

In preempt kernel, BPF_PROG_TEST_RUN on raw_tp triggers:

[ 35.874974] BUG: using smp_processor_id() in preemptible [00000000]
code: new_name/87
[ 35.893983] caller is bpf_prog_test_run_raw_tp+0xd4/0x1b0
[ 35.900124] CPU: 1 PID: 87 Comm: new_name Not tainted 5.9.0-rc6-g615bd02bf #1
[ 35.907358] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-1ubuntu1 04/01/2014
[ 35.916941] Call Trace:
[ 35.919660] dump_stack+0x77/0x9b
[ 35.923273] check_preemption_disabled+0xb4/0xc0
[ 35.928376] bpf_prog_test_run_raw_tp+0xd4/0x1b0
[ 35.933872] ? selinux_bpf+0xd/0x70
[ 35.937532] __do_sys_bpf+0x6bb/0x21e0
[ 35.941570] ? find_held_lock+0x2d/0x90
[ 35.945687] ? vfs_write+0x150/0x220
[ 35.949586] do_syscall_64+0x2d/0x40
[ 35.953443] entry_SYSCALL_64_after_hwframe+0x44/0xa9

Fix this by calling migrate_disable() before smp_processor_id().

Fixes: 1b4d60ec162f ("bpf: Enable BPF_PROG_TEST_RUN for raw_tracepoint")
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Song Liu and committed by
Alexei Starovoitov 963ec27a b0efc216

+9 -12
+9 -12
net/bpf/test_run.c
··· 252 252 struct bpf_raw_tp_test_run_info *info = data; 253 253 254 254 rcu_read_lock(); 255 - migrate_disable(); 256 255 info->retval = BPF_PROG_RUN(info->prog, info->ctx); 257 - migrate_enable(); 258 256 rcu_read_unlock(); 259 257 } 260 258 ··· 264 266 __u32 ctx_size_in = kattr->test.ctx_size_in; 265 267 struct bpf_raw_tp_test_run_info info; 266 268 int cpu = kattr->test.cpu, err = 0; 269 + int current_cpu; 267 270 268 271 /* doesn't support data_in/out, ctx_out, duration, or repeat */ 269 272 if (kattr->test.data_in || kattr->test.data_out || ··· 292 293 293 294 info.prog = prog; 294 295 296 + current_cpu = get_cpu(); 295 297 if ((kattr->test.flags & BPF_F_TEST_RUN_ON_CPU) == 0 || 296 - cpu == smp_processor_id()) { 298 + cpu == current_cpu) { 297 299 __bpf_prog_test_run_raw_tp(&info); 298 - } else { 300 + } else if (cpu >= nr_cpu_ids || !cpu_online(cpu)) { 299 301 /* smp_call_function_single() also checks cpu_online() 300 302 * after csd_lock(). However, since cpu is from user 301 303 * space, let's do an extra quick check to filter out 302 304 * invalid value before smp_call_function_single(). 303 305 */ 304 - if (cpu >= nr_cpu_ids || !cpu_online(cpu)) { 305 - err = -ENXIO; 306 - goto out; 307 - } 308 - 306 + err = -ENXIO; 307 + } else { 309 308 err = smp_call_function_single(cpu, __bpf_prog_test_run_raw_tp, 310 309 &info, 1); 311 - if (err) 312 - goto out; 313 310 } 311 + put_cpu(); 314 312 315 - if (copy_to_user(&uattr->test.retval, &info.retval, sizeof(u32))) 313 + if (!err && 314 + copy_to_user(&uattr->test.retval, &info.retval, sizeof(u32))) 316 315 err = -EFAULT; 317 316 318 317 out: