Alexei Starovoitov 189085cd2a bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie. ...

[ Upstream commit 59f2f84117 ]

syzbot reported the following lock sequence:
cpu 2:
  grabs timer_base lock
    spins on bpf_lpm lock

cpu 1:
  grab rcu krcp lock
    spins on timer_base lock

cpu 0:
  grab bpf_lpm lock
    spins on rcu krcp lock

bpf_lpm lock can be the same.
timer_base lock can also be the same due to timer migration.
but rcu krcp lock is always per-cpu, so it cannot be the same lock.
Hence it's a false positive.
To avoid lockdep complaining move kfree_rcu() after spin_unlock.

Reported-by: syzbot+1fa663a2100308ab6eab@syzkaller.appspotmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20240329171439.37813-1-alexei.starovoitov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>

2024-06-27 13:52:12 +02:00

..

preload

bpf: make preloaded map iterators to display map elements count

2023-07-06 12:42:25 -07:00

arena.c

bpf: Clarify bpf_arena comments.

2024-03-15 14:23:45 -07:00

arraymap.c

bpf: Consistently use BPF token throughout BPF verifier logic

2024-01-24 16:21:01 -08:00

bloom_filter.c

bpf: Check bloom filter map value size

2024-03-27 09:56:17 -07:00

bpf_cgrp_storage.c

bpf: Enable bpf_cgrp_storage for cgroup1 non-attach case

2023-12-08 17:08:18 -08:00

bpf_inode_storage.c

Merge tag 'net-next-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

2023-04-26 16:07:23 -07:00

bpf_iter.c

bpf: move sleepable flag from bpf_prog_aux to bpf_prog

2024-03-11 16:41:25 -07:00

bpf_local_storage.c

bpf: Allow compiler to inline most of bpf_local_storage_lookup()

2024-02-11 14:06:24 -08:00

bpf_lru_list.c

bpf: Address KCSAN report on bpf_lru_list

2023-05-12 12:01:03 -07:00

bpf_lru_list.h

bpf: lru: Remove unused declaration bpf_lru_promote()

2023-08-08 17:21:42 -07:00

bpf_lsm.c

bpf: Minor clean-up to sleepable_lsm_hooks BTF set

2024-02-01 18:37:45 +01:00

bpf_struct_ops.c

bpf: struct_ops supports more than one page for trampolines.

2024-03-04 14:09:20 -08:00

bpf_task_storage.c

bpf: Teach verifier that certain helpers accept NULL pointer.

2023-04-04 16:57:16 -07:00

btf.c

bpf: Recognize btf_decl_tag("arg: Arena") as PTR_TO_ARENA.

2024-03-11 15:37:24 -07:00

cgroup_iter.c

bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg

2023-11-07 15:24:25 -08:00

cgroup.c

net: adopt skb_network_offset() and similar helpers

2024-03-04 08:47:06 +00:00

core.c

bpf: verifier: prevent userspace memory access

2024-04-26 09:45:18 -07:00

cpumap.c

bpf: report RCU QS in cpumap kthread

2024-03-20 21:05:43 -07:00

cpumask.c

bpf: treewide: Annotate BPF kfuncs in BTF

2024-01-31 20:40:56 -08:00

devmap.c

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

2024-03-07 20:02:38 -08:00

disasm.c

bpf: Disasm support for addr_space_cast instruction.

2024-03-11 15:37:24 -07:00

disasm.h

bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause

2021-09-02 14:49:23 +02:00

dispatcher.c

bpf: Use arch_bpf_trampoline_size

2023-12-06 17:17:20 -08:00

hashtab.c

bpf: Fix hashtab overflow check on 32-bit arches

2024-03-07 20:05:56 -08:00

helpers.c

bpf: fix warning for crash_kexec

2024-03-27 08:52:24 -07:00

inode.c

bpf: Support symbolic BPF FS delegation mount options

2024-01-24 16:21:02 -08:00

Kconfig

bpf: Merge two CONFIG_BPF entries

2024-02-07 16:38:20 -08:00

link_iter.c

bpf: Add bpf_link iterator

2022-05-10 11:20:45 -07:00

local_storage.c

Merge tag 'cgroup-for-6.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup

2023-04-29 10:05:22 -07:00

log.c

bpf: Recognize addr_space_cast instruction in the verifier.

2024-03-11 15:37:24 -07:00

lpm_trie.c

bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.

2024-06-27 13:52:12 +02:00

Makefile

kbuild: make -Woverride-init warnings more consistent

2024-03-31 11:32:26 +09:00

map_in_map.c

bpf: Optimize the free of inner map

2023-12-04 17:50:26 -08:00

map_in_map.h

bpf: Add map and need_defer parameters to .map_fd_put_ptr()

2023-12-04 17:50:26 -08:00

map_iter.c

bpf: treewide: Annotate BPF kfuncs in BTF

2024-01-31 20:40:56 -08:00

memalloc.c

bpf: Remove unnecessary cpu == 0 check in memalloc

2024-01-04 10:18:14 -08:00

mmap_unlock_work.h

bpf: Introduce helper bpf_find_vma

2021-11-07 11:54:51 -08:00

mprog.c

bpf: Handle bpf_mprog_query with NULL entry

2023-10-06 17:11:20 -07:00

net_namespace.c

net: Add includes masked by netdevice.h including uapi/bpf.h

2021-12-29 20:03:05 -08:00

offload.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2023-09-21 21:49:45 +02:00

percpu_freelist.c

bpf: Initialize same number of free nodes for each pcpu_freelist

2022-11-11 12:05:14 -08:00

percpu_freelist.h

bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI

2020-10-06 00:04:11 +02:00

prog_iter.c

bpf: Refactor bpf_iter_reg to have separate seq_info member

2020-07-25 20:16:32 -07:00

queue_stack_maps.c

bpf: Avoid deadlock when using queue and stack maps from NMI

2023-09-11 19:04:49 -07:00

reuseport_array.c

bpf: Centralize permissions checks for all BPF map types

2023-06-19 14:04:04 +02:00

ringbuf.c

bpf: Fold smp_mb__before_atomic() into atomic_set_release()

2023-10-24 14:26:07 +02:00

stackmap.c

bpf: Fix stackmap overflow check on 32-bit arches

2024-03-07 20:06:25 -08:00

syscall.c

bpf: Fix a potential use-after-free in bpf_link_free()

2024-06-21 14:40:04 +02:00

sysfs_btf.c

bpf: Load and verify kernel module BTFs

2020-11-10 15:25:53 -08:00

task_iter.c

bpf: Fix an issue due to uninitialized bpf_iter_task

2024-02-19 12:28:15 +01:00

tcx.c

bpf, tcx: Get rid of tcx_link_const

2023-10-23 15:01:53 -07:00

tnum.c

bpf: simplify tnum output if a fully known constant

2023-12-02 11:36:51 -08:00

token.c

bpf,token: Use BIT_ULL() to convert the bit mask

2024-01-29 20:04:55 -08:00

trampoline.c

bpf: move sleepable flag from bpf_prog_aux to bpf_prog

2024-03-11 16:41:25 -07:00

verifier.c

bpf: Allow delete from sockmap/sockhash only if update is allowed

2024-06-12 11:39:50 +02:00