git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Sahil Chandna <chandna.sahil@gmail.com>
	Fri, 14 Nov 2025 06:49:22 +0000 (12:19 +0530)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 14 Nov 2025 21:06:47 +0000 (13:06 -0800)
commit	c1da3df7191f1b4df9256bcd30d78f78201e1d17
tree	1b65e0e0fb4947831e5ea2b49180763a2dccff92	tree \| snapshot
parent	93ce3bee311d6f885bffb4a83843bddbe6b126be	commit \| diff

bpf: Prevent nesting overflow in bpf_try_get_buffers

bpf_try_get_buffers() returns one of multiple per-CPU buffers based on a
per-CPU nesting counter. This mechanism expects that buffers are not
endlessly acquired before being returned. migrate_disable() ensures that a
task remains on the same CPU, but it does not prevent the task from being
preempted by another task on that CPU.

Without disabled preemption, a task may be preempted while holding a
buffer, allowing another task to run on same CPU and acquire an
additional buffer. Several such preemptions can cause the per-CPU
nest counter to exceed MAX_BPRINTF_NEST_LEVEL and trigger the warning in
bpf_try_get_buffers(). Adding preempt_disable()/preempt_enable() around
buffer acquisition and release prevents this task preemption and
preserves the intended bounded nesting behavior.

Reported-by: syzbot+b0cff308140f79a9c4cb@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/68f6a4c8.050a0220.1be48.0011.GAE@google.com/
Fixes: 4223bf833c849 ("bpf: Remove preempt_disable in bpf_try_get_buffers")
Suggested-by: Yonghong Song <yonghong.song@linux.dev>
Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Sahil Chandna <chandna.sahil@gmail.com>
Link: https://lore.kernel.org/r/20251114064922.11650-1-chandna.sahil@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>