Kumar Kartikeya Dwivedi says:
====================
Fix kptr dtor deadlock
Referenced kptr destruction can run from tracing/NMI contexts through
bpf_obj_drop() and map value update/delete paths, reaching NMI-unsafe
special field teardown and deadlocks. Justin reported the issue and
iterated on fixes in [0]-[2], and also confirmed the bpf_obj_drop()
reproducer in [3].
This series rejects unsafe obj drops from non-iterator tracing programs,
limits map value recycle to NMI-safe field cancellation, and adds
focused selftests for the obj_drop(), NMI delete, and recycle teardown
cases.
See patches for details.
[0]: https://lore.kernel.org/bpf/
20260505150851.
3090688-1-utilityemal77@gmail.com
[1]: https://lore.kernel.org/bpf/
20260507175453.
1140400-1-utilityemal77@gmail.com
[2]: https://lore.kernel.org/bpf/
20260519011450.
1144935-1-utilityemal77@gmail.com
[3]: https://lore.kernel.org/bpf/agyG3eQwgmoJwmj2@suesslenovo
Changelog:
----------
v2 -> v3
v2: https://lore.kernel.org/bpf/
20260609093719.
2858096-1-memxor@gmail.com
* Replace bpf_obj_cancel_fields() to use bpf_map_free_internal_structs(). (Mykyta)
* Fix CI failures.
v1 -> v2
v1: https://lore.kernel.org/bpf/
20260608144841.
1732406-1-memxor@gmail.com
* Drop is_tracing_prog_type() fix due to compat breakage, revisit separately.
* Rework bpf_obj_drop() fix to additionally reject non-iter tracing progs.
====================
Link: https://patch.msgid.link/20260609202548.3571690-1-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
projects / thirdparty / linux.git / commitdiff
