git.baikalelectronics.ru Git - kernel.git/commit

author	Thomas Gleixner <tglx@linutronix.de>
	Mon, 24 Feb 2020 14:01:32 +0000 (15:01 +0100)
committer	Alexei Starovoitov <ast@kernel.org>
	Tue, 25 Feb 2020 00:12:19 +0000 (16:12 -0800)
commit	fbe970e117c31a56e9623106d1c4ba218e197a5a
tree	5413c0a6b7298c349c1024711df31692c91d1d8d	tree \| snapshot
parent	b952784ac995af8d12991edc764bfe57ebd7bb08	commit \| diff

bpf: Tighten the requirements for preallocated hash maps

The assumption that only programs attached to perf NMI events can deadlock
on memory allocators is wrong. Assume the following simplified callchain:

kmalloc() from regular non BPF context
  cache empty
   freelist empty
    lock(zone->lock);
     tracepoint or kprobe
      BPF()
       update_elem()
        lock(bucket)
          kmalloc()
           cache empty
            freelist empty
             lock(zone->lock);  <- DEADLOCK

There are other ways which do not involve locking to create wreckage:

kmalloc() from regular non BPF context
  local_irq_save();
   ...
    obj = slab_first();
     kprobe()
      BPF()
       update_elem()
        lock(bucket)
         kmalloc()
          local_irq_save();
           ...
            obj = slab_first(); <- Same object as above ...

So preallocation _must_ be enforced for all variants of intrusive
instrumentation.

Unfortunately immediate enforcement would break backwards compatibility, so
for now such programs still are allowed to run, but a one time warning is
emitted in dmesg and the verifier emits a warning in the verifier log as
well so developers are made aware about this and can fix their programs
before the enforcement becomes mandatory.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200224145642.540542802@linutronix.de