[bpf-next,v2,0/2] bpf: fix the crash caused by task iterators over vma

Message ID	20221216221855.4122288-1-kuifeng@meta.com (mailing list archive)
Headers	show Return-Path: <bpf-owner@kernel.org> From: Kui-Feng Lee <kuifeng@meta.com> To: <bpf@vger.kernel.org>, <ast@kernel.org>, <andrii@kernel.org>, <kernel-team@meta.com>, <song@kernel.org>, <yhs@meta.com> CC: Kui-Feng Lee <kuifeng@meta.com> Subject: [PATCH bpf-next v2 0/2] bpf: fix the crash caused by task iterators over vma Date: Fri, 16 Dec 2022 14:18:53 -0800 Message-ID: <20221216221855.4122288-1-kuifeng@meta.com> Content-Type: text/plain Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Precedence: bulk
Series	bpf: fix the crash caused by task iterators over vma \| expand [bpf-next,v2,0/2] bpf: fix the crash caused by task iterators over vma [bpf-next,v2,1/2] bpf: keep a reference to the mm, in case the task is dead. [bpf-next,v2,2/2] selftests/bpf: add a test for iter/task_vma for short-lived processes

Message ID

20221216221855.4122288-1-kuifeng@meta.com (mailing list archive)

Headers

From: Kui-Feng Lee <kuifeng@meta.com>
To: <bpf@vger.kernel.org>, <ast@kernel.org>, <andrii@kernel.org>,
        <kernel-team@meta.com>, <song@kernel.org>, <yhs@meta.com>
CC: Kui-Feng Lee <kuifeng@meta.com>
Subject: [PATCH bpf-next v2 0/2] bpf: fix the crash caused by task iterators
 over vma
Date: Fri, 16 Dec 2022 14:18:53 -0800
Message-ID: <20221216221855.4122288-1-kuifeng@meta.com>
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Precedence: bulk

Series

bpf: fix the crash caused by task iterators over vma | expand

Message

Kui-Feng Lee Dec. 16, 2022, 10:18 p.m. UTC

This issue is related to task iterators over vma. A system crash can
occur when a task iterator travels through vma of tasks as the death
of a task will clear the pointer to its mm, even though the
task_struct is still held. As a result, an unexpected crash happens
due to a null pointer. To address this problem, a reference to mm is
kept on the iterator to make sure that the pointer is always
valid. This patch set provides a solution for this crash by properly
referencing mm on task iterators over vma.

The major changes from v1 are:

 - Fix commit logs of the test case.

 - Use reverse Christmas tree coding style.

 - Remove unnecessary error handling for time().

v1: https://lore.kernel.org/bpf/20221216015912.991616-1-kuifeng@meta.com/

Kui-Feng Lee (2):
  bpf: keep a reference to the mm, in case the task is dead.
  selftests/bpf: add a test for iter/task_vma for short-lived processes

 kernel/bpf/task_iter.c                        | 39 +++++++---
 .../selftests/bpf/prog_tests/bpf_iter.c       | 73 +++++++++++++++++++
 2 files changed, 100 insertions(+), 12 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Dec. 28, 2022, 10:20 p.m. UTC | #1

Hello:

This series was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Fri, 16 Dec 2022 14:18:53 -0800 you wrote:
> This issue is related to task iterators over vma. A system crash can
> occur when a task iterator travels through vma of tasks as the death
> of a task will clear the pointer to its mm, even though the
> task_struct is still held. As a result, an unexpected crash happens
> due to a null pointer. To address this problem, a reference to mm is
> kept on the iterator to make sure that the pointer is always
> valid. This patch set provides a solution for this crash by properly
> referencing mm on task iterators over vma.
> 
> [...]

Here is the summary with links:
  - [bpf-next,v2,1/2] bpf: keep a reference to the mm, in case the task is dead.
    https://git.kernel.org/bpf/bpf/c/7ff94f276f8e
  - [bpf-next,v2,2/2] selftests/bpf: add a test for iter/task_vma for short-lived processes
    https://git.kernel.org/bpf/bpf/c/b7793c8db7d9

You are awesome, thank you!

Kui-Feng Lee Jan. 4, 2023, 9:16 p.m. UTC | #2

Hi everyone,

This patchset seems to be forgot during the holiday season.
Hope this message gets some notice.

On Fri, 2022-12-16 at 14:18 -0800, Kui-Feng Lee wrote:
> This issue is related to task iterators over vma. A system crash can
> occur when a task iterator travels through vma of tasks as the death
> of a task will clear the pointer to its mm, even though the
> task_struct is still held. As a result, an unexpected crash happens
> due to a null pointer. To address this problem, a reference to mm is
> kept on the iterator to make sure that the pointer is always
> valid. This patch set provides a solution for this crash by properly
> referencing mm on task iterators over vma.
> 
> The major changes from v1 are:
> 
>  - Fix commit logs of the test case.
> 
>  - Use reverse Christmas tree coding style.
> 
>  - Remove unnecessary error handling for time().
> 
> v1:
> https://lore.kernel.org/bpf/20221216015912.991616-1-kuifeng@meta.com/
> 
> Kui-Feng Lee (2):
>   bpf: keep a reference to the mm, in case the task is dead.
>   selftests/bpf: add a test for iter/task_vma for short-lived
> processes
> 
>  kernel/bpf/task_iter.c                        | 39 +++++++---
>  .../selftests/bpf/prog_tests/bpf_iter.c       | 73
> +++++++++++++++++++
>  2 files changed, 100 insertions(+), 12 deletions(-)
>

Alexei Starovoitov Jan. 4, 2023, 9:21 p.m. UTC | #3

On Wed, Jan 4, 2023 at 1:17 PM Kui-Feng Lee <kuifeng@meta.com> wrote:
>
> Hi everyone,
>
> This patchset seems to be forgot during the holiday season.
> Hope this message gets some notice.

It was applied to bpf tree
commit 7ff94f276f8e ("bpf: keep a reference to the mm, in case the
task is dead.")