[bpf,v2,0/2] bpf: Fix bpf timer kmemleak

Message ID	20231020014214.2471419-1-houtao@huaweicloud.com (mailing list archive)
Headers	show Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C9D40648 for <bpf@vger.kernel.org>; Fri, 20 Oct 2023 01:41:23 +0000 (UTC) From: Hou Tao <houtao@huaweicloud.com> To: bpf@vger.kernel.org Cc: Martin KaFai Lau <martin.lau@linux.dev>, Alexei Starovoitov <alexei.starovoitov@gmail.com>, Andrii Nakryiko <andrii@kernel.org>, Song Liu <song@kernel.org>, Hao Luo <haoluo@google.com>, Yonghong Song <yonghong.song@linux.dev>, Daniel Borkmann <daniel@iogearbox.net>, KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>, Jiri Olsa <jolsa@kernel.org>, John Fastabend <john.fastabend@gmail.com>, Hsin-Wei Hung <hsinweih@uci.edu>, houtao1@huawei.com Subject: [PATCH bpf v2 0/2] bpf: Fix bpf timer kmemleak Date: Fri, 20 Oct 2023 09:42:12 +0800 Message-Id: <20231020014214.2471419-1-houtao@huaweicloud.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	bpf: Fix bpf timer kmemleak \| expand [bpf,v2,0/2] bpf: Fix bpf timer kmemleak [bpf,v2,1/2] bpf: Check map->usercnt again after timer->timer is assigned [bpf,v2,2/2] selftests/bpf: Test race between map uref release and bpf timer init

Message ID

20231020014214.2471419-1-houtao@huaweicloud.com (mailing list archive)

Headers

From: Hou Tao <houtao@huaweicloud.com>
To: bpf@vger.kernel.org
Cc: Martin KaFai Lau <martin.lau@linux.dev>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Andrii Nakryiko <andrii@kernel.org>,
	Song Liu <song@kernel.org>,
	Hao Luo <haoluo@google.com>,
	Yonghong Song <yonghong.song@linux.dev>,
	Daniel Borkmann <daniel@iogearbox.net>,
	KP Singh <kpsingh@kernel.org>,
	Stanislav Fomichev <sdf@google.com>,
	Jiri Olsa <jolsa@kernel.org>,
	John Fastabend <john.fastabend@gmail.com>,
	Hsin-Wei Hung <hsinweih@uci.edu>,
	houtao1@huawei.com
Subject: [PATCH bpf v2 0/2] bpf: Fix bpf timer kmemleak
Date: Fri, 20 Oct 2023 09:42:12 +0800
Message-Id: <20231020014214.2471419-1-houtao@huaweicloud.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

bpf: Fix bpf timer kmemleak | expand

Message

Hou Tao Oct. 20, 2023, 1:42 a.m. UTC

From: Hou Tao <houtao1@huawei.com>

Hi,

The patchset aims to fix the kmemleak problem reported by Hsin-Wei Hung
[0]. Patch #1 fixes the kmemleak problem by re-checking map->usercnt
after timer->timer is assigned. Patch #2 adds a selftest for the
kmemleak problem. But it is a bit hard to reproduce the kmemleak by
only running the test and I managed to reproduce the problem by both
running the test and injecting delay before timer->timer is assigned in
bpf_timer_init().

Please see individual patches for more details. And comments are always
welcome.

Change Log:
v2:
  * patch #1: use smp_mb() instead of smp_mb__before_atomic()
  * patch #2: use WRITE_ONCE(timer->timer, x) to match the lockless read
              of timer->timer

v1: https://lore.kernel.org/bpf/20231017125717.241101-1-houtao@huaweicloud.com

Hou Tao (2):
  bpf: Check map->usercnt again after timer->timer is assigned
  selftests/bpf: Test race between map uref release and bpf timer init

 kernel/bpf/helpers.c                          |  18 ++-
 .../bpf/prog_tests/timer_init_race.c          | 138 ++++++++++++++++++
 .../selftests/bpf/progs/timer_init_race.c     |  56 +++++++
 3 files changed, 209 insertions(+), 3 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/timer_init_race.c
 create mode 100644 tools/testing/selftests/bpf/progs/timer_init_race.c