| Message ID | 20230118204815.3331855-1-yhs@fb.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | bdb7fdb0aca8b96cef9995d3a57e251c2289322f |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf] bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers | expand |
Hello: This patch was applied to bpf/bpf.git (master) by Alexei Starovoitov <ast@kernel.org>: On Wed, 18 Jan 2023 12:48:15 -0800 you wrote: > In current bpf_send_signal() and bpf_send_signal_thread() helper > implementation, irq_work is used to handle nmi context. Hao Sun > reported in [1] that the current task at the entry of the helper > might be gone during irq_work callback processing. To fix the issue, > a reference is acquired for the current task before enqueuing into > the irq_work so that the queued task is still available during > irq_work callback processing. > > [...] Here is the summary with links: - [bpf] bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers https://git.kernel.org/bpf/bpf/c/bdb7fdb0aca8 You are awesome, thank you!
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index f47274de012b..c09792c551bf 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -833,6 +833,7 @@ static void do_bpf_send_signal(struct irq_work *entry) work = container_of(entry, struct send_signal_irq_work, irq_work); group_send_sig_info(work->sig, SEND_SIG_PRIV, work->task, work->type); + put_task_struct(work->task); } static int bpf_send_signal_common(u32 sig, enum pid_type type) @@ -867,7 +868,7 @@ static int bpf_send_signal_common(u32 sig, enum pid_type type) * to the irq_work. The current task may change when queued * irq works get executed. */ - work->task = current; + work->task = get_task_struct(current); work->sig = sig; work->type = type; irq_work_queue(&work->irq_work);
In current bpf_send_signal() and bpf_send_signal_thread() helper implementation, irq_work is used to handle nmi context. Hao Sun reported in [1] that the current task at the entry of the helper might be gone during irq_work callback processing. To fix the issue, a reference is acquired for the current task before enqueuing into the irq_work so that the queued task is still available during irq_work callback processing. [1] https://lore.kernel.org/bpf/20230109074425.12556-1-sunhao.th@gmail.com/ Fixes: 8b401f9ed244 ("bpf: implement bpf_send_signal() helper") Tested-by: Hao Sun <sunhao.th@gmail.com> Reported-by: Hao Sun <sunhao.th@gmail.com> Signed-off-by: Yonghong Song <yhs@fb.com> --- kernel/trace/bpf_trace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) NOTE: I didn't add a unit test case since it is very hard to construct one which can reliably reproducing the issue in short amount of time. I cannot even reproduce the issue with Hao's reproducer in my local environment. Hopefully, the patch itself can explain the issue and the fix.