selftests/bpf: Add missing trampoline program type to trampoline_count test #461
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Master branch: 418fbe8 |
|
Master branch: ac6a658 |
kernel-patches-bot
force-pushed
the
series/641714=>bpf-next
branch
from
50d4c9c to
8ff574c
Compare
…t test Currently the trampoline_count test doesn't include any fmod_ret bpf programs, fix it to make the test cover all possible trampoline program types. Since fmod_ret bpf programs can't be attached to __set_task_comm function, as it's neither whitelisted for error injection nor a security hook, change it to bpf_modify_return_test. This patch also does some other cleanups such as removing duplicate code, dropping inconsistent comments, etc. Signed-off-by: Yuntao Wang <[email protected]>
|
Master branch: 68084a1 |
kernel-patches-bot
force-pushed
the
series/641714=>bpf-next
branch
from
8ff574c to
3d15c2e
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=641714 expired. Closing PR. |
|
Master branch: 70a1b25 |
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Apr 22, 2023
KASAN report null-ptr-deref: ================================================================== BUG: KASAN: null-ptr-deref in bdi_split_work_to_wbs+0x5c5/0x7b0 Write of size 8 at addr 0000000000000000 by task sync/943 CPU: 5 PID: 943 Comm: sync Tainted: 6.3.0-rc5-next-20230406-dirty #461 Call Trace: <TASK> dump_stack_lvl+0x7f/0xc0 print_report+0x2ba/0x340 kasan_report+0xc4/0x120 kasan_check_range+0x1b7/0x2e0 __kasan_check_write+0x24/0x40 bdi_split_work_to_wbs+0x5c5/0x7b0 sync_inodes_sb+0x195/0x630 sync_inodes_one_sb+0x3a/0x50 iterate_supers+0x106/0x1b0 ksys_sync+0x98/0x160 [...] ================================================================== The race that causes the above issue is as follows: cpu1 cpu2 -------------------------|------------------------- inode_switch_wbs INIT_WORK(&isw->work, inode_switch_wbs_work_fn) queue_rcu_work(isw_wq, &isw->work) // queue_work async inode_switch_wbs_work_fn wb_put_many(old_wb, nr_switched) percpu_ref_put_many ref->data->release(ref) cgwb_release queue_work(cgwb_release_wq, &wb->release_work) // queue_work async &wb->release_work cgwb_release_workfn ksys_sync iterate_supers sync_inodes_one_sb sync_inodes_sb bdi_split_work_to_wbs kmalloc(sizeof(*work), GFP_ATOMIC) // alloc memory failed percpu_ref_exit ref->data = NULL kfree(data) wb_get(wb) percpu_ref_get(&wb->refcnt) percpu_ref_get_many(ref, 1) atomic_long_add(nr, &ref->data->count) atomic64_add(i, v) // trigger null-ptr-deref bdi_split_work_to_wbs() traverses &bdi->wb_list to split work into all wbs. If the allocation of new work fails, the on-stack fallback will be used and the reference count of the current wb is increased afterwards. If cgroup writeback membership switches occur before getting the reference count and the current wb is released as old_wd, then calling wb_get() or wb_put() will trigger the null pointer dereference above. This issue was introduced in v4.3-rc7 (see fix tag1). Both sync_inodes_sb() and __writeback_inodes_sb_nr() calls to bdi_split_work_to_wbs() can trigger this issue. For scenarios called via sync_inodes_sb(), originally commit 7fc5854 ("writeback: synchronize sync(2) against cgroup writeback membership switches") reduced the possibility of the issue by adding wb_switch_rwsem, but in v5.14-rc1 (see fix tag2) removed the "inode_io_list_del_locked(inode, old_wb)" from inode_switch_wbs_work_fn() so that wb->state contains WB_has_dirty_io, thus old_wb is not skipped when traversing wbs in bdi_split_work_to_wbs(), and the issue becomes easily reproducible again. To solve this problem, percpu_ref_exit() is called under RCU protection to avoid race between cgwb_release_workfn() and bdi_split_work_to_wbs(). Moreover, replace wb_get() with wb_tryget() in bdi_split_work_to_wbs(), and skip the current wb if wb_tryget() fails because the wb has already been shutdown. Link: https://lkml.kernel.org/r/[email protected] Fixes: b817525 ("writeback: bdi_writeback iteration must not skip dying ones") Signed-off-by: Baokun Li <[email protected]> Reviewed-by: Jan Kara <[email protected]> Acked-by: Tejun Heo <[email protected]> Cc: Alexander Viro <[email protected]> Cc: Andreas Dilger <[email protected]> Cc: Christian Brauner <[email protected]> Cc: Dennis Zhou <[email protected]> Cc: Hou Tao <[email protected]> Cc: yangerkun <[email protected]> Cc: Zhang Yi <[email protected]> Cc: Jens Axboe <[email protected]> Cc: <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 11, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 11, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 11, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 15, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 15, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 15, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 16, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 17, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Tao Chen <[email protected]>
kernel-patches-daemon-bpf-rc bot
pushed a commit
that referenced
this pull request
Jul 17, 2025
A previous change added bpf_token_info to get token info with bpf_get_obj_info_by_fd, this patch adds a new test for token info. #461/12 token/bpf_token_info:OK Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Tao Chen <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Alexei Starovoitov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: selftests/bpf: Add missing trampoline program type to trampoline_count test
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=641714