diff options
| author | Marco Elver <[email protected]> | 2021-02-09 11:27:01 +0000 |
|---|---|---|
| committer | Andrii Nakryiko <[email protected]> | 2021-02-10 23:54:26 +0000 |
| commit | 6df8fb83301d68ea0a0c0e1cbcc790fcc333ed12 (patch) | |
| tree | d4cd79c6a35d0322e2f7a903c58a7c314b742fd7 /tools/testing/selftests/bpf/prog_tests/recursion.c | |
| parent | selftests/bpf: Simplify the calculation of variables (diff) | |
| download | kernel-6df8fb83301d68ea0a0c0e1cbcc790fcc333ed12.tar.gz kernel-6df8fb83301d68ea0a0c0e1cbcc790fcc333ed12.zip | |
bpf_lru_list: Read double-checked variable once without lock
For double-checked locking in bpf_common_lru_push_free(), node->type is
read outside the critical section and then re-checked under the lock.
However, concurrent writes to node->type result in data races.
For example, the following concurrent access was observed by KCSAN:
write to 0xffff88801521bc22 of 1 bytes by task 10038 on cpu 1:
__bpf_lru_node_move_in kernel/bpf/bpf_lru_list.c:91
__local_list_flush kernel/bpf/bpf_lru_list.c:298
...
read to 0xffff88801521bc22 of 1 bytes by task 10043 on cpu 0:
bpf_common_lru_push_free kernel/bpf/bpf_lru_list.c:507
bpf_lru_push_free kernel/bpf/bpf_lru_list.c:555
...
Fix the data races where node->type is read outside the critical section
(for double-checked locking) by marking the access with READ_ONCE() as
well as ensuring the variable is only accessed once.
Fixes: 3a08c2fd7634 ("bpf: LRU List")
Reported-by: [email protected]
Reported-by: [email protected]
Signed-off-by: Marco Elver <[email protected]>
Signed-off-by: Andrii Nakryiko <[email protected]>
Acked-by: Martin KaFai Lau <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
Diffstat (limited to 'tools/testing/selftests/bpf/prog_tests/recursion.c')
0 files changed, 0 insertions, 0 deletions