Re: [PATCH net v5 2/2] net: refactor bpf_sk_reuseport_detach()

From: Martin KaFai Lau
Date: Mon Aug 15 2022 - 14:44:08 EST


On Fri, Aug 05, 2022 at 03:48:36PM +0800, Hawkins Jiawei wrote:
> Refactor sk_user_data dereference using more generic function
> __rcu_dereference_sk_user_data_with_flags(), which improve its
> maintainability
>
> Suggested-by: Jakub Kicinski <kuba@xxxxxxxxxx>
> Signed-off-by: Hawkins Jiawei <yin31149@xxxxxxxxx>
> ---
> kernel/bpf/reuseport_array.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/kernel/bpf/reuseport_array.c b/kernel/bpf/reuseport_array.c
> index e2618fb5870e..85fa9dbfa8bf 100644
> --- a/kernel/bpf/reuseport_array.c
> +++ b/kernel/bpf/reuseport_array.c
> @@ -21,14 +21,11 @@ static struct reuseport_array *reuseport_array(struct bpf_map *map)
> /* The caller must hold the reuseport_lock */
> void bpf_sk_reuseport_detach(struct sock *sk)
> {
> - uintptr_t sk_user_data;
> + struct sock __rcu **socks;
>
> write_lock_bh(&sk->sk_callback_lock);
> - sk_user_data = (uintptr_t)sk->sk_user_data;
> - if (sk_user_data & SK_USER_DATA_BPF) {
> - struct sock __rcu **socks;
> -
> - socks = (void *)(sk_user_data & SK_USER_DATA_PTRMASK);
> + socks = __rcu_dereference_sk_user_data_with_flags(sk, SK_USER_DATA_BPF);
syzbot reports 'suspicious rcu_dereference_check() usage':
https://lore.kernel.org/netdev/0000000000007902fc05e6458697@xxxxxxxxxx/

rcu_read_lock() does not need to be held here.
One option is to use rcu_access_pointer.
Another option is to use rcu_dereference_check() and pass the
lockdep_is_held(&sk->sk_callback_lock) from here.


> + if (socks) {
> WRITE_ONCE(sk->sk_user_data, NULL);
> /*
> * Do not move this NULL assignment outside of
> --
> 2.25.1
>