Re: [syzbot] [bpf?] possible deadlock in __stack_map_get
From: Hillf Danton
Date: Thu Apr 18 2024 - 19:10:03 EST
On Thu, 18 Apr 2024 13:00:28 -0700
> syzbot found the following issue on:
>
> HEAD commit: f99c5f563c17 Merge tag 'nf-24-03-21' of git://git.kernel.o..
> git tree: net
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f1f7cb180000
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git f99c5f563c17
--- x/kernel/bpf/queue_stack_maps.c
+++ y/kernel/bpf/queue_stack_maps.c
@@ -124,7 +124,7 @@ out:
return err;
}
-
+static DEFINE_PER_CPU(int, map_depth);
static long __stack_map_get(struct bpf_map *map, void *value, bool delete)
{
struct bpf_queue_stack *qs = bpf_queue_stack(map);
@@ -132,12 +132,22 @@ static long __stack_map_get(struct bpf_m
int err = 0;
void *ptr;
u32 index;
+ int dumy;
+ int *depth = &dumy;
if (in_nmi()) {
if (!raw_spin_trylock_irqsave(&qs->lock, flags))
return -EBUSY;
} else {
+ preempt_disable_notrace();
+ depth = this_cpu_ptr(&map_depth);
+ if (*depth) {
+ preempt_enable_notrace();
+ return -EDEADLK;
+ }
raw_spin_lock_irqsave(&qs->lock, flags);
+ *depth += 1;
+ preempt_enable_notrace();
}
if (queue_stack_map_is_empty(qs)) {
@@ -157,6 +167,7 @@ static long __stack_map_get(struct bpf_m
qs->head = index;
out:
+ *depth -= 1;
raw_spin_unlock_irqrestore(&qs->lock, flags);
return err;
}
--