Skip to content

bpf, sockmap: Fix psock incorrectly pointing to sk #8991

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

bpf, sockmap: Fix psock incorrectly pointing to sk #8991

wants to merge 1 commit into from

Conversation

kernel-patches-daemon-bpf[bot]
Copy link

Pull request for series with
subject: bpf, sockmap: Fix psock incorrectly pointing to sk
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 8259eb0
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: bfccacd
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from f33ff92 to 9af4be6 Compare May 23, 2025 17:25
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 079e5c5
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 9af4be6 to 29600fd Compare May 23, 2025 20:33
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: db22b13
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 29600fd to 239414e Compare May 27, 2025 16:54
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 1ae7a84
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 239414e to 80632ce Compare May 27, 2025 17:33
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 86bc9c7
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 80632ce to 5c27fc1 Compare May 27, 2025 17:47
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: d496557
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 5c27fc1 to 9802a76 Compare May 27, 2025 17:53
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: ca56fbd
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 9802a76 to 01d08b2 Compare May 27, 2025 18:00
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 5ffb537
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 01d08b2 to 283124a Compare May 27, 2025 21:10
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 90b83ef
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 54aa8a3 to daa082a Compare May 29, 2025 05:18
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 90b83ef
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from daa082a to 73dde73 Compare May 30, 2025 14:51
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: bb1556e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 73dde73 to 9f060d8 Compare June 1, 2025 18:03
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: bb1556e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 9f060d8 to ccc72d3 Compare June 2, 2025 06:42
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: cd2e103
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from ccc72d3 to 43ab801 Compare June 2, 2025 17:54
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: cd2e103
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=965935
version: 1

@mrpre
bpf, sockmap: Fix psock incorrectly pointing to sk
6e04d3f 
We observed an issue from the latest selftest: sockmap_redir where
sk_psock(psock->sk) != psock in the backlog. The root cause is the special
behavior in sockmap_redir - it frequently performs map_update() and
map_delete() on the same socket. During map_update(), we create a new
psock and during map_delete(), we eventually free the psock via rcu_work
in sk_psock_drop(). However, pending workqueues might still exist and not
be processed yet. If users immediately perform another map_update(), a new
psock will be allocated for the same sk, resulting in two psocks pointing
to the same sk.

When the pending workqueue is later triggered, it uses the old psock to
access sk for I/O operations, which is incorrect.

Timing Diagram:

cpu0                        cpu1

map_update(sk):
    sk->psock = psock1
    psock1->sk = sk
map_delete(sk):
   rcu_work_free(psock1)

map_update(sk):
    sk->psock = psock2
    psock2->sk = sk
                            workqueue:
                                wakeup with psock1, but the sk of psock1
                                doesn't belong to psock1
rcu_handler:
    clean psock1
    free(psock1)

Previously, we used reference counting to address the concurrency issue
between backlog and sock_map_close(). This logic remains necessary as it
prevents the sk from being freed while processing the backlog. But this
patch prevents pending backlogs from using a psock after it has been
freed.

Note: We cannot call cancel_delayed_work_sync() in map_delete() since this
might be invoked in BPF context by BPF helper, and the function may sleep.

Fixes: 604326b ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Jiayuan Chen <[email protected]>
@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/965935=>bpf-next branch from 43ab801 to 6e04d3f Compare June 2, 2025 17:59
@kernel-patches-daemon-bpf
Copy link
Author

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=965935 expired. Closing PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next changes-requested V1-ci-pass V1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mrpre