tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

bpf: Prevent reentrance into call_rcu_tasks_trace()

call_rcu_tasks_trace() is not safe from in_nmi() and not reentrant.
To prevent deadlock on raw_spin_lock_rcu_node(rtpcp) or memory corruption
defer to irq_work when IRQs are disabled. call_rcu_tasks_generic()
protects itself with local_irq_save().
Note when bpf_async_cb->refcnt drops to zero it's safe to reuse
bpf_async_cb->worker for a different irq_work callback, since
bpf_async_schedule_op() -> irq_work_queue(&cb->worker);
is only called when refcnt >= 1.

Fixes: 1bfbc267ec91 ("bpf: Enable bpf_timer and bpf_wq in any context")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20260205190233.912-1-alexei.starovoitov@gmail.com

authored by

Alexei Starovoitov and committed by
Andrii Nakryiko 1ace9bac a2c86aa6

+13 -1
+13 -1
kernel/bpf/helpers.c
··· 1276 1276 bpf_async_cb_rcu_free(rcu); 1277 1277 } 1278 1278 1279 + static void worker_for_call_rcu(struct irq_work *work) 1280 + { 1281 + struct bpf_async_cb *cb = container_of(work, struct bpf_async_cb, worker); 1282 + 1283 + call_rcu_tasks_trace(&cb->rcu, bpf_async_cb_rcu_tasks_trace_free); 1284 + } 1285 + 1279 1286 static void bpf_async_refcount_put(struct bpf_async_cb *cb) 1280 1287 { 1281 1288 if (!refcount_dec_and_test(&cb->refcnt)) 1282 1289 return; 1283 1290 1284 - call_rcu_tasks_trace(&cb->rcu, bpf_async_cb_rcu_tasks_trace_free); 1291 + if (irqs_disabled()) { 1292 + cb->worker = IRQ_WORK_INIT(worker_for_call_rcu); 1293 + irq_work_queue(&cb->worker); 1294 + } else { 1295 + call_rcu_tasks_trace(&cb->rcu, bpf_async_cb_rcu_tasks_trace_free); 1296 + } 1285 1297 } 1286 1298 1287 1299 static void bpf_async_cancel_and_free(struct bpf_async_kern *async);