diff options
author | John Fastabend <john.fastabend@gmail.com> | 2018-07-05 08:50:04 -0700 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2018-07-07 15:19:30 -0700 |
commit | 99ba2b5aba24e022683a7db63204f9e306fe7ab9 (patch) | |
tree | e174736f65a9dd001a67e2f007f93b5fd6265992 /kernel/bpf/syscall.c | |
parent | 0c6bc6e531a6db36f49622f1f115770160f7afb0 (diff) | |
download | lwn-99ba2b5aba24e022683a7db63204f9e306fe7ab9.tar.gz lwn-99ba2b5aba24e022683a7db63204f9e306fe7ab9.zip |
bpf: sockhash, disallow bpf_tcp_close and update in parallel
After latest lock updates there is no longer anything preventing a
close and recvmsg call running in parallel. Additionally, we can
race update with close if we close a socket and simultaneously update
if via the BPF userspace API (note the cgroup ops are already run
with sock_lock held).
To resolve this take sock_lock in close and update paths.
Reported-by: syzbot+b680e42077a0d7c9a0c4@syzkaller.appspotmail.com
Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'kernel/bpf/syscall.c')
-rw-r--r-- | kernel/bpf/syscall.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index d10ecd78105f..a31a1ba0f8ea 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -735,7 +735,9 @@ static int map_update_elem(union bpf_attr *attr) if (bpf_map_is_dev_bound(map)) { err = bpf_map_offload_update_elem(map, key, value, attr->flags); goto out; - } else if (map->map_type == BPF_MAP_TYPE_CPUMAP) { + } else if (map->map_type == BPF_MAP_TYPE_CPUMAP || + map->map_type == BPF_MAP_TYPE_SOCKHASH || + map->map_type == BPF_MAP_TYPE_SOCKMAP) { err = map->ops->map_update_elem(map, key, value, attr->flags); goto out; } |