This is a note to let you know that I've just added the patch titled
bpf: fix rcu lockdep warning for lpm_trie map_free callback
to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: bpf-fix-rcu-lockdep-warning-for-lpm_trie-map_free-callback.patch and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From foo@baz Fri Mar 9 14:18:36 PST 2018
From: Daniel Borkmann daniel@iogearbox.net Date: Thu, 8 Mar 2018 13:14:42 +0100 Subject: bpf: fix rcu lockdep warning for lpm_trie map_free callback To: gregkh@linuxfoundation.org Cc: ast@kernel.org, daniel@iogearbox.net, stable@vger.kernel.org, Yonghong Song yhs@fb.com Message-ID: 8858404a8f3ea0fc0a60e045a02f7714ad6bbb01.1520504748.git.daniel@iogearbox.net
From: Yonghong Song yhs@fb.com
[ upstream commit 6c5f61023c5b0edb0c8a64c902fe97c6453b1852 ]
Commit 9a3efb6b661f ("bpf: fix memory leak in lpm_trie map_free callback function") fixed a memory leak and removed unnecessary locks in map_free callback function. Unfortrunately, it introduced a lockdep warning. When lockdep checking is turned on, running tools/testing/selftests/bpf/test_lpm_map will have:
[ 98.294321] ============================= [ 98.294807] WARNING: suspicious RCU usage [ 98.295359] 4.16.0-rc2+ #193 Not tainted [ 98.295907] ----------------------------- [ 98.296486] /home/yhs/work/bpf/kernel/bpf/lpm_trie.c:572 suspicious rcu_dereference_check() usage! [ 98.297657] [ 98.297657] other info that might help us debug this: [ 98.297657] [ 98.298663] [ 98.298663] rcu_scheduler_active = 2, debug_locks = 1 [ 98.299536] 2 locks held by kworker/2:1/54: [ 98.300152] #0: ((wq_completion)"events"){+.+.}, at: [<00000000196bc1f0>] process_one_work+0x157/0x5c0 [ 98.301381] #1: ((work_completion)(&map->work)){+.+.}, at: [<00000000196bc1f0>] process_one_work+0x157/0x5c0
Since actual trie tree removal happens only after no other accesses to the tree are possible, replacing rcu_dereference_protected(*slot, lockdep_is_held(&trie->lock)) with rcu_dereference_protected(*slot, 1) fixed the issue.
Fixes: 9a3efb6b661f ("bpf: fix memory leak in lpm_trie map_free callback function") Reported-by: Eric Dumazet edumazet@google.com Suggested-by: Eric Dumazet edumazet@google.com Signed-off-by: Yonghong Song yhs@fb.com Reviewed-by: Eric Dumazet edumazet@google.com Acked-by: David S. Miller davem@davemloft.net Signed-off-by: Daniel Borkmann daniel@iogearbox.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- kernel/bpf/lpm_trie.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
--- a/kernel/bpf/lpm_trie.c +++ b/kernel/bpf/lpm_trie.c @@ -484,8 +484,7 @@ static void trie_free(struct bpf_map *ma slot = &trie->root;
for (;;) { - node = rcu_dereference_protected(*slot, - lockdep_is_held(&trie->lock)); + node = rcu_dereference_protected(*slot, 1); if (!node) goto out;
Patches currently in stable-queue which might be from daniel@iogearbox.net are
queue-4.14/bpf-fix-mlock-precharge-on-arraymaps.patch queue-4.14/bpf-x64-implement-retpoline-for-tail-call.patch queue-4.14/bpf-arm64-fix-out-of-bounds-access-in-tail-call.patch queue-4.14/bpf-fix-memory-leak-in-lpm_trie-map_free-callback-function.patch queue-4.14/bpf-ppc64-fix-out-of-bounds-access-in-tail-call.patch queue-4.14/bpf-add-schedule-points-in-percpu-arrays-management.patch queue-4.14/bpf-allow-xadd-only-on-aligned-memory.patch queue-4.14/bpf-fix-rcu-lockdep-warning-for-lpm_trie-map_free-callback.patch