On 2/2/18 6:28 AM, Eric Dumazet wrote:
On Mon, 2017-10-02 at 16:48 -0700, Alexei Starovoitov wrote:
introduce BPF_PROG_QUERY command to retrieve a set of either
attached programs to given cgroup or a set of effective programs
that will execute for events within a cgroup
...
+
+int bpf_prog_array_copy_to_user(struct bpf_prog_array __rcu *progs,
+ __u32 __user *prog_ids)
+{
+ struct bpf_prog **prog;
+ u32 cnt = 0, id;
+
+ rcu_read_lock();
+ prog = rcu_dereference(progs)->progs;
+ for (; *prog; prog++) {
+ id = (*prog)->aux->id;
+ if (copy_to_user(prog_ids + cnt, &id, sizeof(id))) {
+ rcu_read_unlock();
+ return -EFAULT;
+ }
+ cnt++;
+ }
+ rcu_read_unlock();
+ return 0;
+}
We can not use copy_to_user() inside rcu_read_lock() section.
CONFIG_DEBUG_ATOMIC_SLEEP=y would have detected this problem.
Courtesy of syzbot, obviously.
duh. thanks! will fix asap.
