From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 33C283B2A4 for ; Sun, 8 Sep 2019 04:33:57 -0400 (EDT) Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5441DC069B4B for ; Sun, 8 Sep 2019 08:33:56 +0000 (UTC) Received: by mail-lj1-f198.google.com with SMTP id x5so1454859ljc.0 for ; Sun, 08 Sep 2019 01:33:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=Yx3kKsh4gyeDt5/46KJgnEnzulqjHSTWwYhh5BfKF6M=; b=S9fLVGAu1bJiJdp8FNvaiPZt1caDWGJhlhn8dad1hc7GXzcaxt7DI6kQ4b+EjCzqJ6 xPFrmxdTJhon1RyUqkD2oqhJoaHp81vgg3yTwjR8HYrYQe0Z1K3jslfvvJnc/sE4toqm wQqxw41o9msAbpcHU3Y/qdX0y3e8Qp7vR8c0Wgf+AXBX1h8e/QbFVtKuXZB/Q6Za1tqe Bg0tz6ZVLQbLEZqgMkIWxab9q/ygsFe1vifqV5c4CIQP7WNKYDNUE6tXtOviosCC5vTB IcNjDjlpmYtrbLB8jlxSIuAWmPvEQ6PIiWQF1nle4jdMkrGmU3uhIa508m5VAkUbSHa3 nO2w== X-Gm-Message-State: APjAAAXFw0KgWHZ0AUgKAyGuCF3591HYcCHYkf5zYfZWMK+I7BXzVx5Z 3EBkju612i3f6asHQXHCe9vX4934ZbIDI7GySBtxkau2wpPIzBamZdhqwkLFYjCl69o06+dauN7 tyZ9L0lORayNDWu84niqwb4QSZTpSsKXTw/A= X-Received: by 2002:a2e:a40e:: with SMTP id p14mr11869366ljn.29.1567931634716; Sun, 08 Sep 2019 01:33:54 -0700 (PDT) X-Google-Smtp-Source: APXvYqxkyQoRp9d3iYIZBzRDfVde3dxjcokxivsZpSyT+YTN73wAApU9AFlsfUpCOXC23q8ZXUbvNA== X-Received: by 2002:a2e:a40e:: with SMTP id p14mr11869361ljn.29.1567931634559; Sun, 08 Sep 2019 01:33:54 -0700 (PDT) Received: from alrua-x1.borgediget.toke.dk (borgediget.toke.dk. [85.204.121.218]) by smtp.gmail.com with ESMTPSA id l18sm1892478lje.88.2019.09.08.01.33.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Sep 2019 01:33:53 -0700 (PDT) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id DEF52180615; Sun, 8 Sep 2019 09:33:51 +0100 (WEST) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= To: make-wifi-fast@lists.bufferbloat.net, linux-wireless@vger.kernel.org In-Reply-To: <20190908082016.17214-1-toke@redhat.com> References: <0000000000005091a70591d3e1d9@google.com> <20190908082016.17214-1-toke@redhat.com> X-Clacks-Overhead: GNU Terry Pratchett Date: Sun, 08 Sep 2019 09:33:51 +0100 Message-ID: <87sgp7w5jk.fsf@toke.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Make-wifi-fast] [PATCH bpf-next] xdp: Fix race in dev_map_hash_update_elem() when replacing element X-BeenThere: make-wifi-fast@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Sep 2019 08:33:57 -0000 Toke H=C3=B8iland-J=C3=B8rgensen writes: > syzbot found a crash in dev_map_hash_update_elem(), when replacing an > element with a new one. Jesper correctly identified the cause of the crash > as a race condition between the initial lookup in the map (which is done > before taking the lock), and the removal of the old element. > > Rather than just add a second lookup into the hashmap after taking the > lock, fix this by reworking the function logic to take the lock before the > initial lookup. > > Fixes: 6f9d451ab1a3 ("xdp: Add devmap_hash map type for looking up device= s by hashed index") > Reported-and-tested-by: syzbot+4e7a85b1432052e8d6f8@syzkaller.appspotmail= .com > Signed-off-by: Toke H=C3=B8iland-J=C3=B8rgensen > --- Oops, this wasn't supposed to go to linux-wireless and make-wifi-fast; apologies for the noise! :) -Toke