selftests/bpf: Add cgroup kptr NMI deadlock reproducer#8037
Open
kernel-patches-daemon-bpf-rc[bot] wants to merge 1 commit into
Open
selftests/bpf: Add cgroup kptr NMI deadlock reproducer#8037kernel-patches-daemon-bpf-rc[bot] wants to merge 1 commit into
kernel-patches-daemon-bpf-rc[bot] wants to merge 1 commit into
Conversation
Author
|
Upstream branch: 2e8ad1f |
kernel-patches-daemon-bpf-rc
Bot
force-pushed
the
series/1109417=>bpf-next
branch
from
27c2635 to
b6b8870
Compare
kernel-patches-daemon-bpf-rc
Bot
force-pushed
the
bpf-next_base
branch
from
dcffd40 to
8b7f742
Compare
Author
|
Upstream branch: 30dee2c |
Exercise the path where a cgroup kptr stashed in a BPF map has its
destructor invoked from NMI context when the map element is freed.
bpf_cgroup_release_dtor -> cgroup_put can take sleeping/spinning paths
that are unsafe to enter from NMI; the destructor must be deferred
instead of run inline.
The test stashes a cgroup kptr from a syscall program into a HASH map
with BPF_F_NO_PREALLOC, then drives map element deletion from a
tp_btf/nmi_handler program firing on PMU cycle counter NMIs raised on a
pinned CPU. Each round:
1. Creates a cgroup and stashes its kptr in the map.
2. Removes the cgroup and waits for css_free_rwork_fn to fire for
every subsystem CSS (tracked via an fexit program), so the kptr
drop hits the window where the bug reproduces.
3. Arms the NMI program (gated by an "nr_cgrps" counter) and waits
for it to delete the stashed element.
After REPRO_ROUNDS iterations the test scans /dev/kmsg captured from
the start of the run: bpf_cgroup_release_dtor appearing in any splat
stack means the destructor ran inline from NMI and the fix has
regressed. The task variant only proved no hard hang; scanning kmsg
catches the bug even when the inline path does not actually wedge the
CPU.
This fails and causes a kernel splat prior to commit a3a81d2
("bpf: Cancel special fields on map value recycle") in bpf-next/master.
Runs on x86 only: relies on PMU cycle counter NMIs and the
x86-specific nmi_handler tracepoint.
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Justin Suess <utilityemal77@gmail.com>
kernel-patches-daemon-bpf-rc
Bot
force-pushed
the
series/1109417=>bpf-next
branch
from
b6b8870 to
7c5ce71
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: selftests/bpf: Add cgroup kptr NMI deadlock reproducer
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1109417