* [PATCH net] bpf, trace: use READ_ONCE for retrieving file ptr
@ 2016-06-04 18:50 Daniel Borkmann
2016-06-07 21:48 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Daniel Borkmann @ 2016-06-04 18:50 UTC (permalink / raw)
To: davem; +Cc: alexei.starovoitov, xiakaixu, netdev, Daniel Borkmann
In bpf_perf_event_read() and bpf_perf_event_output(), we must use
READ_ONCE() for fetching the struct file pointer, which could get
updated concurrently, so we must prevent the compiler from potential
refetching.
We already do this with tail calls for fetching the related bpf_prog,
but not so on stored perf events. Semantics for both are the same
with regards to updates.
Fixes: a43eec304259 ("bpf: introduce bpf_perf_event_output() helper")
Fixes: 35578d798400 ("bpf: Implement function bpf_perf_event_read() that get the selected hardware PMU conuter")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
---
kernel/trace/bpf_trace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 780bcbe..720b7bb 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -198,7 +198,7 @@ static u64 bpf_perf_event_read(u64 r1, u64 index, u64 r3, u64 r4, u64 r5)
if (unlikely(index >= array->map.max_entries))
return -E2BIG;
- file = (struct file *)array->ptrs[index];
+ file = READ_ONCE(array->ptrs[index]);
if (unlikely(!file))
return -ENOENT;
@@ -247,7 +247,7 @@ static u64 bpf_perf_event_output(u64 r1, u64 r2, u64 flags, u64 r4, u64 size)
if (unlikely(index >= array->map.max_entries))
return -E2BIG;
- file = (struct file *)array->ptrs[index];
+ file = READ_ONCE(array->ptrs[index]);
if (unlikely(!file))
return -ENOENT;
--
1.9.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net] bpf, trace: use READ_ONCE for retrieving file ptr
2016-06-04 18:50 [PATCH net] bpf, trace: use READ_ONCE for retrieving file ptr Daniel Borkmann
@ 2016-06-07 21:48 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2016-06-07 21:48 UTC (permalink / raw)
To: daniel; +Cc: alexei.starovoitov, xiakaixu, netdev
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Sat, 4 Jun 2016 20:50:59 +0200
> In bpf_perf_event_read() and bpf_perf_event_output(), we must use
> READ_ONCE() for fetching the struct file pointer, which could get
> updated concurrently, so we must prevent the compiler from potential
> refetching.
>
> We already do this with tail calls for fetching the related bpf_prog,
> but not so on stored perf events. Semantics for both are the same
> with regards to updates.
>
> Fixes: a43eec304259 ("bpf: introduce bpf_perf_event_output() helper")
> Fixes: 35578d798400 ("bpf: Implement function bpf_perf_event_read() that get the selected hardware PMU conuter")
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Acked-by: Alexei Starovoitov <ast@kernel.org>
Applied and queued up for -stable, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-06-07 21:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-04 18:50 [PATCH net] bpf, trace: use READ_ONCE for retrieving file ptr Daniel Borkmann
2016-06-07 21:48 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.