linux/kernel/bpf
Florent Revest e2d5b2bb76 bpf: Fix nested bpf_bprintf_prepare with more per-cpu buffers
The bpf_seq_printf, bpf_trace_printk and bpf_snprintf helpers share one
per-cpu buffer that they use to store temporary data (arguments to
bprintf). They "get" that buffer with try_get_fmt_tmp_buf and "put" it
by the end of their scope with bpf_bprintf_cleanup.

If one of these helpers gets called within the scope of one of these
helpers, for example: a first bpf program gets called, uses
bpf_trace_printk which calls raw_spin_lock_irqsave which is traced by
another bpf program that calls bpf_snprintf, then the second "get"
fails. Essentially, these helpers are not re-entrant. They would return
-EBUSY and print a warning message once.

This patch triples the number of bprintf buffers to allow three levels
of nesting. This is very similar to what was done for tracepoints in
"9594dc3c7e7 bpf: fix nested bpf tracepoints with per-cpu data"

Fixes: d9c9e4db18 ("bpf: Factorize bpf_trace_printk and bpf_seq_printf")
Reported-by: syzbot+63122d0bc347f18c1884@syzkaller.appspotmail.com
Signed-off-by: Florent Revest <revest@chromium.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20210511081054.2125874-1-revest@chromium.org
2021-05-11 14:02:33 -07:00
..
preload bpf: Fix umd memory leak in copy_process() 2021-03-19 22:23:19 +01:00
arraymap.c bpf: Add batched ops support for percpu array 2021-04-28 01:17:45 +02:00
bpf_inode_storage.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-03-25 15:31:22 -07:00
bpf_iter.c bpf: Add bpf_for_each_map_elem() helper 2021-02-26 13:23:52 -08:00
bpf_local_storage.c bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete] 2021-02-26 11:51:48 -08:00
bpf_lru_list.c bpf_lru_list: Read double-checked variable once without lock 2021-02-10 15:54:26 -08:00
bpf_lru_list.h bpf: Fix a typo "inacitve" -> "inactive" 2020-04-06 21:54:10 +02:00
bpf_lsm.c Networking changes for 5.13. 2021-04-29 11:57:23 -07:00
bpf_struct_ops_types.h bpf: tcp: Support tcp_congestion_ops in bpf 2020-01-09 08:46:18 -08:00
bpf_struct_ops.c bpf: Fix fexit trampoline. 2021-03-18 00:22:51 +01:00
bpf_task_storage.c bpf: Make symbol 'bpf_task_storage_busy' static 2021-03-16 12:24:20 -07:00
btf.c bpf: Forbid trampoline attach for functions with variable arguments 2021-05-07 01:28:28 +02:00
cgroup.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-02-16 13:14:06 -08:00
core.c bpf: Remove unused parameter from ___bpf_prog_run 2021-04-03 01:38:52 +02:00
cpumap.c bpf, cpumap: Bulk skb using netif_receive_skb_list 2021-04-27 17:13:49 +02:00
devmap.c bpf, devmap: Move drop error path to devmap for XDP_REDIRECT 2021-03-18 16:38:51 +01:00
disasm.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-04-09 20:48:35 -07:00
disasm.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
dispatcher.c bpf: Remove bpf_image tree 2020-03-13 12:49:52 -07:00
hashtab.c kernel/bpf/: Fix misspellings using codespell tool 2021-03-16 12:22:20 -07:00
helpers.c bpf: Fix nested bpf_bprintf_prepare with more per-cpu buffers 2021-05-11 14:02:33 -07:00
inode.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-04-25 18:02:32 -07:00
Kconfig bpf: Add kconfig knob for disabling unpriv bpf by default 2021-05-11 13:56:16 -07:00
local_storage.c bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper 2021-03-25 18:31:36 -07:00
lpm_trie.c bpf: Add support for batched ops in LPM trie maps 2021-03-25 18:51:08 -07:00
Makefile bpf: Enable task local storage for tracing programs 2021-02-26 11:51:47 -08:00
map_in_map.c bpf: Relax max_entries check for most of the inner map types 2020-08-28 15:41:30 +02:00
map_in_map.h bpf: Add map_meta_equal map ops 2020-08-28 15:41:30 +02:00
map_iter.c bpf: Implement link_query callbacks in map element iterators 2020-08-21 14:01:39 -07:00
net_namespace.c bpf: Add support for forced LINK_DETACH command 2020-08-01 20:38:28 -07:00
offload.c bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill 2020-02-17 16:53:49 +01:00
percpu_freelist.c bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI 2020-10-06 00:04:11 +02:00
percpu_freelist.h bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI 2020-10-06 00:04:11 +02:00
prog_iter.c bpf: Refactor bpf_iter_reg to have separate seq_info member 2020-07-25 20:16:32 -07:00
queue_stack_maps.c bpf: Eliminate rlimit-based memory accounting for queue_stack_maps maps 2020-12-02 18:32:46 -08:00
reuseport_array.c bpf: Eliminate rlimit-based memory accounting for reuseport_array maps 2020-12-02 18:32:47 -08:00
ringbuf.c bpf: Prevent writable memory-mapping of read-only ringbuf pages 2021-05-11 13:31:10 +02:00
stackmap.c bpf: Refcount task stack in bpf_get_task_stack 2021-04-01 13:58:07 -07:00
syscall.c bpf: Add kconfig knob for disabling unpriv bpf by default 2021-05-11 13:56:16 -07:00
sysfs_btf.c bpf: Load and verify kernel module BTFs 2020-11-10 15:25:53 -08:00
task_iter.c bpf: Introduce task_vma bpf_iter 2021-02-12 12:56:53 -08:00
tnum.c bpf: Verifier, do explicit ALU32 bounds tracking 2020-03-30 14:59:53 -07:00
trampoline.c bpf: Allow trampoline re-attach for tracing and lsm programs 2021-04-25 21:09:01 -07:00
verifier.c bpf: Add deny list of btf ids check for tracing programs 2021-05-11 14:00:53 -07:00