projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 26020be)
UPSTREAM: bpf: fix rcu annotations in compute_effective_progs()
authorRoman Gushchin <guro@fb.com>
Fri, 13 Jul 2018 19:41:11 +0000 (12:41 -0700)
committerCosmin Tanislav <demonsingur@gmail.com>
Thu, 16 May 2024 07:58:26 +0000 (10:58 +0300)
The progs local variable in compute_effective_progs() is marked
as __rcu, which is not correct. This is a local pointer, which
is initialized by bpf_prog_array_alloc(), which also now
returns a generic non-rcu pointer.

The real rcu-protected pointer is *array (array is a pointer
to an RCU-protected pointer), so the assignment should be performed
using rcu_assign_pointer().

Bug: 254441685
Fixes: 324bda9e6c5a ("bpf: multi program support for cgroup+bpf")
Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
(cherry picked from commit 3960f4fd6585608e8cc285d9665821985494e147)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ia76011cab50355b3342e322e05ec77d0229e9e08

kernel/bpf/cgroup.c patch | blob | blame | history

diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 6b7500bbdb5378315fa116b9a5c96575e5226c42..3a7964a703aa2600c499bd658d13be68c623f47c 100644 (file)
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -95,7 +95,7 @@ static int compute_effective_progs(struct cgroup *cgrp,
                                   enum bpf_attach_type type,
                                   struct bpf_prog_array __rcu **array)
 {
-       struct bpf_prog_array __rcu *progs;
+       struct bpf_prog_array *progs;
        struct bpf_prog_list *pl;
        struct cgroup *p = cgrp;
        int cnt = 0;
@@ -120,13 +120,12 @@ static int compute_effective_progs(struct cgroup *cgrp,
                                            &p->bpf.progs[type], node) {
                                if (!pl->prog)
                                        continue;
-                               rcu_dereference_protected(progs, 1)->
-                                       progs[cnt++] = pl->prog;
+                               progs->progs[cnt++] = pl->prog;
                        }
                p = cgroup_parent(p);
        } while (p);
 
-       *array = progs;
+       rcu_assign_pointer(*array, progs);
        return 0;
 }