Re: [PATCH] bpf: Use refcount_t instead of atomic_t for mmap_count

Pei Xiao <xiaopei01@xxxxxxxxxx> · Tue, 31 Dec 2024 11:00:26 +0800



在 2024/12/31 00:40, Jiri Olsa 写道:
> On Mon, Dec 30, 2024 at 03:16:55PM +0800, Pei Xiao wrote:
>> Use an API that resembles more the actual use of mmap_count.
> 
> I'm not sure I understand the issue, could you provide more details?
> 
hi,
refcount_t type which allows us to catch overflow and underflow issues.

thanks!
Pei.
> thanks,
> jirka
> 
>>
>> Found by cocci:
>> kernel/bpf/arena.c:245:6-25: WARNING: atomic_dec_and_test variation before object free at line 249.
>>
>> Fixes: b90d77e5fd78 ("bpf: Fix remap of arena.")
>> Reported-by: kernel test robot <lkp@xxxxxxxxx>
>> Closes: https://lore.kernel.org/oe-kbuild-all/202412292037.LXlYSHKl-lkp@xxxxxxxxx/
>> Signed-off-by: Pei Xiao <xiaopei01@xxxxxxxxxx>
>> ---
>>  kernel/bpf/arena.c | 8 ++++----
>>  1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/kernel/bpf/arena.c b/kernel/bpf/arena.c
>> index 945a5680f6a5..8caf56a308d9 100644
>> --- a/kernel/bpf/arena.c
>> +++ b/kernel/bpf/arena.c
>> @@ -218,7 +218,7 @@ static u64 arena_map_mem_usage(const struct bpf_map *map)
>>  struct vma_list {
>>  	struct vm_area_struct *vma;
>>  	struct list_head head;
>> -	atomic_t mmap_count;
>> +	refcount_t mmap_count;
>>  };
>>  
>>  static int remember_vma(struct bpf_arena *arena, struct vm_area_struct *vma)
>> @@ -228,7 +228,7 @@ static int remember_vma(struct bpf_arena *arena, struct vm_area_struct *vma)
>>  	vml = kmalloc(sizeof(*vml), GFP_KERNEL);
>>  	if (!vml)
>>  		return -ENOMEM;
>> -	atomic_set(&vml->mmap_count, 1);
>> +	refcount_set(&vml->mmap_count, 1);
>>  	vma->vm_private_data = vml;
>>  	vml->vma = vma;
>>  	list_add(&vml->head, &arena->vma_list);
>> @@ -239,7 +239,7 @@ static void arena_vm_open(struct vm_area_struct *vma)
>>  {
>>  	struct vma_list *vml = vma->vm_private_data;
>>  
>> -	atomic_inc(&vml->mmap_count);
>> +	refcount_inc(&vml->mmap_count);
>>  }
>>  
>>  static void arena_vm_close(struct vm_area_struct *vma)
>> @@ -248,7 +248,7 @@ static void arena_vm_close(struct vm_area_struct *vma)
>>  	struct bpf_arena *arena = container_of(map, struct bpf_arena, map);
>>  	struct vma_list *vml = vma->vm_private_data;
>>  
>> -	if (!atomic_dec_and_test(&vml->mmap_count))
>> +	if (!refcount_dec_and_test(&vml->mmap_count))
>>  		return;
>>  	guard(mutex)(&arena->lock);
>>  	/* update link list under lock */
>> -- 
>> 2.25.1
>>
>>