Re: [PATCH net v5 2/2] net: refactor bpf_sk_reuseport_detach()

Martin KaFai Lau <kafai@xxxxxx> · Mon, 15 Aug 2022 11:24:27 -0700

On Fri, Aug 05, 2022 at 03:48:36PM +0800, Hawkins Jiawei wrote:
> Refactor sk_user_data dereference using more generic function
> __rcu_dereference_sk_user_data_with_flags(), which improve its
> maintainability
> 
> Suggested-by: Jakub Kicinski <kuba@xxxxxxxxxx>
> Signed-off-by: Hawkins Jiawei <yin31149@xxxxxxxxx>
> ---
>  kernel/bpf/reuseport_array.c | 9 +++------
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/kernel/bpf/reuseport_array.c b/kernel/bpf/reuseport_array.c
> index e2618fb5870e..85fa9dbfa8bf 100644
> --- a/kernel/bpf/reuseport_array.c
> +++ b/kernel/bpf/reuseport_array.c
> @@ -21,14 +21,11 @@ static struct reuseport_array *reuseport_array(struct bpf_map *map)
>  /* The caller must hold the reuseport_lock */
>  void bpf_sk_reuseport_detach(struct sock *sk)
>  {
> -	uintptr_t sk_user_data;
> +	struct sock __rcu **socks;
>  
>  	write_lock_bh(&sk->sk_callback_lock);
> -	sk_user_data = (uintptr_t)sk->sk_user_data;
> -	if (sk_user_data & SK_USER_DATA_BPF) {
> -		struct sock __rcu **socks;
> -
> -		socks = (void *)(sk_user_data & SK_USER_DATA_PTRMASK);
> +	socks = __rcu_dereference_sk_user_data_with_flags(sk, SK_USER_DATA_BPF);
syzbot reports 'suspicious rcu_dereference_check() usage':
https://lore.kernel.org/netdev/0000000000007902fc05e6458697@xxxxxxxxxx/

rcu_read_lock() does not need to be held here.
One option is to use rcu_access_pointer.
Another option is to use rcu_dereference_check() and pass the
lockdep_is_held(&sk->sk_callback_lock) from here.

> +	if (socks) {
>  		WRITE_ONCE(sk->sk_user_data, NULL);
>  		/*
>  		 * Do not move this NULL assignment outside of
> -- 
> 2.25.1
> 