From: Hou Tao <houtao1@xxxxxxxxxx>
Hi,
The patchset tries to fix the hard-up problem found when checking how htab
handles element reuse in bpf memory allocator. The immediate reuse of
freed elements will reinitialize special fields (e.g., bpf_spin_lock) in
htab map value and it may corrupt lookup procedure with BFP_F_LOCK flag
which acquires bpf-spin-lock during value copying, and lead to hard-lock
as shown in patch #2. Patch #1 fixes it by using __GFP_ZERO when allocating
the object from slab and the behavior is similar with the preallocated
hash-table case. Please see individual patches for more details. And comments
are always welcome.
Regards,
Change Log:
v1:
* Use __GFP_ZERO instead of ctor to avoid retpoline overhead (from Alexei)
* Add comments for check_and_init_map_value() (from Alexei)
* split __GFP_ZERO patches out of the original patchset to unblock
the development work of others.
RFC: https://lore.kernel.org/bpf/20221230041151.1231169-1-houtao@xxxxxxxxxxxxxxx
Hou Tao (2):
bpf: Zeroing allocated object from slab in bpf memory allocator
selftests/bpf: Add test case for element reuse in htab map
include/linux/bpf.h | 7 ++
kernel/bpf/hashtab.c | 4 +-
kernel/bpf/memalloc.c | 2 +-
.../selftests/bpf/prog_tests/htab_reuse.c | 101 ++++++++++++++++++
.../testing/selftests/bpf/progs/htab_reuse.c | 19 ++++
5 files changed, 130 insertions(+), 3 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/htab_reuse.c
create mode 100644 tools/testing/selftests/bpf/progs/htab_reuse.c
--
2.29.2
