On 5/22/23 9:12 AM, Anton Protopopov wrote:
On Mon, May 22, 2023 at 03:45:58PM +0000, Anton Protopopov wrote:
The LRU and LRU_PERCPU maps allocate a new element on update before locking the
target hash table bucket. Right after that the maps try to lock the bucket.
If this fails, then maps return -EBUSY to the caller without releasing the
allocated element. This makes the element untracked: it doesn't belong to
either of free lists, and it doesn't belong to the hash table, so can't be
re-used; this eventually leads to the permanent -ENOMEM on LRU map updates,
which is unexpected.
Ouch. This is very bad. :(
Excellent catch. Applied.
I am thinking if a test could be written but it does not seem like anything
after htab_lock_bucket() is traceable. Not sure if Song may have good idea?
Fix this by returning the element to the local free list if bucket locking fails.
Fixes: 20b6cc34ea74 ("bpf: Avoid hashtab deadlock with map_locked")
