From: Hou Tao <houtao1@xxxxxxxxxx>
Hi,
The patchset aims to fix the kmemleak problem reported by Hsin-Wei Hung
[0]. Patch #1 fixes the kmemleak problem by re-checking map->usercnt
after timer->timer is assigned. Patch #2 adds a selftest for the
kmemleak problem. But it is a bit hard to reproduce the kmemleak by
only running the test and I managed to reproduce the problem by both
running the test and injecting delay before timer->timer is assigned in
bpf_timer_init().
Please see individual patches for more details. And comments are always
welcome.
Change Log:
v2:
* patch #1: use smp_mb() instead of smp_mb__before_atomic()
* patch #2: use WRITE_ONCE(timer->timer, x) to match the lockless read
of timer->timer
v1: https://lore.kernel.org/bpf/20231017125717.241101-1-houtao@xxxxxxxxxxxxxxx
Hou Tao (2):
bpf: Check map->usercnt again after timer->timer is assigned
selftests/bpf: Test race between map uref release and bpf timer init
kernel/bpf/helpers.c | 18 ++-
.../bpf/prog_tests/timer_init_race.c | 138 ++++++++++++++++++
.../selftests/bpf/progs/timer_init_race.c | 56 +++++++
3 files changed, 209 insertions(+), 3 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/timer_init_race.c
create mode 100644 tools/testing/selftests/bpf/progs/timer_init_race.c
--
2.29.2
