bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers

stable inclusion from stable-v5.10.168 commit 1b1f56cc0eaa104a8e0b8207a45dbe71687b5015 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7URR4 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1b1f56cc0eaa104a8e0b8207a45dbe71687b5015 ---------------------------------------------------- [ Upstream commit bdb7fdb0 ] In current bpf_send_signal() and bpf_send_signal_thread() helper implementation, irq_work is used to handle nmi context. Hao Sun reported in [1] that the current task at the entry of the helper might be gone during irq_work callback processing. To fix the issue, a reference is acquired for the current task before enqueuing into the irq_work so that the queued task is still available during irq_work callback processing. [1] https://lore.kernel.org/bpf/20230109074425.12556-1-sunhao.th@gmail.com/ Fixes: 8b401f9e ("bpf: implement bpf_send_signal() helper") Tested-by: N Hao Sun <sunhao.th@gmail.com> Reported-by: N Hao Sun <sunhao.th@gmail.com> Signed-off-by: N Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/r/20230118204815.3331855-1-yhs@fb.comSigned-off-by: N Alexei Starovoitov <ast@kernel.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N zhaoxiaoqiang11 <zhaoxiaoqiang11@jd.com>

bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
stable inclusion from stable-v5.10.168 commit 1b1f56cc0eaa104a8e0b8207a45dbe71687b5015 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7URR4 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1b1f56cc0eaa104a8e0b8207a45dbe71687b5015 ---------------------------------------------------- [ Upstream commit bdb7fdb0 ] In current bpf_send_signal() and bpf_send_signal_thread() helper implementation, irq_work is used to handle nmi context. Hao Sun reported in [1] that the current task at the entry of the helper might be gone during irq_work callback processing. To fix the issue, a reference is acquired for the current task before enqueuing into the irq_work so that the queued task is still available during irq_work callback processing. [1] https://lore.kernel.org/bpf/20230109074425.12556-1-sunhao.th@gmail.com/ Fixes: 8b401f9e ("bpf: implement bpf_send_signal() helper") Tested-by: N Hao Sun <sunhao.th@gmail.com> Reported-by: N Hao Sun <sunhao.th@gmail.com> Signed-off-by: N Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/r/20230118204815.3331855-1-yhs@fb.comSigned-off-by: N Alexei Starovoitov <ast@kernel.org> Signed-off-by: N Sasha Levin <sashal@kernel.org> Signed-off-by: N zhaoxiaoqiang11 <zhaoxiaoqiang11@jd.com>
d3b5c638 · Yonghong Song · zhaoxiaoqiang11 · cb892b45 · d3b5c638
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

kernel/trace/bpf_trace.c kernel/trace/bpf_trace.c +2 -1

未找到文件。
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -1055,6 +1055,7 @@ static void do_bpf_send_signal(struct irq_work *entry)
 	work = container_of(entry, struct send_signal_irq_work, irq_work);
 	group_send_sig_info(work->sig, SEND_SIG_PRIV, work->task, work->type);
+	put_task_struct(work->task);
 }
 static int bpf_send_signal_common(u32 sig, enum pid_type type)
@@ -1091,7 +1092,7 @@ static int bpf_send_signal_common(u32 sig, enum pid_type type)
 		 * to the irq_work. The current task may change when queued
 		 * irq works get executed.
 		 */
-		work->task = current;
+		work->task = get_task_struct(current);
 		work->sig = sig;
 		work->type = type;
 		irq_work_queue(&work->irq_work);