• Daniel Borkmann's avatar
    bpf: fix corruption on concurrent perf_event_output calls · 283ca526
    Daniel Borkmann authored
    When tracing and networking programs are both attached in the
    system and both use event-output helpers that eventually call
    into perf_event_output(), then we could end up in a situation
    where the tracing attached program runs in user context while
    a cls_bpf program is triggered on that same CPU out of softirq
    context.
    
    Since both rely on the same per-cpu perf_sample_data, we could
    potentially corrupt it. This can only ever happen in a combination
    of the two types; all tracing programs use a bpf_prog_active
    counter to bail out in case a program is already running on
    that CPU out of a different context. XDP and cls_bpf programs
    by themselves don't have this issue as they run in the same
    context only. Therefore, split both perf_sample_data so they
    cannot be accessed from each other.
    
    Fixes: 20b9d7ac ("bpf: avoid excessive stack usage for perf_sample_data")
    Reported-by: default avatarAlexei Starovoitov <ast@fb.com>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Tested-by: default avatarSong Liu <songliubraving@fb.com>
    Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    283ca526
bpf_trace.c 21.8 KB