From: Daniel Borkmann <daniel@iogearbox•net>
To: Dmitry Vyukov <dvyukov@google•com>,
Alexei Starovoitov <ast@kernel•org>,
netdev <netdev@vger•kernel.org>
Cc: LKML <linux-kernel@vger•kernel.org>,
syzkaller <syzkaller@googlegroups•com>
Subject: Re: bpf: kernel BUG in htab_elem_free
Date: Thu, 03 Nov 2016 17:36:06 +0100 [thread overview]
Message-ID: <581B6776.3060908@iogearbox.net> (raw)
In-Reply-To: <CACT4Y+a2W++HSgMXqFSqNDuexudHf0buZqtt7pBHrAKz57pFeQ@mail.gmail.com>
On 11/03/2016 03:15 PM, Dmitry Vyukov wrote:
> On Wed, Nov 2, 2016 at 11:14 PM, Dmitry Vyukov <dvyukov@google•com> wrote:
>> Here we go.
>>
>> The following program triggers kernel BUG in htab_elem_free.
>> On commit 0c183d92b20b5c84ca655b45ef57b3318b83eb9e (Oct 31).
>> Run as "while true; do ./a.out; done".
This one fixes it for me. Could you check it from your side as well?
I'll submit an official fix then.
Thanks a lot for the catch!
Daniel
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 570eeca..ad1bc67 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -687,7 +687,8 @@ static void delete_all_elements(struct bpf_htab *htab)
hlist_for_each_entry_safe(l, n, head, hash_node) {
hlist_del_rcu(&l->hash_node);
- htab_elem_free(htab, l);
+ if (l->state != HTAB_EXTRA_ELEM_USED)
+ htab_elem_free(htab, l);
}
}
}
next prev parent reply other threads:[~2016-11-03 16:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-03 5:14 bpf: kernel BUG in htab_elem_free Dmitry Vyukov
2016-11-03 14:15 ` Dmitry Vyukov
2016-11-03 16:36 ` Daniel Borkmann [this message]
2016-11-04 0:43 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=581B6776.3060908@iogearbox.net \
--to=daniel@iogearbox$(echo .)net \
--cc=ast@kernel$(echo .)org \
--cc=dvyukov@google$(echo .)com \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=netdev@vger$(echo .)kernel.org \
--cc=syzkaller@googlegroups$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox