bpf: sockhash, disallow bpf_tcp_close and update in parallel
authorJohn Fastabend <john.fastabend@gmail.com>
Thu, 5 Jul 2018 15:50:04 +0000 (08:50 -0700)
committerAlexei Starovoitov <ast@kernel.org>
Sat, 7 Jul 2018 22:19:30 +0000 (15:19 -0700)
commit99ba2b5aba24e022683a7db63204f9e306fe7ab9
treee174736f65a9dd001a67e2f007f93b5fd6265992
parent0c6bc6e531a6db36f49622f1f115770160f7afb0
bpf: sockhash, disallow bpf_tcp_close and update in parallel

After latest lock updates there is no longer anything preventing a
close and recvmsg call running in parallel. Additionally, we can
race update with close if we close a socket and simultaneously update
if via the BPF userspace API (note the cgroup ops are already run
with sock_lock held).

To resolve this take sock_lock in close and update paths.

Reported-by: syzbot+b680e42077a0d7c9a0c4@syzkaller.appspotmail.com
Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_close")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
kernel/bpf/sockmap.c
kernel/bpf/syscall.c