<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/arch/arm/net, branch linux-3.16.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>net: filter: make JITs zero A for SKF_AD_ALU_XOR_X</title>
<updated>2016-01-25T10:44:05+00:00</updated>
<author>
<name>Rabin Vincent</name>
<email>rabin@rab.in</email>
</author>
<published>2016-01-05T15:23:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fd610413a761a46476a0f207168aa0d9cc39d440'/>
<id>fd610413a761a46476a0f207168aa0d9cc39d440</id>
<content type='text'>
commit 55795ef5469290f89f04e12e662ded604909e462 upstream.

The SKF_AD_ALU_XOR_X ancillary is not like the other ancillary data
instructions since it XORs A with X while all the others replace A with
some loaded value.  All the BPF JITs fail to clear A if this is used as
the first instruction in a filter.  This was found using american fuzzy
lop.

Add a helper to determine if A needs to be cleared given the first
instruction in a filter, and use this in the JITs.  Except for ARM, the
rest have only been compile-tested.

Fixes: 3480593131e0 ("net: filter: get rid of BPF_S_* enum")
Signed-off-by: Rabin Vincent &lt;rabin@rab.in&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Acked-by: Alexei Starovoitov &lt;ast@kernel.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 55795ef5469290f89f04e12e662ded604909e462 upstream.

The SKF_AD_ALU_XOR_X ancillary is not like the other ancillary data
instructions since it XORs A with X while all the others replace A with
some loaded value.  All the BPF JITs fail to clear A if this is used as
the first instruction in a filter.  This was found using american fuzzy
lop.

Add a helper to determine if A needs to be cleared given the first
instruction in a filter, and use this in the JITs.  Except for ARM, the
rest have only been compile-tested.

Fixes: 3480593131e0 ("net: filter: get rid of BPF_S_* enum")
Signed-off-by: Rabin Vincent &lt;rabin@rab.in&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Acked-by: Alexei Starovoitov &lt;ast@kernel.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ARM: net fix emit_udiv() for BPF_ALU | BPF_DIV | BPF_K intruction.</title>
<updated>2015-05-28T09:00:01+00:00</updated>
<author>
<name>Nicolas Schichan</name>
<email>nschichan@freebox.fr</email>
</author>
<published>2015-05-06T16:31:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7e2fcba09ca9cceb546ada84ea794768842fffa4'/>
<id>7e2fcba09ca9cceb546ada84ea794768842fffa4</id>
<content type='text'>
commit 19fc99d0c6ba7d9b65456496b5bb2169d5f74cd0 upstream.

In that case, emit_udiv() will be called with rn == ARM_R0 (r_scratch)
and loading rm first into ARM_R0 will result in jit_udiv() function
being called the same dividend and divisor. Fix that by loading rn
first into ARM_R1 and then rm into ARM_R0.

Signed-off-by: Nicolas Schichan &lt;nschichan@freebox.fr&gt;
Fixes: aee636c4809f (bpf: do not use reciprocal divide)
Acked-by: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 19fc99d0c6ba7d9b65456496b5bb2169d5f74cd0 upstream.

In that case, emit_udiv() will be called with rn == ARM_R0 (r_scratch)
and loading rm first into ARM_R0 will result in jit_udiv() function
being called the same dividend and divisor. Fix that by loading rn
first into ARM_R1 and then rm into ARM_R0.

Signed-off-by: Nicolas Schichan &lt;nschichan@freebox.fr&gt;
Fixes: aee636c4809f (bpf: do not use reciprocal divide)
Acked-by: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: filter: get rid of BPF_S_* enum</title>
<updated>2014-06-02T05:16:58+00:00</updated>
<author>
<name>Daniel Borkmann</name>
<email>dborkman@redhat.com</email>
</author>
<published>2014-05-29T08:22:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3480593131e0b781287dae0139bf7ccee7cba7ff'/>
<id>3480593131e0b781287dae0139bf7ccee7cba7ff</id>
<content type='text'>
This patch finally allows us to get rid of the BPF_S_* enum.
Currently, the code performs unnecessary encode and decode
workarounds in seccomp and filter migration itself when a filter
is being attached in order to overcome BPF_S_* encoding which
is not used anymore by the new interpreter resp. JIT compilers.

Keeping it around would mean that also in future we would need
to extend and maintain this enum and related encoders/decoders.
We can get rid of all that and save us these operations during
filter attaching. Naturally, also JIT compilers need to be updated
by this.

Before JIT conversion is being done, each compiler checks if A
is being loaded at startup to obtain information if it needs to
emit instructions to clear A first. Since BPF extensions are a
subset of BPF_LD | BPF_{W,H,B} | BPF_ABS variants, case statements
for extensions can be removed at that point. To ease and minimalize
code changes in the classic JITs, we have introduced bpf_anc_helper().

Tested with test_bpf on x86_64 (JIT, int), s390x (JIT, int),
arm (JIT, int), i368 (int), ppc64 (JIT, int); for sparc we
unfortunately didn't have access, but changes are analogous to
the rest.

Joint work with Alexei Starovoitov.

Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Signed-off-by: Alexei Starovoitov &lt;ast@plumgrid.com&gt;
Cc: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Acked-by: Chema Gonzalez &lt;chemag@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch finally allows us to get rid of the BPF_S_* enum.
Currently, the code performs unnecessary encode and decode
workarounds in seccomp and filter migration itself when a filter
is being attached in order to overcome BPF_S_* encoding which
is not used anymore by the new interpreter resp. JIT compilers.

Keeping it around would mean that also in future we would need
to extend and maintain this enum and related encoders/decoders.
We can get rid of all that and save us these operations during
filter attaching. Naturally, also JIT compilers need to be updated
by this.

Before JIT conversion is being done, each compiler checks if A
is being loaded at startup to obtain information if it needs to
emit instructions to clear A first. Since BPF extensions are a
subset of BPF_LD | BPF_{W,H,B} | BPF_ABS variants, case statements
for extensions can be removed at that point. To ease and minimalize
code changes in the classic JITs, we have introduced bpf_anc_helper().

Tested with test_bpf on x86_64 (JIT, int), s390x (JIT, int),
arm (JIT, int), i368 (int), ppc64 (JIT, int); for sparc we
unfortunately didn't have access, but changes are analogous to
the rest.

Joint work with Alexei Starovoitov.

Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Signed-off-by: Alexei Starovoitov &lt;ast@plumgrid.com&gt;
Cc: Benjamin Herrenschmidt &lt;benh@kernel.crashing.org&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Cc: Kees Cook &lt;keescook@chromium.org&gt;
Acked-by: Chema Gonzalez &lt;chemag@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: filter: add jited flag to indicate jit compiled filters</title>
<updated>2014-03-31T04:45:08+00:00</updated>
<author>
<name>Daniel Borkmann</name>
<email>dborkman@redhat.com</email>
</author>
<published>2014-03-28T17:58:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f8bbbfc3b97f4c7a6c7c23185e520b22bfc3a21d'/>
<id>f8bbbfc3b97f4c7a6c7c23185e520b22bfc3a21d</id>
<content type='text'>
This patch adds a jited flag into sk_filter struct in order to indicate
whether a filter is currently jited or not. The size of sk_filter is
not being expanded as the 32 bit 'len' member allows upper bits to be
reused since a filter can currently only grow as large as BPF_MAXINSNS.

Therefore, there's enough room also for other in future needed flags to
reuse 'len' field if necessary. The jited flag also allows for having
alternative interpreter functions running as currently, we can only
detect jit compiled filters by testing fp-&gt;bpf_func to not equal the
address of sk_run_filter().

Joint work with Alexei Starovoitov.

Signed-off-by: Alexei Starovoitov &lt;ast@plumgrid.com&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Cc: Pablo Neira Ayuso &lt;pablo@netfilter.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch adds a jited flag into sk_filter struct in order to indicate
whether a filter is currently jited or not. The size of sk_filter is
not being expanded as the 32 bit 'len' member allows upper bits to be
reused since a filter can currently only grow as large as BPF_MAXINSNS.

Therefore, there's enough room also for other in future needed flags to
reuse 'len' field if necessary. The jited flag also allows for having
alternative interpreter functions running as currently, we can only
detect jit compiled filters by testing fp-&gt;bpf_func to not equal the
address of sk_run_filter().

Joint work with Alexei Starovoitov.

Signed-off-by: Alexei Starovoitov &lt;ast@plumgrid.com&gt;
Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Cc: Pablo Neira Ayuso &lt;pablo@netfilter.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Rename skb-&gt;rxhash to skb-&gt;hash</title>
<updated>2014-03-26T19:58:20+00:00</updated>
<author>
<name>Tom Herbert</name>
<email>therbert@google.com</email>
</author>
<published>2014-03-24T22:34:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=61b905da33ae25edb6b9d2a5de21e34c3a77efe3'/>
<id>61b905da33ae25edb6b9d2a5de21e34c3a77efe3</id>
<content type='text'>
The packet hash can be considered a property of the packet, not just
on RX path.

This patch changes name of rxhash and l4_rxhash skbuff fields to be
hash and l4_hash respectively. This includes changing uses of the
field in the code which don't call the access functions.

Signed-off-by: Tom Herbert &lt;therbert@google.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Mahesh Bandewar &lt;maheshb@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The packet hash can be considered a property of the packet, not just
on RX path.

This patch changes name of rxhash and l4_rxhash skbuff fields to be
hash and l4_hash respectively. This includes changing uses of the
field in the code which don't call the access functions.

Signed-off-by: Tom Herbert &lt;therbert@google.com&gt;
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Mahesh Bandewar &lt;maheshb@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bpf: do not use reciprocal divide</title>
<updated>2014-01-16T01:02:08+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2014-01-15T14:50:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=aee636c4809fa54848ff07a899b326eb1f9987a2'/>
<id>aee636c4809fa54848ff07a899b326eb1f9987a2</id>
<content type='text'>
At first Jakub Zawadzki noticed that some divisions by reciprocal_divide
were not correct. (off by one in some cases)
http://www.wireshark.org/~darkjames/reciprocal-buggy.c

He could also show this with BPF:
http://www.wireshark.org/~darkjames/set-and-dump-filter-k-bug.c

The reciprocal divide in linux kernel is not generic enough,
lets remove its use in BPF, as it is not worth the pain with
current cpus.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Jakub Zawadzki &lt;darkjames-ws@darkjames.pl&gt;
Cc: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Cc: Daniel Borkmann &lt;dxchgb@gmail.com&gt;
Cc: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Cc: Matt Evans &lt;matt@ozlabs.org&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Heiko Carstens &lt;heiko.carstens@de.ibm.com&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
At first Jakub Zawadzki noticed that some divisions by reciprocal_divide
were not correct. (off by one in some cases)
http://www.wireshark.org/~darkjames/reciprocal-buggy.c

He could also show this with BPF:
http://www.wireshark.org/~darkjames/set-and-dump-filter-k-bug.c

The reciprocal divide in linux kernel is not generic enough,
lets remove its use in BPF, as it is not worth the pain with
current cpus.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Jakub Zawadzki &lt;darkjames-ws@darkjames.pl&gt;
Cc: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Cc: Daniel Borkmann &lt;dxchgb@gmail.com&gt;
Cc: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Cc: Matt Evans &lt;matt@ozlabs.org&gt;
Cc: Martin Schwidefsky &lt;schwidefsky@de.ibm.com&gt;
Cc: Heiko Carstens &lt;heiko.carstens@de.ibm.com&gt;
Cc: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'devel-stable' into for-next</title>
<updated>2013-11-12T10:58:59+00:00</updated>
<author>
<name>Russell King</name>
<email>rmk+kernel@arm.linux.org.uk</email>
</author>
<published>2013-11-12T10:58:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=df762eccbadf87850fbee444d729e0f1b1e946f1'/>
<id>df762eccbadf87850fbee444d729e0f1b1e946f1</id>
<content type='text'>
Conflicts:
	arch/arm/include/asm/atomic.h
	arch/arm/include/asm/hardirq.h
	arch/arm/kernel/smp.c
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Conflicts:
	arch/arm/include/asm/atomic.h
	arch/arm/include/asm/hardirq.h
	arch/arm/kernel/smp.c
</pre>
</div>
</content>
</entry>
<entry>
<title>ARM: net: fix arm instruction endian-ness in bpf_jit_32.c</title>
<updated>2013-10-19T19:46:35+00:00</updated>
<author>
<name>Ben Dooks</name>
<email>ben.dooks@codethink.co.uk</email>
</author>
<published>2013-07-24T14:44:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=3460743e025addc1ecbd496db2231181a2431774'/>
<id>3460743e025addc1ecbd496db2231181a2431774</id>
<content type='text'>
Use &lt;asm/opcodes.h&gt; to correctly transform instruction byte ordering
into in-memory ordering.

Signed-off-by: Ben Dooks &lt;ben.dooks@codethink.co.uk&gt;
Reviewed-by: Dave Martin &lt;Dave.Martin@arm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Use &lt;asm/opcodes.h&gt; to correctly transform instruction byte ordering
into in-memory ordering.

Signed-off-by: Ben Dooks &lt;ben.dooks@codethink.co.uk&gt;
Reviewed-by: Dave Martin &lt;Dave.Martin@arm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: fix unsafe set_memory_rw from softirq</title>
<updated>2013-10-07T19:16:45+00:00</updated>
<author>
<name>Alexei Starovoitov</name>
<email>ast@plumgrid.com</email>
</author>
<published>2013-10-04T07:14:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d45ed4a4e33ae103053c0a53d280014e7101bb5c'/>
<id>d45ed4a4e33ae103053c0a53d280014e7101bb5c</id>
<content type='text'>
on x86 system with net.core.bpf_jit_enable = 1

sudo tcpdump -i eth1 'tcp port 22'

causes the warning:
[   56.766097]  Possible unsafe locking scenario:
[   56.766097]
[   56.780146]        CPU0
[   56.786807]        ----
[   56.793188]   lock(&amp;(&amp;vb-&gt;lock)-&gt;rlock);
[   56.799593]   &lt;Interrupt&gt;
[   56.805889]     lock(&amp;(&amp;vb-&gt;lock)-&gt;rlock);
[   56.812266]
[   56.812266]  *** DEADLOCK ***
[   56.812266]
[   56.830670] 1 lock held by ksoftirqd/1/13:
[   56.836838]  #0:  (rcu_read_lock){.+.+..}, at: [&lt;ffffffff8118f44c&gt;] vm_unmap_aliases+0x8c/0x380
[   56.849757]
[   56.849757] stack backtrace:
[   56.862194] CPU: 1 PID: 13 Comm: ksoftirqd/1 Not tainted 3.12.0-rc3+ #45
[   56.868721] Hardware name: System manufacturer System Product Name/P8Z77 WS, BIOS 3007 07/26/2012
[   56.882004]  ffffffff821944c0 ffff88080bbdb8c8 ffffffff8175a145 0000000000000007
[   56.895630]  ffff88080bbd5f40 ffff88080bbdb928 ffffffff81755b14 0000000000000001
[   56.909313]  ffff880800000001 ffff880800000000 ffffffff8101178f 0000000000000001
[   56.923006] Call Trace:
[   56.929532]  [&lt;ffffffff8175a145&gt;] dump_stack+0x55/0x76
[   56.936067]  [&lt;ffffffff81755b14&gt;] print_usage_bug+0x1f7/0x208
[   56.942445]  [&lt;ffffffff8101178f&gt;] ? save_stack_trace+0x2f/0x50
[   56.948932]  [&lt;ffffffff810cc0a0&gt;] ? check_usage_backwards+0x150/0x150
[   56.955470]  [&lt;ffffffff810ccb52&gt;] mark_lock+0x282/0x2c0
[   56.961945]  [&lt;ffffffff810ccfed&gt;] __lock_acquire+0x45d/0x1d50
[   56.968474]  [&lt;ffffffff810cce6e&gt;] ? __lock_acquire+0x2de/0x1d50
[   56.975140]  [&lt;ffffffff81393bf5&gt;] ? cpumask_next_and+0x55/0x90
[   56.981942]  [&lt;ffffffff810cef72&gt;] lock_acquire+0x92/0x1d0
[   56.988745]  [&lt;ffffffff8118f52a&gt;] ? vm_unmap_aliases+0x16a/0x380
[   56.995619]  [&lt;ffffffff817628f1&gt;] _raw_spin_lock+0x41/0x50
[   57.002493]  [&lt;ffffffff8118f52a&gt;] ? vm_unmap_aliases+0x16a/0x380
[   57.009447]  [&lt;ffffffff8118f52a&gt;] vm_unmap_aliases+0x16a/0x380
[   57.016477]  [&lt;ffffffff8118f44c&gt;] ? vm_unmap_aliases+0x8c/0x380
[   57.023607]  [&lt;ffffffff810436b0&gt;] change_page_attr_set_clr+0xc0/0x460
[   57.030818]  [&lt;ffffffff810cfb8d&gt;] ? trace_hardirqs_on+0xd/0x10
[   57.037896]  [&lt;ffffffff811a8330&gt;] ? kmem_cache_free+0xb0/0x2b0
[   57.044789]  [&lt;ffffffff811b59c3&gt;] ? free_object_rcu+0x93/0xa0
[   57.051720]  [&lt;ffffffff81043d9f&gt;] set_memory_rw+0x2f/0x40
[   57.058727]  [&lt;ffffffff8104e17c&gt;] bpf_jit_free+0x2c/0x40
[   57.065577]  [&lt;ffffffff81642cba&gt;] sk_filter_release_rcu+0x1a/0x30
[   57.072338]  [&lt;ffffffff811108e2&gt;] rcu_process_callbacks+0x202/0x7c0
[   57.078962]  [&lt;ffffffff81057f17&gt;] __do_softirq+0xf7/0x3f0
[   57.085373]  [&lt;ffffffff81058245&gt;] run_ksoftirqd+0x35/0x70

cannot reuse jited filter memory, since it's readonly,
so use original bpf insns memory to hold work_struct

defer kfree of sk_filter until jit completed freeing

tested on x86_64 and i386

Signed-off-by: Alexei Starovoitov &lt;ast@plumgrid.com&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
on x86 system with net.core.bpf_jit_enable = 1

sudo tcpdump -i eth1 'tcp port 22'

causes the warning:
[   56.766097]  Possible unsafe locking scenario:
[   56.766097]
[   56.780146]        CPU0
[   56.786807]        ----
[   56.793188]   lock(&amp;(&amp;vb-&gt;lock)-&gt;rlock);
[   56.799593]   &lt;Interrupt&gt;
[   56.805889]     lock(&amp;(&amp;vb-&gt;lock)-&gt;rlock);
[   56.812266]
[   56.812266]  *** DEADLOCK ***
[   56.812266]
[   56.830670] 1 lock held by ksoftirqd/1/13:
[   56.836838]  #0:  (rcu_read_lock){.+.+..}, at: [&lt;ffffffff8118f44c&gt;] vm_unmap_aliases+0x8c/0x380
[   56.849757]
[   56.849757] stack backtrace:
[   56.862194] CPU: 1 PID: 13 Comm: ksoftirqd/1 Not tainted 3.12.0-rc3+ #45
[   56.868721] Hardware name: System manufacturer System Product Name/P8Z77 WS, BIOS 3007 07/26/2012
[   56.882004]  ffffffff821944c0 ffff88080bbdb8c8 ffffffff8175a145 0000000000000007
[   56.895630]  ffff88080bbd5f40 ffff88080bbdb928 ffffffff81755b14 0000000000000001
[   56.909313]  ffff880800000001 ffff880800000000 ffffffff8101178f 0000000000000001
[   56.923006] Call Trace:
[   56.929532]  [&lt;ffffffff8175a145&gt;] dump_stack+0x55/0x76
[   56.936067]  [&lt;ffffffff81755b14&gt;] print_usage_bug+0x1f7/0x208
[   56.942445]  [&lt;ffffffff8101178f&gt;] ? save_stack_trace+0x2f/0x50
[   56.948932]  [&lt;ffffffff810cc0a0&gt;] ? check_usage_backwards+0x150/0x150
[   56.955470]  [&lt;ffffffff810ccb52&gt;] mark_lock+0x282/0x2c0
[   56.961945]  [&lt;ffffffff810ccfed&gt;] __lock_acquire+0x45d/0x1d50
[   56.968474]  [&lt;ffffffff810cce6e&gt;] ? __lock_acquire+0x2de/0x1d50
[   56.975140]  [&lt;ffffffff81393bf5&gt;] ? cpumask_next_and+0x55/0x90
[   56.981942]  [&lt;ffffffff810cef72&gt;] lock_acquire+0x92/0x1d0
[   56.988745]  [&lt;ffffffff8118f52a&gt;] ? vm_unmap_aliases+0x16a/0x380
[   56.995619]  [&lt;ffffffff817628f1&gt;] _raw_spin_lock+0x41/0x50
[   57.002493]  [&lt;ffffffff8118f52a&gt;] ? vm_unmap_aliases+0x16a/0x380
[   57.009447]  [&lt;ffffffff8118f52a&gt;] vm_unmap_aliases+0x16a/0x380
[   57.016477]  [&lt;ffffffff8118f44c&gt;] ? vm_unmap_aliases+0x8c/0x380
[   57.023607]  [&lt;ffffffff810436b0&gt;] change_page_attr_set_clr+0xc0/0x460
[   57.030818]  [&lt;ffffffff810cfb8d&gt;] ? trace_hardirqs_on+0xd/0x10
[   57.037896]  [&lt;ffffffff811a8330&gt;] ? kmem_cache_free+0xb0/0x2b0
[   57.044789]  [&lt;ffffffff811b59c3&gt;] ? free_object_rcu+0x93/0xa0
[   57.051720]  [&lt;ffffffff81043d9f&gt;] set_memory_rw+0x2f/0x40
[   57.058727]  [&lt;ffffffff8104e17c&gt;] bpf_jit_free+0x2c/0x40
[   57.065577]  [&lt;ffffffff81642cba&gt;] sk_filter_release_rcu+0x1a/0x30
[   57.072338]  [&lt;ffffffff811108e2&gt;] rcu_process_callbacks+0x202/0x7c0
[   57.078962]  [&lt;ffffffff81057f17&gt;] __do_softirq+0xf7/0x3f0
[   57.085373]  [&lt;ffffffff81058245&gt;] run_ksoftirqd+0x35/0x70

cannot reuse jited filter memory, since it's readonly,
so use original bpf insns memory to hold work_struct

defer kfree of sk_filter until jit completed freeing

tested on x86_64 and i386

Signed-off-by: Alexei Starovoitov &lt;ast@plumgrid.com&gt;
Acked-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>arm: bpf_jit: can call module_free() from any context</title>
<updated>2013-05-20T21:03:50+00:00</updated>
<author>
<name>Daniel Borkmann</name>
<email>dborkman@redhat.com</email>
</author>
<published>2013-05-20T08:05:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=aafc787e41fd8a4d3a4378b028d8d8f8d38d9bb6'/>
<id>aafc787e41fd8a4d3a4378b028d8d8f8d38d9bb6</id>
<content type='text'>
Follow-up on module_free()/vfree() that takes care of the rest, so no
longer this workaround with work_struct needed.

Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Cc: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Cc: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Follow-up on module_free()/vfree() that takes care of the rest, so no
longer this workaround with work_struct needed.

Signed-off-by: Daniel Borkmann &lt;dborkman@redhat.com&gt;
Cc: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
Cc: Mircea Gherzan &lt;mgherzan@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
</feed>
