From: Hui Tang tanghui20@huawei.com
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBG1V2 CVE: NA
--------------------------------
Refcount 'cpustats->usage' is clear in bpf_sched_cpu_stats_of which triggering WARNING bpf_sched_cpustats_release called.
refcount_t: underflow; use-after-free. WARNING: CPU: 31 PID: 9517 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148 Call trace: refcount_warn_saturate+0xf4/0x148 bpf_sched_cpustats_release+0xa4/0xc0 bpf_prog_62f48e1f0ef32ae3_select_rq+0x360/0x398 bpf_trampoline_6442463850+0x8c/0x1000 bpf_sched_cfs_select_rq+0x8/0x18 select_task_rq_fair+0x250/0x4c8
Ctx is clear in bpf_sched_cpustats_create, so it not need to clear in bpf_sched_cpu_stats_of.
Fixes: ace175278fa1 ("sched: Add kfunc to get cpu statistics") Signed-off-by: Hui Tang tanghui20@huawei.com Signed-off-by: Cheng Yu serein.chengyu@huawei.com --- kernel/sched/bpf_sched.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/kernel/sched/bpf_sched.c b/kernel/sched/bpf_sched.c index 2958b3029d38..1973cfacc079 100644 --- a/kernel/sched/bpf_sched.c +++ b/kernel/sched/bpf_sched.c @@ -152,7 +152,6 @@ __bpf_kfunc s32 bpf_sched_cpu_stats_of(int cpuid, return -EINVAL;
rq = cpu_rq(cpu); - memset(ctx, 0, sizeof(*ctx));
SCHED_WARN_ON(!rcu_read_lock_held()); /* nr_running */
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/14730 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F...
FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/14730 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F...
-
Cheng Yu -
patchwork bot