www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Eduard Zingerman <eddyz87@gmail.com>
	Sat, 15 Feb 2025 11:03:56 +0000 (03:03 -0800)
committer	Alexei Starovoitov <ast@kernel.org>
	Wed, 19 Feb 2025 03:22:59 +0000 (19:22 -0800)
commit	c1ce66357f8f7d73ff70353ec15f1fba164bc7e1
tree	062573857c9a40ff13d2aadcec26a6080e2a26a2	tree
parent	6361cd26e4028598082596c3f1768671b9ba7925	commit \| diff

bpf: detect infinite loop in get_loop_entry()

Tejun Heo reported an infinite loop in get_loop_entry(),
when verifying a sched_ext program layered_dispatch in [1].
After some investigation I'm sure that root cause is fixed by patches
1,3 in this patch-set.

To err on the safe side, this commit modifies get_loop_entry() to
detect infinite loops and abort verification in such cases.
The number of steps get_loop_entry(S) can make while moving along the
bpf_verifier_state->loop_entry chain is bounded by the DFS depth of
state S. This fact is exploited to implement the check.

To avoid dealing with the potential error code returned from
get_loop_entry() in update_loop_entry(), remove the get_loop_entry()
calls there:
- This change does not affect correctness. Loop entries would still be
  updated during the backward DFS move in update_branch_counts().
- This change does not affect performance. Measurements show that
  get_loop_entry() performs at most 1 step on selftests and at most 2
  steps on sched_ext programs (1 step in 17 cases, 2 steps in 3
  cases, measured using "do-not-submit" patches from [2]).

[1] https://github.com/sched-ext/scx/
    commit f0b27038ea10 ("XXX - kernel stall")
[2] https://github.com/eddyz87/bpf/tree/get-loop-entry-hungup

Reported-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250215110411.3236773-6-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>