)]}'
{
  "commit": "04f780c004992e8cadc36549435a3a596347f93d",
  "tree": "9662d4b613657a9bb7d3ba4b897b26b1f5236f2c",
  "parents": [
    "6215ea6b7ee7bdaf308bd72f01dbf62dec70cdad"
  ],
  "author": {
    "name": "Alexei Starovoitov",
    "email": "ast@kernel.org",
    "time": "Fri Feb 02 09:35:55 2018 -0800"
  },
  "committer": {
    "name": "Alexei Starovoitov",
    "email": "ast@kernel.org",
    "time": "Fri Feb 02 12:26:58 2018 -0800"
  },
  "message": "bpf: fix bpf_prog_array_copy_to_user() issues\n\n1. move copy_to_user out of rcu section to fix the following issue:\n\n./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section!\nstack backtrace:\n __dump_stack lib/dump_stack.c:17 [inline]\n dump_stack+0x194/0x257 lib/dump_stack.c:53\n lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4592\n rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline]\n ___might_sleep+0x385/0x470 kernel/sched/core.c:6079\n __might_sleep+0x95/0x190 kernel/sched/core.c:6067\n __might_fault+0xab/0x1d0 mm/memory.c:4532\n _copy_to_user+0x2c/0xc0 lib/usercopy.c:25\n copy_to_user include/linux/uaccess.h:155 [inline]\n bpf_prog_array_copy_to_user+0x217/0x4d0 kernel/bpf/core.c:1587\n bpf_prog_array_copy_info+0x17b/0x1c0 kernel/bpf/core.c:1685\n perf_event_query_prog_array+0x196/0x280 kernel/trace/bpf_trace.c:877\n _perf_ioctl kernel/events/core.c:4737 [inline]\n perf_ioctl+0x3e1/0x1480 kernel/events/core.c:4757\n\n2. move *prog under rcu, since it\u0027s not ok to dereference it afterwards\n\n3. in a rare case of prog array being swapped between bpf_prog_array_length()\n   and bpf_prog_array_copy_to_user() calls make sure to copy zeros to user space,\n   so the user doesn\u0027t walk over uninited prog_ids while kernel reported\n   uattr-\u003equery.prog_cnt \u003e 0\n\nReported-by: syzbot+7dbcd2d3b85f9b608b23@syzkaller.appspotmail.com\nFixes: 468e2f64d220 (\"bpf: introduce BPF_PROG_QUERY command\")\nSigned-off-by: Alexei Starovoitov \u003cast@kernel.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "5f35f93dcab26b21ec5b74882116a25868df8399",
      "old_mode": 33188,
      "old_path": "kernel/bpf/core.c",
      "new_id": "9d8fb0c3fd533beaeed9ecf7070b8f0df79b1021",
      "new_mode": 33188,
      "new_path": "kernel/bpf/core.c"
    }
  ]
}