Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote:
> > Let's call migrate_disable() before calling bpf_prog_run() in
> > nf_hook_run_bpf().
Or use bpf_prog_run_pin_on_cpu() which wraps bpf_prog_run().
> > Fixes: 91721c2d02d3 ("netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link")
>
> Fixes tag looks wrong.
> I don't think it's Daniel's defrag series.
> No idea why syzbot bisected it to this commit.
Didn't check but I'd wager the bpf prog attach is rejected due to an
unsupported flag before this commit. Looks like correct tag is
Fixes: fd9c663b9ad6 ("bpf: minimal support for programs hooked into netfilter framework")
I don't see anything that implicitly disables preemption and even 6.4 has
the cant_migrate() call there.
> > + unsigned int ret;
> >
> > - return bpf_prog_run(prog, &ctx);
> > + migrate_disable();
> > + ret = bpf_prog_run(prog, &ctx);
> > + migrate_enable();
>
> The fix looks correct, but we need to root cause it better.
> Why did it start now ?
I guess most people don't have preemptible rcu enabled.
