Re: [PATCH bpf-next v7 1/3] bpf: Factor out stack_map build ID helpers

From: bot+bpf-ci

Date: Mon May 25 2026 - 19:17:49 EST

> diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
> index da3d328f5c15..e23be7d44503 100644
> --- a/kernel/bpf/stackmap.c
> +++ b/kernel/bpf/stackmap.c
> @@ -152,6 +152,28 @@ static int fetch_build_id(struct vm_area_struct *vma, unsigned char *build_id, b
> : build_id_parse_nofault(vma, build_id, NULL);
> }
>
> +static inline void stack_map_build_id_set_ip(struct bpf_stack_build_id *id)
> +{
> + id->status = BPF_STACK_BUILD_ID_IP;
> + memset(id->build_id, 0, BUILD_ID_SIZE_MAX);
> +}
> +
> +static inline u64 stack_map_build_id_offset(unsigned long vm_pgoff,
> + unsigned long vm_start, u64 ip)
> +{
> + return (vm_pgoff << PAGE_SHIFT) + ip - vm_start;
> +}
> +
> +static inline void stack_map_build_id_set_valid(struct bpf_stack_build_id *id,
> + u64 offset,
> + const unsigned char *build_id)
> +{
> + id->status = BPF_STACK_BUILD_ID_VALID;
> + id->offset = offset;
> + if (id->build_id != build_id)
> + memcpy(id->build_id, build_id, BUILD_ID_SIZE_MAX);
> +}

In bpf_get_stack(), the destination buffer can be a BPF map value that is
concurrently readable locklessly by user-space. Since the buffer initially
contains the raw instruction pointer (ip), does setting status to VALID
before writing the offset create a data race?

A concurrent lockless reader polling the status field might observe the
VALID status while the union still holds the raw ip instead of the correct
file offset, and before the build_id string is fully copied.

Prior to this patch, the offset was written before the status. Could this
reordering of assignments cause concurrent readers to observe stale data?

This was raised by sashiko-bot in v6 review and acknowledged by the author
as needing to be fixed in the next version, but was not addressed:

https://lore.kernel.org/bpf/20260521231600.E14FD1F000E9@xxxxxxxxxxxxxxx/

[ ... ]


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/26422948694