From: Hou Tao <houtao@huaweicloud.com>
To: bpf@vger.kernel.org, Yonghong Song <yhs@fb.com>
Cc: Andrii Nakryiko <andrii@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
KP Singh <kpsingh@kernel.org>,
"David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
Lorenz Bauer <oss@lmb.io>,
houtao1@huawei.com
Subject: [PATCH bpf v2 4/9] bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
Date: Wed, 10 Aug 2022 16:05:33 +0800 [thread overview]
Message-ID: <20220810080538.1845898-5-houtao@huaweicloud.com> (raw)
In-Reply-To: <20220810080538.1845898-1-houtao@huaweicloud.com>
From: Hou Tao <houtao1@huawei.com>
sock_map_iter_attach_target() acquires a map uref, and the uref may be
released before or in the middle of iterating map elements. For example,
the uref could be released in sock_map_iter_detach_target() as part of
bpf_link_release(), or could be released in bpf_map_put_with_uref() as
part of bpf_map_release().
Fixing it by acquiring an extra map uref in .init_seq_private and
releasing it in .fini_seq_private.
Fixes: 0365351524d7 ("net: Allow iterating sockmap and sockhash")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Acked-by: Yonghong Song <yhs@fb.com>
---
net/core/sock_map.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index 028813dfecb0..9a9fb9487d63 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -783,13 +783,22 @@ static int sock_map_init_seq_private(void *priv_data,
{
struct sock_map_seq_info *info = priv_data;
+ bpf_map_inc_with_uref(aux->map);
info->map = aux->map;
return 0;
}
+static void sock_map_fini_seq_private(void *priv_data)
+{
+ struct sock_map_seq_info *info = priv_data;
+
+ bpf_map_put_with_uref(info->map);
+}
+
static const struct bpf_iter_seq_info sock_map_iter_seq_info = {
.seq_ops = &sock_map_seq_ops,
.init_seq_private = sock_map_init_seq_private,
+ .fini_seq_private = sock_map_fini_seq_private,
.seq_priv_size = sizeof(struct sock_map_seq_info),
};
@@ -1369,18 +1378,27 @@ static const struct seq_operations sock_hash_seq_ops = {
};
static int sock_hash_init_seq_private(void *priv_data,
- struct bpf_iter_aux_info *aux)
+ struct bpf_iter_aux_info *aux)
{
struct sock_hash_seq_info *info = priv_data;
+ bpf_map_inc_with_uref(aux->map);
info->map = aux->map;
info->htab = container_of(aux->map, struct bpf_shtab, map);
return 0;
}
+static void sock_hash_fini_seq_private(void *priv_data)
+{
+ struct sock_hash_seq_info *info = priv_data;
+
+ bpf_map_put_with_uref(info->map);
+}
+
static const struct bpf_iter_seq_info sock_hash_iter_seq_info = {
.seq_ops = &sock_hash_seq_ops,
.init_seq_private = sock_hash_init_seq_private,
+ .fini_seq_private = sock_hash_fini_seq_private,
.seq_priv_size = sizeof(struct sock_hash_seq_info),
};
--
2.29.2
next prev parent reply other threads:[~2022-08-10 7:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-10 8:05 [PATCH bpf v2 0/9] fixes for bpf map iterator Hou Tao
2022-08-10 8:05 ` [PATCH bpf v2 1/9] bpf: Acquire map uref in .init_seq_private for array " Hou Tao
2022-08-10 8:05 ` [PATCH bpf v2 2/9] bpf: Acquire map uref in .init_seq_private for hash " Hou Tao
2022-08-10 8:05 ` [PATCH bpf v2 3/9] bpf: Acquire map uref in .init_seq_private for sock local storage " Hou Tao
2022-08-10 16:47 ` Martin KaFai Lau
2022-08-10 8:05 ` Hou Tao [this message]
2022-08-10 8:05 ` [PATCH bpf v2 5/9] bpf: Check the validity of max_rdwr_access " Hou Tao
2022-08-10 16:59 ` Martin KaFai Lau
2022-08-10 8:05 ` [PATCH bpf v2 6/9] bpf: Only allow sleepable program for resched-able iterator Hou Tao
2022-08-10 8:05 ` [PATCH bpf v2 7/9] selftests/bpf: Add tests for reading a dangling map iter fd Hou Tao
2022-08-10 15:13 ` Yonghong Song
2022-08-10 8:05 ` [PATCH bpf v2 8/9] selftests/bpf: Add write tests for sk local storage map iterator Hou Tao
2022-08-10 17:05 ` Martin KaFai Lau
2022-08-10 8:05 ` [PATCH bpf v2 9/9] selftests/bpf: Ensure sleepable program is rejected by hash map iter Hou Tao
2022-08-10 17:20 ` [PATCH bpf v2 0/9] fixes for bpf map iterator patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220810080538.1845898-5-houtao@huaweicloud.com \
--to=houtao@huaweicloud.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=haoluo@google.com \
--cc=houtao1@huawei.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=oss@lmb.io \
--cc=sdf@google.com \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.