| Message ID | 20220810080538.1845898-1-houtao@huaweicloud.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | fixes for bpf map iterator | expand |
Hello: This series was applied to bpf/bpf.git (master) by Alexei Starovoitov <ast@kernel.org>: On Wed, 10 Aug 2022 16:05:29 +0800 you wrote: > From: Hou Tao <houtao1@huawei.com> > > Hi, > > The patchset constitues three fixes for bpf map iterator: > > (1) patch 1~4: fix user-after-free during reading map iterator fd > It is possible when both the corresponding link fd and map fd are > closed bfore reading the iterator fd. I had squashed these four patches > into one, but it was not friendly for stable backport, so I break these > fixes into four single patches in the end. Patch 7 is its testing patch. > > [...] Here is the summary with links: - [bpf,v2,1/9] bpf: Acquire map uref in .init_seq_private for array map iterator https://git.kernel.org/bpf/bpf/c/f76fa6b33805 - [bpf,v2,2/9] bpf: Acquire map uref in .init_seq_private for hash map iterator https://git.kernel.org/bpf/bpf/c/ef1e93d2eeb5 - [bpf,v2,3/9] bpf: Acquire map uref in .init_seq_private for sock local storage map iterator https://git.kernel.org/bpf/bpf/c/3c5f6e698b5c - [bpf,v2,4/9] bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator https://git.kernel.org/bpf/bpf/c/f0d2b2716d71 - [bpf,v2,5/9] bpf: Check the validity of max_rdwr_access for sock local storage map iterator https://git.kernel.org/bpf/bpf/c/52bd05eb7c88 - [bpf,v2,6/9] bpf: Only allow sleepable program for resched-able iterator https://git.kernel.org/bpf/bpf/c/d247049f4fd0 - [bpf,v2,7/9] selftests/bpf: Add tests for reading a dangling map iter fd https://git.kernel.org/bpf/bpf/c/5836d81e4b03 - [bpf,v2,8/9] selftests/bpf: Add write tests for sk local storage map iterator https://git.kernel.org/bpf/bpf/c/939a1a946d75 - [bpf,v2,9/9] selftests/bpf: Ensure sleepable program is rejected by hash map iter https://git.kernel.org/bpf/bpf/c/c5c0981fd81d You are awesome, thank you!
From: Hou Tao <houtao1@huawei.com> Hi, The patchset constitues three fixes for bpf map iterator: (1) patch 1~4: fix user-after-free during reading map iterator fd It is possible when both the corresponding link fd and map fd are closed bfore reading the iterator fd. I had squashed these four patches into one, but it was not friendly for stable backport, so I break these fixes into four single patches in the end. Patch 7 is its testing patch. (2) patch 5: fix invalidity check for values in sk local storage map Patch 8 adds two tests for it. (3) patch 6: reject sleepable program for non-resched map iterator Patch 9 add a test for it. Please check the individual patches for more details. And comments are always welcome. Regards, Tao Changes since v2: * patch 1~6: update commit messages (from Yonghong & Martin) * patch 7: add more detailed comments (from Yonghong) * patch 8: use NULL directly instead of (void *)0 v1: https://lore.kernel.org/bpf/20220806074019.2756957-1-houtao@huaweicloud.com Hou Tao (9): bpf: Acquire map uref in .init_seq_private for array map iterator bpf: Acquire map uref in .init_seq_private for hash map iterator bpf: Acquire map uref in .init_seq_private for sock local storage map iterator bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator bpf: Check the validity of max_rdwr_access for sock local storage map iterator bpf: Only allow sleepable program for resched-able iterator selftests/bpf: Add tests for reading a dangling map iter fd selftests/bpf: Add write tests for sk local storage map iterator selftests/bpf: Ensure sleepable program is rejected by hash map iter kernel/bpf/arraymap.c | 6 + kernel/bpf/bpf_iter.c | 11 +- kernel/bpf/hashtab.c | 2 + net/core/bpf_sk_storage.c | 12 +- net/core/sock_map.c | 20 ++- .../selftests/bpf/prog_tests/bpf_iter.c | 116 +++++++++++++++++- .../bpf/progs/bpf_iter_bpf_hash_map.c | 9 ++ .../bpf/progs/bpf_iter_bpf_sk_storage_map.c | 22 +++- 8 files changed, 191 insertions(+), 7 deletions(-)