diff options
author | Hou Tao <houtao1@huawei.com> | 2023-12-04 15:04:20 +0100 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2023-12-05 02:50:26 +0100 |
commit | 20c20bd11a0702ce4dc9300c3da58acf551d9725 (patch) | |
tree | 4ab874508a5b0c40f1f9671eaf6218ac5241fb5f /kernel/bpf/map_in_map.h | |
parent | bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers (diff) | |
download | linux-20c20bd11a0702ce4dc9300c3da58acf551d9725.tar.xz linux-20c20bd11a0702ce4dc9300c3da58acf551d9725.zip |
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
map is the pointer of outer map, and need_defer needs some explanation.
need_defer tells the implementation to defer the reference release of
the passed element and ensure that the element is still alive before
the bpf program, which may manipulate it, exits.
The following three cases will invoke map_fd_put_ptr() and different
need_defer values will be passed to these callers:
1) release the reference of the old element in the map during map update
or map deletion. The release must be deferred, otherwise the bpf
program may incur use-after-free problem, so need_defer needs to be
true.
2) release the reference of the to-be-added element in the error path of
map update. The to-be-added element is not visible to any bpf
program, so it is OK to pass false for need_defer parameter.
3) release the references of all elements in the map during map release.
Any bpf program which has access to the map must have been exited and
released, so need_defer=false will be OK.
These two parameters will be used by the following patches to fix the
potential use-after-free problem for map-in-map.
Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20231204140425.1480317-3-houtao@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'kernel/bpf/map_in_map.h')
-rw-r--r-- | kernel/bpf/map_in_map.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/bpf/map_in_map.h b/kernel/bpf/map_in_map.h index bcb7534afb3c..7d61602354de 100644 --- a/kernel/bpf/map_in_map.h +++ b/kernel/bpf/map_in_map.h @@ -13,7 +13,7 @@ struct bpf_map *bpf_map_meta_alloc(int inner_map_ufd); void bpf_map_meta_free(struct bpf_map *map_meta); void *bpf_map_fd_get_ptr(struct bpf_map *map, struct file *map_file, int ufd); -void bpf_map_fd_put_ptr(void *ptr); +void bpf_map_fd_put_ptr(struct bpf_map *map, void *ptr, bool need_defer); u32 bpf_map_fd_sys_lookup_elem(void *ptr); #endif |