On Tue, Jan 9, 2024 at 10:00 PM Yafang Shao <laoar.shao@xxxxxxxxx> wrote:
>
> +__bpf_kfunc int bpf_iter_cpumask_new(struct bpf_iter_cpumask *it, struct cpumask *mask)
> +{
> + struct bpf_iter_cpumask_kern *kit = (void *)it;
> +
> + BUILD_BUG_ON(sizeof(struct bpf_iter_cpumask_kern) > sizeof(struct bpf_iter_cpumask));
> + BUILD_BUG_ON(__alignof__(struct bpf_iter_cpumask_kern) !=
> + __alignof__(struct bpf_iter_cpumask));
> +
> + kit->mask = mask;
> + kit->cpu = -1;
> + return 0;
> +}
> +
...
> +BTF_ID_FLAGS(func, bpf_iter_cpumask_new, KF_ITER_NEW | KF_RCU)
this is not safe.
KF_RCU means that 'mask' pointer is valid in RCU CS,
but you're storing the pointer in the iterator that may leak
past RCU CS.
You need KF_RCU_PROTECTED at least.
KF_TRUSTED_ARGS might be necessary too. This needs to be thought through.
