On Thu, Jan 11, 2024 at 1:50 AM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Tue, Jan 9, 2024 at 10:00 PM Yafang Shao <laoar.shao@xxxxxxxxx> wrote:
> >
> > +__bpf_kfunc int bpf_iter_cpumask_new(struct bpf_iter_cpumask *it, struct cpumask *mask)
> > +{
> > + struct bpf_iter_cpumask_kern *kit = (void *)it;
> > +
> > + BUILD_BUG_ON(sizeof(struct bpf_iter_cpumask_kern) > sizeof(struct bpf_iter_cpumask));
> > + BUILD_BUG_ON(__alignof__(struct bpf_iter_cpumask_kern) !=
> > + __alignof__(struct bpf_iter_cpumask));
> > +
> > + kit->mask = mask;
> > + kit->cpu = -1;
> > + return 0;
> > +}
> > +
>
> ...
>
> > +BTF_ID_FLAGS(func, bpf_iter_cpumask_new, KF_ITER_NEW | KF_RCU)
>
> this is not safe.
> KF_RCU means that 'mask' pointer is valid in RCU CS,
> but you're storing the pointer in the iterator that may leak
> past RCU CS.
>
> You need KF_RCU_PROTECTED at least.
> KF_TRUSTED_ARGS might be necessary too. This needs to be thought through.
Thanks for your detailed explanation. I will analyze it carefully.
--
Regards
Yafang
