On 1/17/2024 4:04 AM, Sasha Levin wrote: > From: Hou Tao <houtao1@xxxxxxxxxx> > > [ Upstream commit 20c20bd11a0702ce4dc9300c3da58acf551d9725 ] > > map is the pointer of outer map, and need_defer needs some explanation. > need_defer tells the implementation to defer the reference release of > the passed element and ensure that the element is still alive before > the bpf program, which may manipulate it, exits. > > The following three cases will invoke map_fd_put_ptr() and different > need_defer values will be passed to these callers: > > 1) release the reference of the old element in the map during map update > or map deletion. The release must be deferred, otherwise the bpf > program may incur use-after-free problem, so need_defer needs to be > true. > 2) release the reference of the to-be-added element in the error path of > map update. The to-be-added element is not visible to any bpf > program, so it is OK to pass false for need_defer parameter. > 3) release the references of all elements in the map during map release. > Any bpf program which has access to the map must have been exited and > released, so need_defer=false will be OK. > > These two parameters will be used by the following patches to fix the > potential use-after-free problem for map-in-map. > > Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx> > Link: https://lore.kernel.org/r/20231204140425.1480317-3-houtao@xxxxxxxxxxxxxxx > Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> The patch is just a preparatory patch for fix, please drop it.