On Fri, Nov 1, 2024 at 3:55 AM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > > On Thu, 31 Oct 2024 14:09:36 -0700 > Andrii Nakryiko <andrii@xxxxxxxxxx> wrote: > > > In general, BPF link's underlying BPF program should be considered to be > > reachable through attach hook -> link -> prog chain, and, pessimistically, > > we have to assume that as long as link's memory is not safe to free, > > attach hook's code might hold a pointer to BPF program and use it. > > > > As such, it's not (generally) correct to put link's program early before > > waiting for RCU GPs to go through. More eager bpf_prog_put() that we > > currently do is mostly correct due to BPF program's release code doing > > similar RCU GP waiting, but as will be shown in the following patches, > > BPF program can be non-sleepable (and, thus, reliant on only "classic" > > RCU GP), while BPF link's attach hook can have sleepable semantics and > > needs to be protected by RCU Tasks Trace, and for such cases BPF link > > has to go through RCU Tasks Trace + "classic" RCU GPs before being > > deallocated. And so, if we put BPF program early, we might free BPF > > program before we free BPF link, leading to use-after-free situation. > > > > So, this patch defers bpf_prog_put() until we are ready to perform > > bpf_link's deallocation. At worst, this delays BPF program freeing by > > one extra RCU GP, but that seems completely acceptable. Alternatively, > > we'd need more elaborate ways to determine BPF hook, BPF link, and BPF > > program lifetimes, and how they relate to each other, which seems like > > an unnecessary complication. > > > > Note, for most BPF links we still will perform eager bpf_prog_put() and > > link dealloc, so for those BPF links there are no observable changes > > whatsoever. Only BPF links that use deferred dealloc might notice > > slightly delayed freeing of BPF programs. > > > > Also, to reduce code and logic duplication, extract program put + link > > dealloc logic into bpf_link_dealloc() helper. > > > > Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx> > > > Hi Andrii, > > Do you want me to add this on top of my queue? If so, would it be possible > that I can get a tested-by from someone? As I don't do much to test BPF > patches. Hey Steven, Yep, this should go on top of Mathieu's patch set. Let me send v2 with fixed up stub definition. Jordan gave his Tested-By and Alexei seems fine with this as well, so I think it should be good to go. > > -- Steve
