On Fri, Dec 17, 2021 at 07:20:27AM +0530, Kumar Kartikeya Dwivedi wrote:
> diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
> index b80fe5bf2a02..a6ef11db6823 100644
> --- a/include/linux/bpf_verifier.h
> +++ b/include/linux/bpf_verifier.h
> @@ -128,6 +128,16 @@ struct bpf_reg_state {
> * allowed and has the same effect as bpf_sk_release(sk).
> */
> u32 ref_obj_id;
> + /* This is set for pointers which are derived from referenced
> + * pointer (e.g. PTR_TO_BTF_ID pointer walking), so that the
> + * pointers obtained by walking referenced PTR_TO_BTF_ID
> + * are appropriately invalidated when the lifetime of their
> + * parent object ends.
> + *
> + * Only one of ref_obj_id and parent_ref_obj_id can be set,
> + * never both at once.
> + */
> + u32 parent_ref_obj_id;
How would it handle parent of parent?
Did you consider map_uid approach ?
Similar uid can be added for PTR_TO_BTF_ID.
Then every such pointer will be unique. Each deref will get its own uid.
I think the advantage of parent_ref_obj_id approach is that the program
can acquire a pointer through one kernel type, do some deref, and then
release it through a deref of other type. I'm not sure how practical is that
and it feels a bit dangerous.
