From: Hou Tao <houtao1@xxxxxxxxxx>
Hi,
The patchset constitues three fixes for bpf map iterator:
(1) patch 1~4: fix user-after-free during reading map iterator fd
It is possible when both the corresponding link fd and map fd are
closed bfore reading the iterator fd. I had squashed these four patches
into one, but it was not friendly for stable backport, so I break these
fixes into 4 single patches in the end. Patch 7 is its testing patch.
(2) patch 5: fix invalidity check for values in sk local storage map
Patch 8 adds two tests for it.
(3) patch 6: reject sleepable program for non-resched map iterator
Patch 9 add a test for it.
Please check the individual patches for more details. And comments are
always welcome.
Regards,
Tao
Hou Tao (9):
bpf: Acquire map uref in .init_seq_private for array map iterator
bpf: Acquire map uref in .init_seq_private for hash map iterator
bpf: Acquire map uref in .init_seq_private for sock local storage map
iterator
bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator
bpf: Check the validity of max_rdwr_access for sk storage map iterator
bpf: Only allow sleepable program for resched-able iterator
selftests/bpf: Add tests for reading a dangling map iter fd
selftests/bpf: Add write tests for sk storage map iterator
selftests/bpf: Ensure sleepable program is rejected by hash map iter
kernel/bpf/arraymap.c | 7 ++
kernel/bpf/bpf_iter.c | 11 +-
kernel/bpf/hashtab.c | 2 +
net/core/bpf_sk_storage.c | 12 +-
net/core/sock_map.c | 20 ++-
.../selftests/bpf/prog_tests/bpf_iter.c | 114 +++++++++++++++++-
.../bpf/progs/bpf_iter_bpf_hash_map.c | 9 ++
.../bpf/progs/bpf_iter_bpf_sk_storage_map.c | 20 ++-
8 files changed, 189 insertions(+), 6 deletions(-)
--
2.29.2
