From: Hou Tao <houtao1@xxxxxxxxxx> Hi, The patchset constitues three fixes for bpf map iterator: (1) patch 1~4: fix user-after-free during reading map iterator fd It is possible when both the corresponding link fd and map fd are closed bfore reading the iterator fd. I had squashed these four patches into one, but it was not friendly for stable backport, so I break these fixes into four single patches in the end. Patch 7 is its testing patch. (2) patch 5: fix invalidity check for values in sk local storage map Patch 8 adds two tests for it. (3) patch 6: reject sleepable program for non-resched map iterator Patch 9 add a test for it. Please check the individual patches for more details. And comments are always welcome. Regards, Tao Changes since v2: * patch 1~6: update commit messages (from Yonghong & Martin) * patch 7: add more detailed comments (from Yonghong) * patch 8: use NULL directly instead of (void *)0 v1: https://lore.kernel.org/bpf/20220806074019.2756957-1-houtao@xxxxxxxxxxxxxxx Hou Tao (9): bpf: Acquire map uref in .init_seq_private for array map iterator bpf: Acquire map uref in .init_seq_private for hash map iterator bpf: Acquire map uref in .init_seq_private for sock local storage map iterator bpf: Acquire map uref in .init_seq_private for sock{map,hash} iterator bpf: Check the validity of max_rdwr_access for sock local storage map iterator bpf: Only allow sleepable program for resched-able iterator selftests/bpf: Add tests for reading a dangling map iter fd selftests/bpf: Add write tests for sk local storage map iterator selftests/bpf: Ensure sleepable program is rejected by hash map iter kernel/bpf/arraymap.c | 6 + kernel/bpf/bpf_iter.c | 11 +- kernel/bpf/hashtab.c | 2 + net/core/bpf_sk_storage.c | 12 +- net/core/sock_map.c | 20 ++- .../selftests/bpf/prog_tests/bpf_iter.c | 116 +++++++++++++++++- .../bpf/progs/bpf_iter_bpf_hash_map.c | 9 ++ .../bpf/progs/bpf_iter_bpf_sk_storage_map.c | 22 +++- 8 files changed, 191 insertions(+), 7 deletions(-) -- 2.29.2
