From: Hou Tao <houtao1@xxxxxxxxxx> Hi, The patchset tries to fix the potential use-after-free problem in cgroup iterator. The problem is similar with the UAF problem fixed in map iterator and the fixes is also similar: pinning the iterated resource in .init_seq_private() and unpinning in .fini_seq_private(). Also adding a test to demonstrate the problem. Not sure whether or not it will be helpful to add some comments for .init_seq_private() to state that the implementation of .init_seq_private() should not depend on iterator link to guarantee the liveness of iterated object. Comments are always welcome. Hou Tao (3): bpf: Pin the start cgroup in cgroup_iter_seq_init() selftests/bpf: Add cgroup helper remove_cgroup() selftests/bpf: Add test for cgroup iterator on a dead cgroup kernel/bpf/cgroup_iter.c | 14 ++++ tools/testing/selftests/bpf/cgroup_helpers.c | 19 +++++ tools/testing/selftests/bpf/cgroup_helpers.h | 1 + .../selftests/bpf/prog_tests/cgroup_iter.c | 78 +++++++++++++++++++ 4 files changed, 112 insertions(+) -- 2.29.2
