On Mon, Nov 7, 2022 at 1:59 PM Yonghong Song <yhs@xxxxxxxx> wrote:
>
>
>
> On 11/6/22 11:42 PM, Hou Tao wrote:
> > From: Hou Tao <houtao1@xxxxxxxxxx>
> >
> > bpf_iter_attach_cgroup() has already acquired an extra reference for the
> > start cgroup, but the reference will be released if the iterator link fd
> > is closed after the creation of iterator fd, and it may lead to
> > User-After-Free when reading the iterator fd.
> >
> > So fixing it by acquiring another reference for the start cgroup.
> >
> > Fixes: d4ccaf58a847 ("bpf: Introduce cgroup iter")
> > Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx>
>
> Acked-by: Yonghong Song <yhs@xxxxxx>
There is an alternative: does it make sense to have the iterator hold
a ref of the link? When the link is closed, my assumption is that the
program is already detached from the cgroup. After that, it makes no
sense to still allow iterating the cgroup. IIUC, holding a ref to the
link in the iterator also fixes for other types of objects.
Hao
