From: Hou Tao <houtao1@xxxxxxxxxx> Hi, The patchset tries to fix the potential use-after-free problem in cgroup iterator. The problem is similar with the UAF problem fixed in map iterator, however to prevent such UAF problem from happening again for bpf iterator, just pinning iterator link when opening iterator, so after doing the necessary reference acquisitions in .attach_target() there will be unnecessary to pin iteration target again in .init_seq_private() for each iterator type. Also adding a selftests to demonstrate the UAF problem when iterating a dead cgroup. Comments are always welcome. Change Log: v2: * Patch 1: Pinning iterator link when opening iterator, instead of acquiring the reference of start cgroup in cgroup_iter_seq_init(). * Patch 2 & 3: Address comments from Yonghong Song and add Acked-by tag v1: https://lore.kernel.org/bpf/20221107074222.1323017-1-houtao@xxxxxxxxxxxxxxx/T/#t Hou Tao (3): bpf: Pin iterator link when opening iterator selftests/bpf: Add cgroup helper remove_cgroup() selftests/bpf: Add test for cgroup iterator on a dead cgroup kernel/bpf/bpf_iter.c | 21 +++-- tools/testing/selftests/bpf/cgroup_helpers.c | 19 +++++ tools/testing/selftests/bpf/cgroup_helpers.h | 1 + .../selftests/bpf/prog_tests/cgroup_iter.c | 76 +++++++++++++++++++ 4 files changed, 110 insertions(+), 7 deletions(-) -- 2.29.2
