Stanislav Fomichev <sdf@xxxxxxxxxx> writes: > Please see the first patch in the series for the overall > design and use-cases. > > Changes since v2: > > - Rework bpf_prog_aux->xdp_netdev refcnt (Martin) > > Switched to dropping the count early, after loading / verification is > done. At attach time, the pointer value is used only for comparing > the actual netdev at attach vs netdev at load. So if we're not holding the netdev reference, we'll end up with a BPF program with hard-coded CALL instructions calling into a module that could potentially be unloaded while that BPF program is still alive, right? I suppose that since we're checking that the attach iface is the same that the program should not be able to run after the module is unloaded, but it still seems a bit iffy. And we should definitely block BPF_PROG_RUN invocations of programs with a netdev set (but we should do that anyway). > (potentially can be a problem if the same slub slot is reused > for another netdev later on?) Yeah, this would be bad as well, obviously. I guess this could happen? -Toke
