On Thu, Apr 13, 2023 at 3:35 PM Alexander Mikhalitsyn <aleksandr.mikhalitsyn@xxxxxxxxxxxxx> wrote: > > During work on SO_PEERPIDFD, it was discovered (thanks to Christian), > that bpf cgroup hook can cause FD leaks when used with sockopts which > install FDs into the process fdtable. > > After some offlist discussion it was proposed to add a blacklist of We try to replace this word by either denylist or blocklist, even in changelogs. > socket options those can cause troubles when BPF cgroup hook is enabled. > Can we find the appropriate Fixes: tag to help stable teams ? > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Eric Dumazet <edumazet@xxxxxxxxxx> > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: Paolo Abeni <pabeni@xxxxxxxxxx> > Cc: Leon Romanovsky <leon@xxxxxxxxxx> > Cc: David Ahern <dsahern@xxxxxxxxxx> > Cc: Arnd Bergmann <arnd@xxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: Christian Brauner <brauner@xxxxxxxxxx> > Cc: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> > Cc: Lennart Poettering <mzxreary@xxxxxxxxxxx> > Cc: linux-kernel@xxxxxxxxxxxxxxx > Cc: netdev@xxxxxxxxxxxxxxx > Cc: linux-arch@xxxxxxxxxxxxxxx > Suggested-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx> > Suggested-by: Christian Brauner <brauner@xxxxxxxxxx> > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@xxxxxxxxxxxxx> Thanks.