On Thu, Jan 30, 2025 at 05:04:42PM +0100, Christian Brauner wrote: > I'm also not at all swayed by the fact that this is coming out of an > effort to move CRIU into bpf just to make things easier. Not a selling > point as we do have CRIU and I don't think we need to now put more CRIU > related stuff into the kernel. > > So this will not get an ACK from me. I'm putting Al and Linus here as > well as they might have opinions on this and might disagree with me. Strongly seconded. While we are at it, one thing I really hate about BPF access to descriptor tables is the idiotic idea of using descriptor table as private data structure. Sure, when talking to userland it's perfectly fine to stash your object into descriptor table and use descriptors for marshalling that. Doing that kernel-side is inherently racy, especially if you end up assuming that underlying object won't go away until your skel_closenz() - or that it will go away as soon as that thing is called. And judging by experience with regular kernel code, that's an assumption that gets made again and again; see anon_inode_getfile() callers that used to be anon_inode_getfd() - a lot of those appeared while whacking those moles...
