lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 17 Jan 2024 12:16:00 +0800
From: Hou Tao <houtao@...weicloud.com>
To: Sasha Levin <sashal@...nel.org>, linux-kernel@...r.kernel.org,
 stable@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>, daniel@...earbox.net,
 andrii@...nel.org, bpf@...r.kernel.org
Subject: Re: [PATCH AUTOSEL 4.19 07/22] bpf: Add map and need_defer parameters
 to .map_fd_put_ptr()



On 1/17/2024 4:04 AM, Sasha Levin wrote:
> From: Hou Tao <houtao1@...wei.com>
>
> [ Upstream commit 20c20bd11a0702ce4dc9300c3da58acf551d9725 ]
>
> map is the pointer of outer map, and need_defer needs some explanation.
> need_defer tells the implementation to defer the reference release of
> the passed element and ensure that the element is still alive before
> the bpf program, which may manipulate it, exits.
>
> The following three cases will invoke map_fd_put_ptr() and different
> need_defer values will be passed to these callers:
>
> 1) release the reference of the old element in the map during map update
>    or map deletion. The release must be deferred, otherwise the bpf
>    program may incur use-after-free problem, so need_defer needs to be
>    true.
> 2) release the reference of the to-be-added element in the error path of
>    map update. The to-be-added element is not visible to any bpf
>    program, so it is OK to pass false for need_defer parameter.
> 3) release the references of all elements in the map during map release.
>    Any bpf program which has access to the map must have been exited and
>    released, so need_defer=false will be OK.
>
> These two parameters will be used by the following patches to fix the
> potential use-after-free problem for map-in-map.
>
> Signed-off-by: Hou Tao <houtao1@...wei.com>
> Link: https://lore.kernel.org/r/20231204140425.1480317-3-houtao@huaweicloud.com
> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
> Signed-off-by: Sasha Levin <sashal@...nel.org>

The patch is just a preparatory patch for fix, please drop it.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ