bpf: Set need_defer as false when clearing fd array during map free
mainline inclusion from mainline-v6.8-rc1 commit 79d93b3c6ffd79abcd8e43345980aa1e904879c4 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I932VJ CVE: CVE-2023-52447 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=79d93b3c6ffd -------------------------------- Both map deletion operation, map release and map free operation use fd_array_map_delete_elem() to remove the element from fd array and need_defer is always true in fd_array_map_delete_elem(). For the map deletion operation and map release operation, need_defer=true is necessary, because the bpf program, which accesses the element in fd array, may still alive. However for map free operation, it is certain that the bpf program which owns the fd array has already been exited, so setting need_defer as false is appropriate for map free operation. So fix it by adding need_defer parameter to bpf_fd_array_map_clear() and adding a new helper __fd_array_map_delete_elem() to handle the map deletion, map release and map free operations correspondingly. Signed-off-by:Hou Tao <houtao1@huawei.com> Link: https://lore.kernel.org/r/20231204140425.1480317-4-houtao@huaweicloud.com Signed-off-by:
Loading
Please sign in to comment