bpf: Consider non-owning refs to refcounted nodes RCU protected
authorDave Marchevsky <davemarchevsky@fb.com>
Mon, 21 Aug 2023 19:33:09 +0000 (12:33 -0700)
committerAlexei Starovoitov <ast@kernel.org>
Fri, 25 Aug 2023 16:23:16 +0000 (09:23 -0700)
commit0816b8c6bf7fc87cec4273dc199e8f0764b9e7b1
tree1bdb64aaeb54516f7cced49453b9737921093546
parentba2464c86f182c6fdb69fe2f77a3d04c19a72357
bpf: Consider non-owning refs to refcounted nodes RCU protected

An earlier patch in the series ensures that the underlying memory of
nodes with bpf_refcount - which can have multiple owners - is not reused
until RCU grace period has elapsed. This prevents
use-after-free with non-owning references that may point to
recently-freed memory. While RCU read lock is held, it's safe to
dereference such a non-owning ref, as by definition RCU GP couldn't have
elapsed and therefore underlying memory couldn't have been reused.

From the perspective of verifier "trustedness" non-owning refs to
refcounted nodes are now trusted only in RCU CS and therefore should no
longer pass is_trusted_reg, but rather is_rcu_reg. Let's mark them
MEM_RCU in order to reflect this new state.

Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Link: https://lore.kernel.org/r/20230821193311.3290257-6-davemarchevsky@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
include/linux/bpf.h
kernel/bpf/verifier.c