[PATCH v2 bpf-next 3/4] bpf: Add recursion prevention logic for inode storage
Martin KaFai Lau
martin.lau at linux.dev
Tue Nov 12 23:26:43 UTC 2024
On 11/12/24 12:36 AM, Song Liu wrote:
> +static void *__bpf_inode_storage_get(struct bpf_map *map, struct inode *inode,
> + void *value, u64 flags, gfp_t gfp_flags, bool nobusy)
> {
> struct bpf_local_storage_data *sdata;
>
> - WARN_ON_ONCE(!bpf_rcu_lock_held());
> - if (flags & ~(BPF_LOCAL_STORAGE_GET_F_CREATE))
> - return (unsigned long)NULL;
> -
> + /* explicitly check that the inode not NULL */
> if (!inode)
> - return (unsigned long)NULL;
> + return NULL;
>
> sdata = inode_storage_lookup(inode, map, true);
s/true/nobusy/
> if (sdata)
> - return (unsigned long)sdata->data;
> + return sdata->data;
>
> - /* This helper must only called from where the inode is guaranteed
> - * to have a refcount and cannot be freed.
> - */
> - if (flags & BPF_LOCAL_STORAGE_GET_F_CREATE) {
> + /* only allocate new storage, when the inode is refcounted */
> + if (atomic_read(&inode->i_count) &&
> + flags & BPF_LOCAL_STORAGE_GET_F_CREATE) {
(flags & BPF_LOCAL_STORAGE_GET_F_CREATE) && nobusy) {
> sdata = bpf_local_storage_update(
> inode, (struct bpf_local_storage_map *)map, value,
> BPF_NOEXIST, false, gfp_flags);
> - return IS_ERR(sdata) ? (unsigned long)NULL :
> - (unsigned long)sdata->data;
> + return IS_ERR(sdata) ? NULL : sdata->data;
> }
>
> - return (unsigned long)NULL;
> + return NULL;
> +}
More information about the Linux-security-module-archive
mailing list