Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 31 Jul 2019 21:11:10 +0200
From: Mickaël Salaün <>
To: Alexei Starovoitov <>
CC: Mickaël Salaün <>, LKML
	<>, Alexander Viro <>,
	Alexei Starovoitov <>, Andrew Morton
	<>, Andy Lutomirski <>, Arnaldo
 Carvalho de Melo <>, Casey Schaufler <>,
	Daniel Borkmann <>, David Drysdale <>,
	"David S . Miller" <>, "Eric W . Biederman"
	<>, James Morris <>, Jann Horn
	<>, John Johansen <>, Jonathan
 Corbet <>, Kees Cook <>, Michael Kerrisk
	<>, Paul Moore <>, Sargun Dhillon
	<>, "Serge E . Hallyn" <>, Shuah Khan
	<>, Stephen Smalley <>, Tejun Heo
	<>, Tetsuo Handa <>, Thomas
 Graf <>, Tycho Andersen <>, Will Drewry
	<>, Kernel Hardening <>,
	Linux API <>, Linux-Fsdevel
	<>, LSM List
	<>, Network Development
Subject: Re: [PATCH bpf-next v10 06/10] bpf,landlock: Add a new map type:

On 31/07/2019 20:58, Alexei Starovoitov wrote:
> On Wed, Jul 31, 2019 at 11:46 AM Mickaël Salaün
> <> wrote:
>>>> +    for (i = 0; i < htab->n_buckets; i++) {
>>>> +            head = select_bucket(htab, i);
>>>> +            hlist_nulls_for_each_entry_safe(l, n, head, hash_node) {
>>>> +                    landlock_inode_remove_map(*((struct inode **)l->key), map);
>>>> +            }
>>>> +    }
>>>> +    htab_map_free(map);
>>>> +}
>>> user space can delete the map.
>>> that will trigger inode_htab_map_free() which will call
>>> landlock_inode_remove_map().
>>> which will simply itereate the list and delete from the list.
>> landlock_inode_remove_map() removes the reference to the map (being
>> freed) from the inode (with an RCU lock).
> I'm going to ignore everything else for now and focus only on this bit,
> since it's fundamental issue to address before this discussion can
> go any further.
> rcu_lock is not a spin_lock. I'm pretty sure you know this.
> But you're arguing that it's somehow protecting from the race
> I mentioned above?

I was just clarifying your comment to avoid misunderstanding about what
is being removed.

As said in the full response, there is currently a race but, if I add a
bpf_map_inc() call when the map is referenced by inode->security, then I
don't see how a race could occur because such added map could only be
freed in a security_inode_free() (as long as it retains a reference to
this inode).

Mickaël Salaün

Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d’exécution d’une relation professionnelle et s’opèrent dans cette seule finalité et pour la durée nécessaire à cette relation. Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter Si vous avez reçu ce message par erreur, nous vous remercions d’en informer l’expéditeur et de détruire le message. The personal data collected and processed during this exchange aims solely at completing a business relationship and is limited to the necessary duration of that relationship. If you wish to use your rights of consultation, rectification and deletion of your data, please contact: If you have received this message in error, we thank you for informing the sender and destroying the message.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.