• John Fastabend's avatar
    bpf: sockmap, fix leaking maps with attached but not detached progs · 3d9e9526
    John Fastabend authored
    When a program is attached to a map we increment the program refcnt
    to ensure that the program is not removed while it is potentially
    being referenced from sockmap side. However, if this same program
    also references the map (this is a reasonably common pattern in
    my programs) then the verifier will also increment the maps refcnt
    from the verifier. This is to ensure the map doesn't get garbage
    collected while the program has a reference to it.
    
    So we are left in a state where the map holds the refcnt on the
    program stopping it from being removed and releasing the map refcnt.
    And vice versa the program holds a refcnt on the map stopping it
    from releasing the refcnt on the prog.
    
    All this is fine as long as users detach the program while the
    map fd is still around. But, if the user omits this detach command
    we are left with a dangling map we can no longer release.
    
    To resolve this when the map fd is released decrement the program
    references and remove any reference from the map to the program.
    This fixes the issue with possibly dangling map and creates a
    user side API constraint. That is, the map fd must be held open
    for programs to be attached to a map.
    
    Fixes: 174a79ff ("bpf: sockmap with sk redirect support")
    Signed-off-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    3d9e9526
sockmap.c 23.6 KB