bpf: Disable migration when cloning sock storage

bpf_sk_storage_clone() will call bpf_selem_free() to free the clone
element when the allocation of new sock storage fails. bpf_selem_free()
will call check_and_free_fields() to free the special fields in the
element. Since the allocated element is not visible to bpf syscall or
bpf program when bpf_local_storage_alloc() fails, these special fields
in the element must be all zero when invoking bpf_selem_free().

To be uniform with other callers of bpf_selem_free(), disabling
migration when cloning sock storage. Adding migrate_{disable|enable}
pair also benefits the potential switching from kzalloc to bpf memory
allocator for sock storage.

Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20250108010728.207536-9-houtao@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c
index aa536ecd5d3909f7c9a339625714714305867a90..7d41cde1bcca625ac7d49b7923833f70c4aa2cd6 100644 (file)
--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -161,6 +161,7 @@ int bpf_sk_storage_clone(const struct sock *sk, struct sock *newsk)
 
        RCU_INIT_POINTER(newsk->sk_bpf_storage, NULL);
 
+       migrate_disable();
        rcu_read_lock();
        sk_storage = rcu_dereference(sk->sk_bpf_storage);
 
@@ -213,6 +214,7 @@ int bpf_sk_storage_clone(const struct sock *sk, struct sock *newsk)
 
 out:
        rcu_read_unlock();
+       migrate_enable();
 
        /* In case of an error, don't free anything explicitly here, the
         * caller is responsible to call bpf_sk_storage_free.