bpf: Disable migration when destroying sock storage

When destroying sock storage, it invokes bpf_local_storage_destroy() to
remove all storage elements saved in the sock storage. The destroy
procedure will call bpf_selem_free() to free the element, and
bpf_selem_free() calls bpf_obj_free_fields() to free the special fields
in map value (e.g., kptr). Since kptrs may be allocated from bpf memory
allocator, migrate_{disable|enable} pairs are necessary for the freeing
of these kptrs.

To simplify reasoning about when migrate_disable() is needed for the
freeing of these dynamically-allocated kptrs, let the caller to
guarantee migration is disabled before invoking bpf_obj_free_fields().
Therefore, the patch adds migrate_{disable|enable} pair in
bpf_sock_storage_free(). The migrate_{disable|enable} pairs in the
underlying implementation of bpf_obj_free_fields() will be removed by
The following patch.

Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20250108010728.207536-8-houtao@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/net/core/bpf_sk_storage.c b/net/core/bpf_sk_storage.c
index 2f4ed83a75ae6c59bebe6ab21e17d5d8e1e4febe..aa536ecd5d3909f7c9a339625714714305867a90 100644 (file)
--- a/net/core/bpf_sk_storage.c
+++ b/net/core/bpf_sk_storage.c
@@ -50,15 +50,16 @@ void bpf_sk_storage_free(struct sock *sk)
 {
        struct bpf_local_storage *sk_storage;
 
+       migrate_disable();
        rcu_read_lock();
        sk_storage = rcu_dereference(sk->sk_bpf_storage);
-       if (!sk_storage) {
-               rcu_read_unlock();
-               return;
-       }
+       if (!sk_storage)
+               goto out;
 
        bpf_local_storage_destroy(sk_storage);
+out:
        rcu_read_unlock();
+       migrate_enable();
 }
 
 static void bpf_sk_storage_map_free(struct bpf_map *map)