From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Tao Chen <chen.dylane@gmail.com>,
Jinke Han <jinkehan@didiglobal.com>,
Andrii Nakryiko <andrii@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
Sasha Levin <sashal@kernel.org>,
ast@kernel.org, daniel@iogearbox.net, bpf@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 01/42] bpf: Check percpu map value size first
Date: Fri, 4 Oct 2024 14:26:12 -0400 [thread overview]
Message-ID: <20241004182718.3673735-1-sashal@kernel.org> (raw)
From: Tao Chen <chen.dylane@gmail.com>
[ Upstream commit 1d244784be6b01162b732a5a7d637dfc024c3203 ]
Percpu map is often used, but the map value size limit often ignored,
like issue: https://github.com/iovisor/bcc/issues/2519. Actually,
percpu map value size is bound by PCPU_MIN_UNIT_SIZE, so we
can check the value size whether it exceeds PCPU_MIN_UNIT_SIZE first,
like percpu map of local_storage. Maybe the error message seems clearer
compared with "cannot allocate memory".
Signed-off-by: Jinke Han <jinkehan@didiglobal.com>
Signed-off-by: Tao Chen <chen.dylane@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20240910144111.1464912-2-chen.dylane@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/arraymap.c | 3 +++
kernel/bpf/hashtab.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index c04e69f34e4d5..50b9bf57a4e3e 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -73,6 +73,9 @@ int array_map_alloc_check(union bpf_attr *attr)
/* avoid overflow on round_up(map->value_size) */
if (attr->value_size > INT_MAX)
return -E2BIG;
+ /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */
+ if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE)
+ return -E2BIG;
return 0;
}
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 0c74cc9012d5c..dae9ed02a75be 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -455,6 +455,9 @@ static int htab_map_alloc_check(union bpf_attr *attr)
* kmalloc-able later in htab_map_update_elem()
*/
return -E2BIG;
+ /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */
+ if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE)
+ return -E2BIG;
return 0;
}
--
2.43.0
next reply other threads:[~2024-10-04 18:27 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-04 18:26 Sasha Levin [this message]
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 02/42] s390/boot: Compile all files with the same march flag Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 03/42] s390/facility: Disable compile time optimization for decompressor code Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 04/42] s390/mm: Add cond_resched() to cmm_alloc/free_pages() Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 05/42] bpf, x64: Fix a jit convergence issue Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 06/42] ext4: fix i_data_sem unlock order in ext4_ind_migrate() Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 07/42] ext4: avoid use-after-free in ext4_ext_show_leaf() Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 08/42] ext4: ext4_search_dir should return a proper error Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 09/42] ext4: don't set SB_RDONLY after filesystem errors Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 10/42] ext4: nested locking for xattr inode Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 11/42] s390/cpum_sf: Remove WARN_ON_ONCE statements Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 12/42] s390/traps: Handle early warnings gracefully Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 13/42] ktest.pl: Avoid false positives with grub2 skip regex Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 14/42] RDMA/mad: Improve handling of timed out WRs of mad agent Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 15/42] PCI: Add function 0 DMA alias quirk for Glenfly Arise chip Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 16/42] RDMA/rtrs-srv: Avoid null pointer deref during path establishment Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 17/42] clk: bcm: bcm53573: fix OF node leak in init Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 18/42] PCI: Add ACS quirk for Qualcomm SA8775P Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 19/42] i2c: i801: Use a different adapter-name for IDF adapters Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 20/42] PCI: Mark Creative Labs EMU20k2 INTx masking as broken Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 21/42] RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t Sasha Levin
2024-10-04 18:26 ` Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 22/42] io_uring: check if we need to reschedule during overflow flush Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 23/42] ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 24/42] RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 25/42] riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown Sasha Levin
2024-10-04 18:26 ` Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 26/42] media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 27/42] remoteproc: imx_rproc: Use imx specific hook for find_loaded_rsc_table Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 28/42] clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 29/42] usb: chipidea: udc: enable suspend interrupt after usb reset Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 30/42] usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 31/42] comedi: ni_routing: tools: Check when the file could not be opened Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 32/42] LoongArch: Fix memleak in pci_acpi_scan_root() Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 33/42] netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 34/42] virtio_pmem: Check device status before requesting flush Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 35/42] tools/iio: Add memory allocation failure check for trigger_name Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 36/42] staging: vme_user: added bound check to geoid Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 37/42] driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 38/42] scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 39/42] scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 40/42] drm/amd/display: Check null pointer before dereferencing se Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 41/42] fbcon: Fix a NULL pointer dereference issue in fbcon_putcs Sasha Levin
2024-10-04 18:26 ` [PATCH AUTOSEL 6.1 42/42] fbdev: sisfb: Fix strbuf array overflow Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241004182718.3673735-1-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=chen.dylane@gmail.com \
--cc=daniel@iogearbox.net \
--cc=jinkehan@didiglobal.com \
--cc=jolsa@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.