| Message ID | 20221028183405.59554-1-dev@der-flo.net (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | e39e739ab57399f46167d453bbdb8ef8d57c6488 |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf-next,v2] bpf: check max_entries before allocating memory | expand |
Hello: This patch was applied to bpf/bpf-next.git (master) by Martin KaFai Lau <martin.lau@kernel.org>: On Fri, 28 Oct 2022 20:34:05 +0200 you wrote: > For maps of type BPF_MAP_TYPE_CPUMAP memory is allocated first before > checking the max_entries argument. If then max_entries is greater than > NR_CPUS additional work needs to be done to free allocated memory before > an error is returned. > This changes moves the check on max_entries before the allocation > happens. > > [...] Here is the summary with links: - [bpf-next,v2] bpf: check max_entries before allocating memory https://git.kernel.org/bpf/bpf-next/c/e39e739ab573 You are awesome, thank you!
Florian Lehner wrote: > For maps of type BPF_MAP_TYPE_CPUMAP memory is allocated first before > checking the max_entries argument. If then max_entries is greater than > NR_CPUS additional work needs to be done to free allocated memory before > an error is returned. > This changes moves the check on max_entries before the allocation > happens. > > Signed-off-by: Florian Lehner <dev@der-flo.net> > --- LGTM. Acked-by: John Fastabend <john.fastabend@gmail.com>
diff --git a/kernel/bpf/cpumap.c b/kernel/bpf/cpumap.c index b5ba34ddd4b6..bb03fdba73bb 100644 --- a/kernel/bpf/cpumap.c +++ b/kernel/bpf/cpumap.c @@ -85,7 +85,6 @@ static struct bpf_map *cpu_map_alloc(union bpf_attr *attr) { u32 value_size = attr->value_size; struct bpf_cpu_map *cmap; - int err = -ENOMEM; if (!bpf_capable()) return ERR_PTR(-EPERM); @@ -97,29 +96,26 @@ static struct bpf_map *cpu_map_alloc(union bpf_attr *attr) attr->map_flags & ~BPF_F_NUMA_NODE) return ERR_PTR(-EINVAL); + /* Pre-limit array size based on NR_CPUS, not final CPU check */ + if (attr->max_entries > NR_CPUS) + return ERR_PTR(-E2BIG); + cmap = bpf_map_area_alloc(sizeof(*cmap), NUMA_NO_NODE); if (!cmap) return ERR_PTR(-ENOMEM); bpf_map_init_from_attr(&cmap->map, attr); - /* Pre-limit array size based on NR_CPUS, not final CPU check */ - if (cmap->map.max_entries > NR_CPUS) { - err = -E2BIG; - goto free_cmap; - } - /* Alloc array for possible remote "destination" CPUs */ cmap->cpu_map = bpf_map_area_alloc(cmap->map.max_entries * sizeof(struct bpf_cpu_map_entry *), cmap->map.numa_node); - if (!cmap->cpu_map) - goto free_cmap; + if (!cmap->cpu_map) { + bpf_map_area_free(cmap); + return ERR_PTR(-ENOMEM); + } return &cmap->map; -free_cmap: - bpf_map_area_free(cmap); - return ERR_PTR(err); } static void get_cpu_map_entry(struct bpf_cpu_map_entry *rcpu)
For maps of type BPF_MAP_TYPE_CPUMAP memory is allocated first before checking the max_entries argument. If then max_entries is greater than NR_CPUS additional work needs to be done to free allocated memory before an error is returned. This changes moves the check on max_entries before the allocation happens. Signed-off-by: Florian Lehner <dev@der-flo.net> --- kernel/bpf/cpumap.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-)