github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
bf96382fb9
linux/kernel/bpf
History
Bui Quang Minh 445019bbca UPSTREAM: bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc 
commit 7dd5d437c2 upstream.

In 32-bit architecture, the result of sizeof() is a 32-bit integer so
the expression becomes the multiplication between 2 32-bit integer which
can potentially leads to integer overflow. As a result,
bpf_map_area_alloc() allocates less memory than needed.

Fix this by casting 1 operand to u64.

Fixes: 0d2c4f9640 ("bpf: Eliminate rlimit-based memory accounting for sockmap and sockhash maps")
Fixes: 99c51064fb ("devmap: Use bpf_map_area_alloc() for allocating hash buckets")
Fixes: 546ac1ffb7 ("bpf: add devmap, a map for storing net device references")
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20210613143440.71975-1-minhquangbui99@gmail.com
Signed-off-by: Connor O'Brien <connoro@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Change-Id: I9ce1991224a87eb39acf1da4923534e22380fc42
2022-01-26 09:16:43 +00:00
..
preload bpf: Fix umd memory leak in copy_process() 2021-03-30 14:32:03 +02:00
arraymap.c bpf: Fix potential race in tail call compatibility check 2021-11-02 19:48:21 +01:00
bpf_inode_storage.c bpf: Change inode_storage's lookup_elem return value from NULL to -EBADF 2021-03-30 14:31:56 +02:00
bpf_iter.c
bpf_local_storage.c
bpf_lru_list.c
bpf_lru_list.h
bpf_lsm.c
bpf_struct_ops_types.h
bpf_struct_ops.c This is the 5.10.71 stable release 2021-10-06 17:33:06 +02:00
btf.c bpf: Forbid trampoline attach for functions with variable arguments 2021-06-16 12:01:35 +02:00
cgroup.c
core.c This is the 5.10.80 stable release 2021-11-19 11:50:41 +01:00
cpumap.c
devmap.c UPSTREAM: bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc 2022-01-26 09:16:43 +00:00
disasm.c bpf: Introduce BPF nospec instruction for mitigating Spectre v4 2021-08-04 12:46:44 +02:00
disasm.h
dispatcher.c
hashtab.c bpf: Fix integer overflow involving bucket_size 2021-08-18 08:59:10 +02:00
helpers.c bpf: Fix potentially incorrect results with bpf_get_local_storage() 2021-09-03 10:09:31 +02:00
inode.c bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET 2021-04-14 08:42:00 +02:00
local_storage.c bpf: Fix NULL pointer dereference in bpf_get_local_storage() helper 2021-09-03 10:09:21 +02:00
lpm_trie.c
Makefile
map_in_map.c
map_in_map.h
map_iter.c
net_namespace.c
offload.c
percpu_freelist.c
percpu_freelist.h
prog_iter.c
queue_stack_maps.c
reuseport_array.c
ringbuf.c bpf: Fix false positive kmemleak report in bpf_ringbuf_area_alloc() 2021-07-19 09:44:54 +02:00
stackmap.c bpf: Fix integer overflow in prealloc_elems_and_freelist() 2021-10-13 10:04:26 +02:00
syscall.c This is the 5.10.77 stable release 2021-11-02 20:03:12 +01:00
sysfs_btf.c
task_iter.c
tnum.c
trampoline.c Revert "Revert "bpf: Fix fexit trampoline."" 2021-04-09 21:09:04 -07:00
verifier.c This is the 5.10.80 stable release 2021-11-19 11:50:41 +01:00