• Alexei Starovoitov's avatar
    bpf: fix allocation warnings in bpf maps and integer overflow · 01b3f521
    Alexei Starovoitov authored
    For large map->value_size the user space can trigger memory allocation warnings like:
    WARNING: CPU: 2 PID: 11122 at mm/page_alloc.c:2989
    __alloc_pages_nodemask+0x695/0x14e0()
    Call Trace:
     [<     inline     >] __dump_stack lib/dump_stack.c:15
     [<ffffffff82743b56>] dump_stack+0x68/0x92 lib/dump_stack.c:50
     [<ffffffff81244ec9>] warn_slowpath_common+0xd9/0x140 kernel/panic.c:460
     [<ffffffff812450f9>] warn_slowpath_null+0x29/0x30 kernel/panic.c:493
     [<     inline     >] __alloc_pages_slowpath mm/page_alloc.c:2989
     [<ffffffff81554e95>] __alloc_pages_nodemask+0x695/0x14e0 mm/page_alloc.c:3235
     [<ffffffff816188fe>] alloc_pages_current+0xee/0x340 mm/mempolicy.c:2055
     [<     inline     >] alloc_pages include/linux/gfp.h:451
     [<ffffffff81550706>] alloc_kmem_pages+0x16/0xf0 mm/page_alloc.c:3414
     [<ffffffff815a1c89>] kmalloc_order+0x19/0x60 mm/slab_common.c:1007
     [<ffffffff815a1cef>] kmalloc_order_trace+0x1f/0xa0 mm/slab_common.c:1018
     [<     inline     >] kmalloc_large include/linux/slab.h:390
     [<ffffffff81627784>] __kmalloc+0x234/0x250 mm/slub.c:3525
     [<     inline     >] kmalloc include/linux/slab.h:463
     [<     inline     >] map_update_elem kernel/bpf/syscall.c:288
     [<     inline     >] SYSC_bpf kernel/bpf/syscall.c:744
    
    To avoid never succeeding kmalloc with order >= MAX_ORDER check that
    elem->value_size and computed elem_size are within limits for both hash and
    array type maps.
    Also add __GFP_NOWARN to kmalloc(value_size | elem_size) to avoid OOM warnings.
    Note kmalloc(key_size) is highly unlikely to trigger OOM, since key_size <= 512,
    so keep those kmalloc-s as-is.
    
    Large value_size can cause integer overflows in elem_size and map.pages
    formulas, so check for that as well.
    
    Fixes: aaac3ba9 ("bpf: charge user for creation of BPF maps and programs")
    Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    01b3f521
syscall.c 16.8 KB