Commit e39e739a authored by Florian Lehner's avatar Florian Lehner Committed by Martin KaFai Lau

bpf: check max_entries before allocating memory

For maps of type BPF_MAP_TYPE_CPUMAP memory is allocated first before
checking the max_entries argument. If then max_entries is greater than
NR_CPUS additional work needs to be done to free allocated memory before
an error is returned.
This changes moves the check on max_entries before the allocation
happens.
Signed-off-by: default avatarFlorian Lehner <dev@der-flo.net>
Link: https://lore.kernel.org/r/20221028183405.59554-1-dev@der-flo.netSigned-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
parent b6d20799
...@@ -85,7 +85,6 @@ static struct bpf_map *cpu_map_alloc(union bpf_attr *attr) ...@@ -85,7 +85,6 @@ static struct bpf_map *cpu_map_alloc(union bpf_attr *attr)
{ {
u32 value_size = attr->value_size; u32 value_size = attr->value_size;
struct bpf_cpu_map *cmap; struct bpf_cpu_map *cmap;
int err = -ENOMEM;
if (!bpf_capable()) if (!bpf_capable())
return ERR_PTR(-EPERM); return ERR_PTR(-EPERM);
...@@ -97,29 +96,26 @@ static struct bpf_map *cpu_map_alloc(union bpf_attr *attr) ...@@ -97,29 +96,26 @@ static struct bpf_map *cpu_map_alloc(union bpf_attr *attr)
attr->map_flags & ~BPF_F_NUMA_NODE) attr->map_flags & ~BPF_F_NUMA_NODE)
return ERR_PTR(-EINVAL); return ERR_PTR(-EINVAL);
/* Pre-limit array size based on NR_CPUS, not final CPU check */
if (attr->max_entries > NR_CPUS)
return ERR_PTR(-E2BIG);
cmap = bpf_map_area_alloc(sizeof(*cmap), NUMA_NO_NODE); cmap = bpf_map_area_alloc(sizeof(*cmap), NUMA_NO_NODE);
if (!cmap) if (!cmap)
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
bpf_map_init_from_attr(&cmap->map, attr); bpf_map_init_from_attr(&cmap->map, attr);
/* Pre-limit array size based on NR_CPUS, not final CPU check */
if (cmap->map.max_entries > NR_CPUS) {
err = -E2BIG;
goto free_cmap;
}
/* Alloc array for possible remote "destination" CPUs */ /* Alloc array for possible remote "destination" CPUs */
cmap->cpu_map = bpf_map_area_alloc(cmap->map.max_entries * cmap->cpu_map = bpf_map_area_alloc(cmap->map.max_entries *
sizeof(struct bpf_cpu_map_entry *), sizeof(struct bpf_cpu_map_entry *),
cmap->map.numa_node); cmap->map.numa_node);
if (!cmap->cpu_map) if (!cmap->cpu_map) {
goto free_cmap; bpf_map_area_free(cmap);
return ERR_PTR(-ENOMEM);
}
return &cmap->map; return &cmap->map;
free_cmap:
bpf_map_area_free(cmap);
return ERR_PTR(err);
} }
static void get_cpu_map_entry(struct bpf_cpu_map_entry *rcpu) static void get_cpu_map_entry(struct bpf_cpu_map_entry *rcpu)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment