linux/bpf at 393397fbdcad7396639d7077c33f86169184ba99 - linux - MyRedstone

Kernel/linux

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-16 18:08:20 +00:00

History

Hou Tao 393397fbdc bpf: Check the validity of nr_words in bpf_iter_bits_new()

Check the validity of nr_words in bpf_iter_bits_new(). Without this
check, when multiplication overflow occurs for nr_bits (e.g., when
nr_words = 0x0400-0001, nr_bits becomes 64), stack corruption may occur
due to bpf_probe_read_kernel_common(..., nr_bytes = 0x2000-0008).

Fix it by limiting the maximum value of nr_words to 511. The value is
derived from the current implementation of BPF memory allocator. To
ensure compatibility if the BPF memory allocator's size limitation
changes in the future, use the helper bpf_mem_alloc_check_size() to
check whether nr_bytes is too larger. And return -E2BIG instead of
-ENOMEM for oversized nr_bytes.

Fixes: 4665415975b0 ("bpf: Add bits iterator")
Signed-off-by: Hou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20241030100516.3633640-4-houtao@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

2024-10-30 12:13:46 -07:00

..

bpf: make preloaded map iterators to display map elements count

2023-07-06 12:42:25 -07:00

arena.c

bpf: Fix remap of arena.

2024-06-18 17:19:46 +02:00

arraymap.c

bpf: Check percpu map value size first

2024-09-11 13:22:37 -07:00

bloom_filter.c

bpf: Check bloom filter map value size

2024-03-27 09:56:17 -07:00

bpf_cgrp_storage.c

bpf: Enable bpf_cgrp_storage for cgroup1 non-attach case

2023-12-08 17:08:18 -08:00

bpf_inode_storage.c

bpf: switch fdget_raw() uses to CLASS(fd_raw, ...)

2024-08-13 15:58:10 -07:00

bpf_iter.c

[tree-wide] finally take no_llseek out

2024-09-27 08:18:43 -07:00

bpf_local_storage.c

bpf: fix order of args in call to bpf_map_kvcalloc

2024-07-10 15:31:19 -07:00

bpf_lru_list.c

bpf: Address KCSAN report on bpf_lru_list

2023-05-12 12:01:03 -07:00

bpf_lru_list.h

bpf: lru: Remove unused declaration bpf_lru_promote()

2023-08-08 17:21:42 -07:00

bpf_lsm.c

bpf, lsm: Remove bpf_lsm_key_free hook

2024-10-08 12:52:40 -07:00

bpf_struct_ops.c

bpf: Check unsupported ops from the bpf_struct_ops's cfi_stubs

2024-07-29 12:54:13 -07:00

bpf_task_storage.c

bpf: Teach verifier that certain helpers accept NULL pointer.

2023-04-04 16:57:16 -07:00

btf_iter.c

bpf: Remove custom build rule

2024-08-30 08:55:26 -07:00

btf_relocate.c

bpf: Remove custom build rule

2024-08-30 08:55:26 -07:00

btf.c

bpf: Check the remaining info_cnt before repeating btf fields

2024-10-09 16:32:46 -07:00

cgroup_iter.c

bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg

2023-11-07 15:24:25 -08:00

cgroup.c

bpf: Allow bpf_current_task_under_cgroup() with BPF_CGROUP_*

2024-08-19 15:25:30 -07:00

core.c

move asm/unaligned.h to linux/unaligned.h

2024-10-02 17:23:23 -04:00

cpumap.c

bpf, cpumap: Move xdp:xdp_cpumap_kthread tracepoint before rcv

2024-09-11 16:32:11 +02:00

cpumask.c

bpf: Allow invoking kfuncs from BPF_PROG_TYPE_SYSCALL progs

2024-04-05 10:56:09 -07:00

crypto.c

bpf: crypto: make state and IV dynptr nullable

2024-06-13 16:33:04 -07:00

devmap.c

bpf: devmap: provide rxq after redirect

2024-10-02 13:48:26 -07:00

disasm.c

bpf: add special internal-only MOV instruction to resolve per-CPU addrs

2024-04-03 10:29:55 -07:00

disasm.h

bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause

2021-09-02 14:49:23 +02:00

dispatcher.c

bpf: Use arch_bpf_trampoline_size

2023-12-06 17:17:20 -08:00

hashtab.c

bpf: Check percpu map value size first

2024-09-11 13:22:37 -07:00

helpers.c

bpf: Check the validity of nr_words in bpf_iter_bits_new()

2024-10-30 12:13:46 -07:00

inode.c

bpf: Preserve param->string when parsing mount options

2024-10-22 12:56:38 -07:00

Kconfig

bpf: remove CONFIG_BPF_JIT dependency on CONFIG_MODULES of

2024-05-14 00:36:29 -07:00

link_iter.c

bpf: Add bpf_link iterator

2022-05-10 11:20:45 -07:00

local_storage.c

bpf: Replace 8 seq_puts() calls by seq_putc() calls

2024-07-29 12:53:00 -07:00

log.c

bpf: Fix print_reg_state's constant scalar dump

2024-10-17 11:06:34 -07:00

lpm_trie.c

bpf: Fix out-of-bounds write in trie_get_next_key()

2024-10-29 13:41:40 -07:00

Makefile

bpf: Remove custom build rule

2024-08-30 08:55:26 -07:00

map_in_map.c

bpf: switch maps to CLASS(fd, ...)

2024-08-13 15:58:17 -07:00

map_in_map.h

bpf: Add map and need_defer parameters to .map_fd_put_ptr()

2023-12-04 17:50:26 -08:00

map_iter.c

bpf: treewide: Annotate BPF kfuncs in BTF

2024-01-31 20:40:56 -08:00

memalloc.c

bpf: Add bpf_mem_alloc_check_size() helper

2024-10-30 12:13:46 -07:00

mmap_unlock_work.h

bpf: Introduce helper bpf_find_vma

2021-11-07 11:54:51 -08:00

mprog.c

bpf: Handle bpf_mprog_query with NULL entry

2023-10-06 17:11:20 -07:00

net_namespace.c

net: Add includes masked by netdevice.h including uapi/bpf.h

2021-12-29 20:03:05 -08:00

offload.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

2023-09-21 21:49:45 +02:00

percpu_freelist.c

bpf: Initialize same number of free nodes for each pcpu_freelist

2022-11-11 12:05:14 -08:00

percpu_freelist.h

bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI

2020-10-06 00:04:11 +02:00

prog_iter.c

bpf: Refactor bpf_iter_reg to have separate seq_info member

2020-07-25 20:16:32 -07:00

queue_stack_maps.c

bpf: Avoid deadlock when using queue and stack maps from NMI

2023-09-11 19:04:49 -07:00

relo_core.c

bpf: Remove custom build rule

2024-08-30 08:55:26 -07:00

reuseport_array.c

bpf: Use sockfd_put() helper

2024-08-30 08:57:47 -07:00

ringbuf.c

bpf: Add MEM_WRITE attribute

2024-10-22 15:42:56 -07:00

stackmap.c

bpf: wire up sleepable bpf_get_stack() and bpf_get_task_stack() helpers

2024-09-11 09:58:31 -07:00

syscall.c

bpf: Check validity of link->type in bpf_link_show_fdinfo()

2024-10-24 10:17:12 -07:00

sysfs_btf.c

btf: Avoid weak external references

2024-04-16 16:35:13 +02:00

task_iter.c

bpf: Fix iter/task tid filtering

2024-10-17 10:52:18 -07:00

tcx.c

bpf, tcx: Get rid of tcx_link_const

2023-10-23 15:01:53 -07:00

tnum.c

bpf: simplify tnum output if a fully known constant

2023-12-02 11:36:51 -08:00

token.c

bpf: convert bpf_token_create() to CLASS(fd, ...)

2024-09-12 18:58:02 -07:00

trampoline.c

Networking changes for 6.10.

2024-05-14 19:42:24 -07:00

verifier.c

bpf: disallow 40-bytes extra stack for bpf_fastcall patterns

2024-10-29 19:43:16 -07:00