Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 17:41:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
85749218e3
linux/net/core
History
Arthur Fabre 85749218e3 bpf: Fix out of bounds memory access in bpf_sk_storage 
bpf_sk_storage maps use multiple spin locks to reduce contention.
The number of locks to use is determined by the number of possible CPUs.
With only 1 possible CPU, bucket_log == 0, and 2^0 = 1 locks are used.

When updating elements, the correct lock is determined with hash_ptr().
Calling hash_ptr() with 0 bits is undefined behavior, as it does:

x >> (64 - bits)

Using the value results in an out of bounds memory access.
In my case, this manifested itself as a page fault when raw_spin_lock_bh()
is called later, when running the self tests:

./tools/testing/selftests/bpf/test_verifier 773 775
[   16.366342] BUG: unable to handle page fault for address: ffff8fe7a66f93f8

Force the minimum number of locks to two.

Signed-off-by: Arthur Fabre <afabre@cloudflare.com>
Fixes: 6ac99e8f23 ("bpf: Introduce bpf sk local storage")
Acked-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2019-06-15 14:37:56 -07:00
..
bpf_sk_storage.c bpf: Fix out of bounds memory access in bpf_sk_storage 2019-06-15 14:37:56 -07:00
datagram.c datagram: remove rendundant 'peeked' argument 2019-04-08 09:51:54 -07:00
datagram.h net/core: Allow the compiler to verify declaration and definition consistency 2019-03-27 13:49:44 -07:00
dev_addr_lists.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dev_ioctl.c net/core: Document all dev_ioctl() arguments 2019-03-27 13:49:43 -07:00
dev.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 09:29:14 -07:00
devlink.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
drop_monitor.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
dst_cache.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
dst.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
ethtool.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 09:29:14 -07:00
failover.c failover: allow name change on IFF_UP slave interfaces 2019-04-10 22:12:26 -07:00
fib_notifier.c
fib_rules.c Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied" 2019-06-05 17:54:46 -07:00
filter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2019-06-07 14:46:47 -07:00
flow_dissector.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
flow_offload.c flow_offload: support CVLAN match 2019-05-16 12:02:42 -07:00
gen_estimator.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
gen_stats.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
gro_cells.c gro_cells: make sure device is up in gro_cells_receive() 2019-03-10 11:07:14 -07:00
hwbm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
link_watch.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
lwt_bpf.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
lwtunnel.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
Makefile bpf: Introduce bpf sk local storage 2019-04-27 09:07:04 -07:00
neighbour.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
net_namespace.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
net-procfs.c treewide: Switch printk users from %pf and %pF to %ps and %pS, respectively 2019-04-09 14:19:06 +02:00
net-sysfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
net-sysfs.h
net-traces.c trace: events: add a few neigh tracepoints 2019-02-17 10:33:39 -08:00
netclassid_cgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
netevent.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
netpoll.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
netprio_cgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
page_pool.c page_pool: use DMA_ATTR_SKIP_CPU_SYNC for DMA mappings 2019-02-13 22:00:16 -08:00
pktgen.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-07 09:29:14 -07:00
ptp_classifier.c net/core: work around section mismatch warning for ptp_classifier 2019-04-16 20:46:17 -07:00
request_sock.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
rtnetlink.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
scm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
secure_seq.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
skbuff.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2019-06-07 14:46:47 -07:00
skmsg.c bpf: sockmap fix msg->sg.size account on ingress skb 2019-05-14 01:31:43 +02:00
sock_diag.c net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd() 2018-08-14 10:01:24 -07:00
sock_map.c bpf: skmsg, fix psock create on existing kcm/tls port 2018-10-20 00:40:45 +02:00
sock_reuseport.c net/core: Document reuseport_add_sock() bind_inany argument 2019-03-27 13:49:43 -07:00
sock.c bpf: net: Set sk_bpf_storage back to NULL for cloned sk 2019-06-12 16:38:20 +02:00
stream.c tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT 2018-12-04 21:21:18 -08:00
sysctl_net_core.c net: convert rps_needed and rfs_needed to new static branch api 2019-03-23 21:57:38 -04:00
timestamping.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
tso.c
utils.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xdp.c xdp: remove redundant variable 'headroom' 2018-09-01 01:35:53 +02:00