diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-12-14 03:23:01 (GMT) |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-12-14 03:23:01 (GMT) |
commit | 93c222c0e126c1c24ac454acf013f2c85e57bd8b (patch) | |
tree | 920c429de92857aaf74e64a0f4f9fbaec7032fcf /kernel/bpf/arraymap.c | |
parent | f89c2b39ce676cb08b6ed8848cde76dcb21cc672 (diff) | |
parent | 9f9499ae8e6415cefc4fe0a96ad0e27864353c89 (diff) | |
download | linux-93c222c0e126c1c24ac454acf013f2c85e57bd8b.tar.xz |
Merge 4.4-rc5 into staging-next
We want those fixes in here for testing.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'kernel/bpf/arraymap.c')
-rw-r--r-- | kernel/bpf/arraymap.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 3f4c99e..b0799bc 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -28,11 +28,17 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) attr->value_size == 0) return ERR_PTR(-EINVAL); + if (attr->value_size >= 1 << (KMALLOC_SHIFT_MAX - 1)) + /* if value_size is bigger, the user space won't be able to + * access the elements. + */ + return ERR_PTR(-E2BIG); + elem_size = round_up(attr->value_size, 8); /* check round_up into zero and u32 overflow */ if (elem_size == 0 || - attr->max_entries > (U32_MAX - sizeof(*array)) / elem_size) + attr->max_entries > (U32_MAX - PAGE_SIZE - sizeof(*array)) / elem_size) return ERR_PTR(-ENOMEM); array_size = sizeof(*array) + attr->max_entries * elem_size; @@ -105,7 +111,7 @@ static int array_map_update_elem(struct bpf_map *map, void *key, void *value, /* all elements already exist */ return -EEXIST; - memcpy(array->value + array->elem_size * index, value, array->elem_size); + memcpy(array->value + array->elem_size * index, value, map->value_size); return 0; } |