Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

From: Alexei Starovoitov Date: Sun, 29 Nov 2015 16:59:35 -0800 > From: Alexei Starovoitov > > For large map->value_size the user space can trigger memory allocation > warnings like: ... > To avoid never succeeding kmalloc with order >= MAX_ORDER check that > elem->value_size and computed elem

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On Mon, Nov 30, 2015 at 11:16:46PM +0100, Daniel Borkmann wrote: > > So, when creating a sufficiently large map where map->key_size + > map->value_size > would be > MAX_BPF_STACK (but map->key_size still <= MAX_BPF_STACK), we can > only > read the map from an eBPF program, but not update it. In

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On 11/30/2015 07:13 PM, Alexei Starovoitov wrote: On Mon, Nov 30, 2015 at 03:34:35PM +0100, Daniel Borkmann wrote: diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 3f4c99e06c6b..b1e53b79c586 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -28,11 +28,17 @@ static

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On Mon, Nov 30, 2015 at 03:34:35PM +0100, Daniel Borkmann wrote: > >>diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c > >>index 3f4c99e06c6b..b1e53b79c586 100644 > >>--- a/kernel/bpf/arraymap.c > >>+++ b/kernel/bpf/arraymap.c > >>@@ -28,11 +28,17 @@ static struct bpf_map *array_map_alloc(

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On 11/30/2015 02:52 PM, Daniel Borkmann wrote: On 11/30/2015 01:59 AM, Alexei Starovoitov wrote: [...] For large map->value_size the user space can trigger memory allocation warnings like: [...] To avoid never succeeding kmalloc with order >= MAX_ORDER check that elem->value_size and compute

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On Mon, Nov 30, 2015 at 3:13 PM, Daniel Borkmann wrote: > On 11/30/2015 02:57 PM, Dmitry Vyukov wrote: > ... >> >> kamlloc produces a WARNING if you try to allocate more than it ever >> possibly can (KMALLOC_SHIFT_MAX). > > > Sure, I understand that. > > The kzalloc() in array_map_alloc() is howev

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On 11/30/2015 02:57 PM, Dmitry Vyukov wrote: ... kamlloc produces a WARNING if you try to allocate more than it ever possibly can (KMALLOC_SHIFT_MAX). Sure, I understand that. The kzalloc() in array_map_alloc() is however with __GFP_NOWARN flag already. The warning only triggers in mm if: W

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On Mon, Nov 30, 2015 at 2:52 PM, Daniel Borkmann wrote: > On 11/30/2015 01:59 AM, Alexei Starovoitov wrote: > [...] >> >> For large map->value_size the user space can trigger memory allocation >> warnings like: > > [...] > >> To avoid never succeeding kmalloc with order >= MAX_ORDER check that >>

Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

On 11/30/2015 01:59 AM, Alexei Starovoitov wrote: [...] For large map->value_size the user space can trigger memory allocation warnings like: [...] To avoid never succeeding kmalloc with order >= MAX_ORDER check that elem->value_size and computed elem_size are within limits for both hash and

[PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow

From: Alexei Starovoitov For large map->value_size the user space can trigger memory allocation warnings like: WARNING: CPU: 2 PID: 11122 at mm/page_alloc.c:2989 __alloc_pages_nodemask+0x695/0x14e0() Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x68/0x92 lib/