git.samba.org - sfrench/cifs-2.6.git/commit

author	Andrei Matei <andreimatei1@gmail.com>
	Wed, 27 Mar 2024 02:42:44 +0000 (22:42 -0400)
committer	Alexei Starovoitov <ast@kernel.org>
	Wed, 27 Mar 2024 16:56:17 +0000 (09:56 -0700)
commit	a8d89feba7e54e691ca7c4efc2a6264fa83f3687
tree	087d15f18cc99fa5355fe72cb0b91188b6c1d858	tree
parent	96b98a6552a90690d7bc18dd71b66312c9ded1fb	commit \| diff

bpf: Check bloom filter map value size

This patch adds a missing check to bloom filter creating, rejecting
values above KMALLOC_MAX_SIZE. This brings the bloom map in line with
many other map types.

The lack of this protection can cause kernel crashes for value sizes
that overflow int's. Such a crash was caught by syzkaller. The next
patch adds more guard-rails at a lower level.

Signed-off-by: Andrei Matei <andreimatei1@gmail.com>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20240327024245.318299-2-andreimatei1@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

kernel/bpf/bloom_filter.c		diff \| blob \| history
tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c		diff \| blob \| history