Re: [PATCH net-next] bpf: fix arraymap NULL deref and missing overflow and zero size checks

[David Miller]

From: Alexei Starovoitov <ast@xxxxxxxxxxxx>
Date: Tue, 18 Nov 2014 17:32:16 -0800

> - fix NULL pointer dereference:
> kernel/bpf/arraymap.c:41 array_map_alloc() error: potential null dereference 'array'.  (kzalloc returns null)
> kernel/bpf/arraymap.c:41 array_map_alloc() error: we previously assumed 'array' could be null (see line 40)
> 
> - integer overflow check was missing in arraymap
> (hashmap checks for overflow via kmalloc_array())
> 
> - arraymap can round_up(value_size, 8) to zero. check was missing.
> 
> - hashmap was missing zero size check as well, since roundup_pow_of_two() can
> truncate into zero
> 
> - found a typo in the arraymap comment and unnecessary empty line
> 
> Fix all of these issues and make both overflow checks explicit U32 in size.
> 
> Reported-by: kbuild test robot <fengguang.wu@xxxxxxxxx>
> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
> ---
> This silly NULL deref bug and missing overflow check was an oversight when
> I refactored the code from two allocations (kmalloc for struct bpf_array and
> kcalloc for array of elements) in the first implementation of arraymap
> into one allocation which is this code.

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/