Re: user-controllable kmalloc size in bpf syscall

From: Alexei Starovoitov
Date: Sun Nov 29 2015 - 13:22:03 EST

Next message: Jonathan Corbet: "Re: [PATCH 1/3] Documentation: arm: update homepage URLs for Marvell Berlin SoCs"
Previous message: Pali RohÃr: "Re: [PATCH 5/5] arm: boot: store ATAGs structure into DT "/chosen/linux,atags" entry"
In reply to: Dmitry Vyukov: "user-controllable kmalloc size in bpf syscall"
Next in thread: Alexei Starovoitov: "[PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Nov 29, 2015 at 02:18:29PM +0100, Dmitry Vyukov wrote:
> ca.key_size = 1;
> ca.value_size = 0xfffffff9;
> ca.max_entries = 10;
> int fd = syscall(SYS_bpf, BPF_MAP_CREATE, &ca, sizeof(ca));
...
> ------------[ cut here ]------------
> WARNING: CPU: 2 PID: 11122 at mm/page_alloc.c:2989
> __alloc_pages_nodemask+0x695/0x14e0()

thanks for the report. That's an integer overflow :(
working on the fix.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jonathan Corbet: "Re: [PATCH 1/3] Documentation: arm: update homepage URLs for Marvell Berlin SoCs"
Previous message: Pali RohÃr: "Re: [PATCH 5/5] arm: boot: store ATAGs structure into DT "/chosen/linux,atags" entry"
In reply to: Dmitry Vyukov: "user-controllable kmalloc size in bpf syscall"
Next in thread: Alexei Starovoitov: "[PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]