lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <8195c890-d862-4427-9a5c-e59cf11009e3@gmail.com>
Date: Fri, 6 Sep 2024 23:44:57 +0800
From: Tao Chen <chen.dylane@...il.com>
To: Hou Tao <houtao@...weicloud.com>
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
 Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
 Andrii Nakryiko <andrii@...nel.org>, Eduard Zingerman <eddyz87@...il.com>,
 Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>,
 John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
 Stanislav Fomichev <sdf@...ichev.me>
Subject: Re: [RFC PATCH bpf-next] bpf: Check percpu map value size first

在 2024/9/6 11:20, Hou Tao 写道:
> Hi,
> 
> On 9/6/2024 1:14 AM, Tao Chen wrote:
>> Percpu map is often used, but the map value size limit often ignored,
>> like issue: https://github.com/iovisor/bcc/issues/2519. Actually,
>> percpu map value size is bound by PCPU_MIN_UNIT_SZIE, so we
> 
> s/SZIE/SIZE

Hi Hou, thank you for your reply!
My bad, i will fix it in v2.

>> can check the value size whether it exceeds PCPU_MIN_UNIT_SZIE first,
> 
> The same typo here.
>> like percpu map of local_storage. Maybe the error message seems clearer
>> compared with "cannot allocate memory".
>>
>> the test case we create a percpu map with large value like:
>> struct test_t {
>>          int a[100000];
>> };
>> struct {
>>          __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
>>          __uint(max_entries, 1);
>>          __type(key, u32);
>>          __type(value, struct test_t);
>> } start SEC(".maps");
>>
>> test on ubuntu24.04 vm:
>> libbpf: Error in bpf_create_map_xattr(start):Argument list too long(-7).
>> Retrying without BTF.
> 
> Could you please convert it into a separated bpf selftest patch ?

No problem, i will add test case in v2.

>>
>> Signed-off-by: Tao Chen <chen.dylane@...il.com>
>> ---
>>   kernel/bpf/arraymap.c | 3 +++
>>   kernel/bpf/hashtab.c  | 3 +++
>>   2 files changed, 6 insertions(+)
>>
>> diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
>> index a43e62e2a8bb..7c3c32f156ff 100644
>> --- a/kernel/bpf/arraymap.c
>> +++ b/kernel/bpf/arraymap.c
>> @@ -73,6 +73,9 @@ int array_map_alloc_check(union bpf_attr *attr)
>>   	/* avoid overflow on round_up(map->value_size) */
>>   	if (attr->value_size > INT_MAX)
>>   		return -E2BIG;
>> +	/* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */
>> +	if (percpu && attr->value_size > PCPU_MIN_UNIT_SIZE)
>> +		return -E2BIG;
>>   
>>   	return 0;
>>   }
> 
> Make sense. However because the map passes round_up(attr->value_size, 8)

Yeah, you are right, it seems better, i will add it in v2.

> to bpf_map_alloc_percpu(). Is it more reasonable to check
> round_up(value_size) > PCPU_MIN_UNIT_SIZE instead ?
>> diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
>> index 45c7195b65ba..16d590fe1ffb 100644
>> --- a/kernel/bpf/hashtab.c
>> +++ b/kernel/bpf/hashtab.c
>> @@ -462,6 +462,9 @@ static int htab_map_alloc_check(union bpf_attr *attr)
>>   		 * kmalloc-able later in htab_map_update_elem()
>>   		 */
>>   		return -E2BIG;
>> +	/* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */
>> +	if (percpu && attr->value_size > PCPU_MIN_UNIT_SIZE)
>> +		return -E2BIG;
>>   
> 
> The percpu allocation logic is the same as the array map:
> round_up(value_size, 8) is used.

ok.

>>   	return 0;
>>   }
> 


-- 
Best Regards
Dylane Chen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ