diff options
author | Roman Gushchin <guro@fb.com> | 2018-10-02 02:41:53 +0000 |
---|---|---|
committer | Daniel Borkmann <daniel@iogearbox.net> | 2018-10-02 14:42:23 +0200 |
commit | b0584ea66d73919cbf5878a3420a837f06ab8396 (patch) | |
tree | febb516019d892aa68bae7634ab7394419be85ab | |
parent | 4288ea006c73e37c2a4f60dfaef20dd167b8df31 (diff) | |
download | linux-stable-b0584ea66d73919cbf5878a3420a837f06ab8396.tar.gz linux-stable-b0584ea66d73919cbf5878a3420a837f06ab8396.tar.bz2 linux-stable-b0584ea66d73919cbf5878a3420a837f06ab8396.zip |
bpf: don't accept cgroup local storage with zero value size
Explicitly forbid creating cgroup local storage maps with zero value
size, as it makes no sense and might even cause a panic.
Reported-by: syzbot+18628320d3b14a5c459c@syzkaller.appspotmail.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-rw-r--r-- | kernel/bpf/local_storage.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c index 94126cbffc88..830d7f095748 100644 --- a/kernel/bpf/local_storage.c +++ b/kernel/bpf/local_storage.c @@ -195,6 +195,9 @@ static struct bpf_map *cgroup_storage_map_alloc(union bpf_attr *attr) if (attr->key_size != sizeof(struct bpf_cgroup_storage_key)) return ERR_PTR(-EINVAL); + if (attr->value_size == 0) + return ERR_PTR(-EINVAL); + if (attr->value_size > PAGE_SIZE) return ERR_PTR(-E2BIG); |