summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoman Gushchin <guro@fb.com>2018-10-02 02:41:53 +0000
committerDaniel Borkmann <daniel@iogearbox.net>2018-10-02 14:42:23 +0200
commitb0584ea66d73919cbf5878a3420a837f06ab8396 (patch)
treefebb516019d892aa68bae7634ab7394419be85ab
parent4288ea006c73e37c2a4f60dfaef20dd167b8df31 (diff)
downloadlinux-stable-b0584ea66d73919cbf5878a3420a837f06ab8396.tar.gz
linux-stable-b0584ea66d73919cbf5878a3420a837f06ab8396.tar.bz2
linux-stable-b0584ea66d73919cbf5878a3420a837f06ab8396.zip
bpf: don't accept cgroup local storage with zero value size
Explicitly forbid creating cgroup local storage maps with zero value size, as it makes no sense and might even cause a panic. Reported-by: syzbot+18628320d3b14a5c459c@syzkaller.appspotmail.com Signed-off-by: Roman Gushchin <guro@fb.com> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-rw-r--r--kernel/bpf/local_storage.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c
index 94126cbffc88..830d7f095748 100644
--- a/kernel/bpf/local_storage.c
+++ b/kernel/bpf/local_storage.c
@@ -195,6 +195,9 @@ static struct bpf_map *cgroup_storage_map_alloc(union bpf_attr *attr)
if (attr->key_size != sizeof(struct bpf_cgroup_storage_key))
return ERR_PTR(-EINVAL);
+ if (attr->value_size == 0)
+ return ERR_PTR(-EINVAL);
+
if (attr->value_size > PAGE_SIZE)
return ERR_PTR(-E2BIG);