projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 608d2c3) | patch
bpf: fix refcnt overflow
authorAlexei Starovoitov <ast@fb.com>
Thu, 28 Apr 2016 01:56:20 +0000 (18:56 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 19 May 2016 00:06:37 +0000 (17:06 -0700)
commit3899251bdb9c2b31fc73d4cc132f52d3710101de
tree562d98c4a10b26a5de4646b90d4917bcd4c04c48tree | snapshot
parent608d2c3c7a046c222cae2e857cf648a9f89e772bcommit | diff
bpf: fix refcnt overflow

[ Upstream commit 92117d8443bc5afacc8d5ba82e541946310f106e ]

On a system with >32Gbyte of phyiscal memory and infinite RLIMIT_MEMLOCK,
the malicious application may overflow 32-bit bpf program refcnt.
It's also possible to overflow map refcnt on 1Tb system.
Impose 32k hard limit which means that the same bpf program or
map cannot be shared by more than 32k processes.

Fixes: 1be7f75d1668 ("bpf: enable non-root eBPF programs")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
include/linux/bpf.h diff | blob | history
kernel/bpf/inode.c diff | blob | history
kernel/bpf/syscall.c diff | blob | history
kernel/bpf/verifier.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.