Re: [PATCH] bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc

From: Lorenz Bauer
Date: Tue Jan 26 2021 - 06:27:59 EST

Next message: Claudiu Beznea: "[PATCH v2 6/7] dt-bindings: atmel-sysreg: add "microchip,sama7g5-chipid""
Previous message: Peter Zijlstra: "Re: [PATCH v2 5/7] rbtree, uprobes: Use rbtree helpers"
In reply to: Bui Quang Minh: "[PATCH] bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc"
Next in thread: Bui Quang Minh: "Re: [PATCH] bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 26 Jan 2021 at 08:26, Bui Quang Minh <minhquangbui99@xxxxxxxxx> wrote:
>
> In 32-bit architecture, the result of sizeof() is a 32-bit integer so
> the expression becomes the multiplication between 2 32-bit integer which
> can potentially leads to integer overflow. As a result,
> bpf_map_area_alloc() allocates less memory than needed.
>
> Fix this by casting 1 operand to u64.

Some quick thoughts:
* Should this have a Fixes tag?
* Seems like there are quite a few similar calls scattered around
(cpumap, etc.). Did you audit these as well?
* I'd prefer a calloc style version of bpf_map_area_alloc although
that might conflict with Fixes tag.

Lorenz

--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK

www.cloudflare.com

Next message: Claudiu Beznea: "[PATCH v2 6/7] dt-bindings: atmel-sysreg: add "microchip,sama7g5-chipid""
Previous message: Peter Zijlstra: "Re: [PATCH v2 5/7] rbtree, uprobes: Use rbtree helpers"
In reply to: Bui Quang Minh: "[PATCH] bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc"
Next in thread: Bui Quang Minh: "Re: [PATCH] bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]