[RFC PATCH bpf-next] bpf: Check percpu map value size first
From: Tao Chen
Date: Thu Sep 05 2024 - 13:14:25 EST
Percpu map is often used, but the map value size limit often ignored,
like issue: https://github.com/iovisor/bcc/issues/2519. Actually,
percpu map value size is bound by PCPU_MIN_UNIT_SZIE, so we
can check the value size whether it exceeds PCPU_MIN_UNIT_SZIE first,
like percpu map of local_storage. Maybe the error message seems clearer
compared with "cannot allocate memory".
the test case we create a percpu map with large value like:
struct test_t {
int a[100000];
};
struct {
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
__uint(max_entries, 1);
__type(key, u32);
__type(value, struct test_t);
} start SEC(".maps");
test on ubuntu24.04 vm:
libbpf: Error in bpf_create_map_xattr(start):Argument list too long(-7).
Retrying without BTF.
Signed-off-by: Tao Chen <chen.dylane@xxxxxxxxx>
---
kernel/bpf/arraymap.c | 3 +++
kernel/bpf/hashtab.c | 3 +++
2 files changed, 6 insertions(+)
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index a43e62e2a8bb..7c3c32f156ff 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -73,6 +73,9 @@ int array_map_alloc_check(union bpf_attr *attr)
/* avoid overflow on round_up(map->value_size) */
if (attr->value_size > INT_MAX)
return -E2BIG;
+ /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */
+ if (percpu && attr->value_size > PCPU_MIN_UNIT_SIZE)
+ return -E2BIG;
return 0;
}
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 45c7195b65ba..16d590fe1ffb 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -462,6 +462,9 @@ static int htab_map_alloc_check(union bpf_attr *attr)
* kmalloc-able later in htab_map_update_elem()
*/
return -E2BIG;
+ /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */
+ if (percpu && attr->value_size > PCPU_MIN_UNIT_SIZE)
+ return -E2BIG;
return 0;
}
--
2.25.1