[PATCH bpf-next] bpftool: Check map name length when map create

From: Rong Tao
Date: Tue Feb 11 2025 - 03:51:01 EST


From: Rong Tao <rongtao@xxxxxxxx>

The size of struct bpf_map::name is BPF_OBJ_NAME_LEN (16).

bpf(2) {
map_create() {
bpf_obj_name_cpy(map->name, attr->map_name, sizeof(attr->map_name));
}
}

When specifying a map name using bpftool map create name, no error is
reported if the name length is greater than 15.

$ sudo bpftool map create /sys/fs/bpf/12345678901234567890 \
type array key 4 value 4 entries 5 name 12345678901234567890

Users will think that 12345678901234567890 is legal, but this name cannot
be used to index a map.

$ sudo bpftool map show name 12345678901234567890
Error: can't parse name

$ sudo bpftool map show
...
1249: array name 123456789012345 flags 0x0
key 4B value 4B max_entries 5 memlock 304B

$ sudo bpftool map show name 123456789012345
1249: array name 123456789012345 flags 0x0
key 4B value 4B max_entries 5 memlock 304B

The map name provided in the command line is truncated, but no error is
reported. This submission checks the length of the map name.

Signed-off-by: Rong Tao <rongtao@xxxxxxxx>
---
tools/bpf/bpftool/map.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/tools/bpf/bpftool/map.c b/tools/bpf/bpftool/map.c
index ed4a9bd82931..fa00f7865065 100644
--- a/tools/bpf/bpftool/map.c
+++ b/tools/bpf/bpftool/map.c
@@ -1330,6 +1330,12 @@ static int do_create(int argc, char **argv)
goto exit;
}

+ if (strlen(map_name) > BPF_OBJ_NAME_LEN - 1) {
+ p_err("The map name is too long, should be less than %d\n",
+ BPF_OBJ_NAME_LEN - 1);
+ goto exit;
+ }
+
set_max_rlimit();

fd = bpf_map_create(map_type, map_name, key_size, value_size, max_entries, &attr);
--
2.48.1