Message ID | 20180713151139.aiqginrahbimfsop@kili.mountain |
---|---|
State | Accepted, archived |
Delegated to: | BPF Maintainers |
Headers | show |
Series | [1/2] samples: bpf: ensure that we don't load over MAX_PROGS programs | expand |
On 13/07/18 16:11, Dan Carpenter wrote: > I can't see that we check prog_cnt to ensure it doesn't go over > MAX_PROGS. > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/samples/bpf/bpf_load.c b/samples/bpf/bpf_load.c > index 89161c9ed466..904e775d1a44 100644 > --- a/samples/bpf/bpf_load.c > +++ b/samples/bpf/bpf_load.c > @@ -107,6 +107,9 @@ static int load_and_attach(const char *event, struct bpf_insn *prog, int size) > return -1; > } > > + if (prog_cnt == MAX_PROGS) > + return -1; > + Should that be "if (prog_cnt >= MAX_PROGS)" ? > fd = bpf_load_program(prog_type, prog, insns_cnt, license, kern_version, > bpf_log_buf, BPF_LOG_BUF_SIZE); > if (fd < 0) { > -- > To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >
On Fri, Jul 13, 2018 at 04:13:30PM +0100, Colin Ian King wrote: > On 13/07/18 16:11, Dan Carpenter wrote: > > I can't see that we check prog_cnt to ensure it doesn't go over > > MAX_PROGS. > > > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > > > diff --git a/samples/bpf/bpf_load.c b/samples/bpf/bpf_load.c > > index 89161c9ed466..904e775d1a44 100644 > > --- a/samples/bpf/bpf_load.c > > +++ b/samples/bpf/bpf_load.c > > @@ -107,6 +107,9 @@ static int load_and_attach(const char *event, struct bpf_insn *prog, int size) > > return -1; > > } > > > > + if (prog_cnt == MAX_PROGS) > > + return -1; > > + > > Should that be "if (prog_cnt >= MAX_PROGS)" ? It's incremented one at a time so it can't go over. regards, dan carpenter
diff --git a/samples/bpf/bpf_load.c b/samples/bpf/bpf_load.c index 89161c9ed466..904e775d1a44 100644 --- a/samples/bpf/bpf_load.c +++ b/samples/bpf/bpf_load.c @@ -107,6 +107,9 @@ static int load_and_attach(const char *event, struct bpf_insn *prog, int size) return -1; } + if (prog_cnt == MAX_PROGS) + return -1; + fd = bpf_load_program(prog_type, prog, insns_cnt, license, kern_version, bpf_log_buf, BPF_LOG_BUF_SIZE); if (fd < 0) {
I can't see that we check prog_cnt to ensure it doesn't go over MAX_PROGS. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>