Song Liu 7ac6ad0511 bpf: Reject too big ctx_size_in for raw_tp test run ... syzbot reported a WARNING for allocating too big memory: WARNING: CPU: 1 PID: 8484 at mm/page_alloc.c:4976 __alloc_pages_nodemask+0x5f8/0x730 mm/page_alloc.c:5011 Modules linked in: CPU: 1 PID: 8484 Comm: syz-executor862 Not tainted 5.11.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__alloc_pages_nodemask+0x5f8/0x730 mm/page_alloc.c:4976 Code: 00 00 0c 00 0f 85 a7 00 00 00 8b 3c 24 4c 89 f2 44 89 e6 c6 44 24 70 00 48 89 6c 24 58 e8 d0 d7 ff ff 49 89 c5 e9 ea fc ff ff <0f> 0b e9 b5 fd ff ff 89 74 24 14 4c 89 4c 24 08 4c 89 74 24 18 e8 RSP: 0018:ffffc900012efb10 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 1ffff9200025df66 RCX: 0000000000000000 RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000140dc0 RBP: 0000000000140dc0 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff81b1f7e1 R11: 0000000000000000 R12: 0000000000000014 R13: 0000000000000014 R14: 0000000000000000 R15: 0000000000000000 FS: 000000000190c880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f08b7f316c0 CR3: 0000000012073000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: alloc_pages_current+0x18c/0x2a0 mm/mempolicy.c:2267 alloc_pages include/linux/gfp.h:547 [inline] kmalloc_order+0x2e/0xb0 mm/slab_common.c:837 kmalloc_order_trace+0x14/0x120 mm/slab_common.c:853 kmalloc include/linux/slab.h:557 [inline] kzalloc include/linux/slab.h:682 [inline] bpf_prog_test_run_raw_tp+0x4b5/0x670 net/bpf/test_run.c:282 bpf_prog_test_run kernel/bpf/syscall.c:3120 [inline] __do_sys_bpf+0x1ea9/0x4f10 kernel/bpf/syscall.c:4398 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x440499 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffe1f3bfb18 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440499 RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ca0 R13: 0000000000401d30 R14: 0000000000000000 R15: 0000000000000000 This is because we didn't filter out too big ctx_size_in. Fix it by rejecting ctx_size_in that are bigger than MAX_BPF_FUNC_ARGS (12) u64 numbers. Fixes: 1b4d60ec16 ("bpf: Enable BPF_PROG_TEST_RUN for raw_tracepoint") Reported-by: syzbot+4f98876664c7337a4ae6@syzkaller.appspotmail.com Signed-off-by: Song Liu <songliubraving@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20210112234254.1906829-1-songliubraving@fb.com		2021-01-13 19:31:43 -08:00
..
6lowpan
9p	9p for 5.11-rc1	2020-12-21 10:28:02 -08:00
802
8021q	net: make free_netdev() more lenient with unregistering devices	2021-01-08 19:27:41 -08:00
appletalk	net: appletalk: fix kerneldoc warnings	2020-10-30 11:48:17 -07:00
atm	atm: nicstar: Replace in_interrupt() usage	2020-11-18 16:43:55 -08:00
ax25
batman-adv	batman-adv: Drop unused soft-interface.h include in fragmentation.c	2020-12-04 08:41:16 +01:00
bluetooth	Bluetooth: Increment management interface revision	2020-12-07 17:02:00 +02:00
bpf	bpf: Reject too big ctx_size_in for raw_tp test run	2021-01-13 19:31:43 -08:00
bpfilter	Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH"	2020-10-15 12:33:24 -07:00
bridge	net: bridge: Fix a warning when del bridge sysfs	2020-12-14 18:27:49 -08:00
caif
can	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-12-11 22:29:38 -08:00
ceph	libceph: align session_key and con_secret to 16 bytes	2020-12-28 20:34:33 +01:00
core	net: make sure devices go through netdev_wait_all_refs	2021-01-08 19:27:41 -08:00
dcb	net: dcb: Validate netlink message in DCB handler	2020-12-23 12:19:48 -08:00
dccp	selinux/stable-5.11 PR 20201214	2020-12-16 11:01:04 -08:00
decnet	treewide: rename nla_strlcpy to nla_strscpy.	2020-11-16 08:08:54 -08:00
dns_resolver
dsa	net: dsa: print the MTU value that could not be set	2020-12-08 11:24:07 -08:00
ethernet	net: datagram: fix some kernel-doc markups	2020-11-17 14:15:03 -08:00
ethtool	ethtool: fix error paths in ethnl_set_channels()	2020-12-16 13:27:17 -08:00
hsr	genetlink: move to smaller ops wherever possible	2020-10-02 19:11:11 -07:00
ieee802154	treewide: rename nla_strlcpy to nla_strscpy.	2020-11-16 08:08:54 -08:00
ife
ipv4	nexthop: Bounce NHA_GATEWAY in FDB nexthop groups	2021-01-07 18:47:18 -08:00
ipv6	net: ipv6: Validate GSO SKB before finish IPv6 processing	2021-01-09 14:06:32 -08:00
iucv	net/af_iucv: use DECLARE_SOCKADDR to cast from sockaddr	2020-12-08 15:56:53 -08:00
kcm
key
l2tp	lsm,selinux: pass flowi_common instead of flowi to the LSM hooks	2020-11-23 18:36:21 -05:00
l3mdev	net: l3mdev: Fix kerneldoc warning	2020-10-30 11:43:42 -07:00
lapb	net: lapb: Decrease the refcount of "struct lapb_cb" in lapb_device_event	2021-01-04 13:42:41 -08:00
llc	net: llc: Fix kerneldoc warnings	2020-10-30 11:34:09 -07:00
mac80211	A new set of wireless changes:	2020-12-12 10:07:56 -08:00
mac802154	net: mac802154: convert tasklets to use new tasklet_setup() API	2020-11-07 10:40:56 -08:00
mpls	mpls: drop skb's dst in mpls_forward()	2020-11-03 12:55:53 -08:00
mptcp	net: mptcp: cap forward allocation to 1M	2020-12-28 13:53:57 -08:00
ncsi	net/ncsi: Use real net-device for response handler	2020-12-23 12:22:23 -08:00
netfilter	netfilter: nftables: add set expression flags	2020-12-28 10:50:26 +01:00
netlabel	Merge https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-11-19 19:08:46 -08:00
netlink	netlink: export policy in extended ACK	2020-10-09 20:22:32 -07:00
netrom
nfc	net: sched: fix spelling mistake in Kconfig "trys" -> "tries"	2020-12-08 16:01:56 -08:00
nsh
openvswitch	net: openvswitch: fix TTL decrement exception action execution	2020-12-14 17:18:25 -08:00
packet	net: af_packet: fix procfs header for 64-bit pointers	2020-12-18 12:17:23 -08:00
phonet
psample	genetlink: move to smaller ops wherever possible	2020-10-02 19:11:11 -07:00
qrtr	net: qrtr: fix null-ptr-deref in qrtr_ns_remove	2021-01-05 16:50:09 -08:00
rds	rds: stop using dmapool	2020-11-17 15:22:06 -04:00
rfkill	rfkill: add a reason to the HW rfkill state	2020-12-11 12:47:17 +01:00
rose	rose: Fix Null pointer dereference in rose_send_frame()	2020-11-20 10:04:58 -08:00
rxrpc	net: rxrpc: convert comma to semicolon	2020-12-09 16:23:07 -08:00
sched	net: sched: prevent invalid Scell_log shift count	2020-12-28 14:52:54 -08:00
sctp	sctp: Fix some typo	2020-11-23 17:44:11 -08:00
smc	net/smc: fix access to parent of an ib device	2020-12-16 13:33:47 -08:00
strparser
sunrpc	NFS client updates for Linux 5.11	2020-12-17 12:15:03 -08:00
switchdev	net: switchdev: Fixed kerneldoc warning	2020-09-23 17:46:31 -07:00
tipc	tipc: fix NULL deref in tipc_link_xmit()	2021-01-09 14:44:47 -08:00
tls	net: fix proc_fs init handling in af_packet and tls	2020-12-14 19:39:30 -08:00
unix	networking changes for the 5.10 merge window	2020-10-15 18:42:13 -07:00
vmw_vsock	af_vsock: Assign the vsock transport considering the vsock address flags	2020-12-14 19:33:39 -08:00
wireless	cfg80211: select CONFIG_CRC32	2021-01-05 15:50:36 -08:00
x25	net: x25: Remove unimplemented X.25-over-LLC code stubs	2020-12-12 17:15:33 -08:00
xdp	xsk: Rollback reservation at NETDEV_TX_BUSY	2020-12-18 16:10:21 +01:00
xfrm	selinux/stable-5.11 PR 20201214	2020-12-16 11:01:04 -08:00
compat.c	iov_iter: transparently handle compat iovecs in import_iovec	2020-10-03 00:02:13 -04:00
devres.c
Kconfig	wimax: move out to staging	2020-10-29 19:27:45 +01:00
Makefile	wimax: move out to staging	2020-10-29 19:27:45 +01:00
socket.c	for-5.11/io_uring-2020-12-14	2020-12-16 12:44:05 -08:00
sysctl_net.c