git.fsl.cs.sunysb.edu Git - wrapfs-4.5.y.git/commit

author	Alexei Starovoitov <ast@fb.com>
	Thu, 28 Apr 2016 01:56:20 +0000 (18:56 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 19 May 2016 01:35:04 +0000 (18:35 -0700)
commit	1b106ad23a72bba34c7f37574defa324fdd76fc7
tree	d994f7664c4152d328c4b0ffe2ca4841bbd6f868	tree \| snapshot
parent	2ffd01aa8d12c83c43b611a74a09852ea4dd0111	commit \| diff

bpf: fix refcnt overflow

[ Upstream commit 92117d8443bc5afacc8d5ba82e541946310f106e ]

On a system with >32Gbyte of phyiscal memory and infinite RLIMIT_MEMLOCK,
the malicious application may overflow 32-bit bpf program refcnt.
It's also possible to overflow map refcnt on 1Tb system.
Impose 32k hard limit which means that the same bpf program or
map cannot be shared by more than 32k processes.

Fixes: 1be7f75d1668 ("bpf: enable non-root eBPF programs")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

include/linux/bpf.h		diff \| blob \| history
kernel/bpf/inode.c		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
kernel/bpf/verifier.c		diff \| blob \| history