git.baikalelectronics.ru Git - kernel.git/commit

author	Alexei Starovoitov <ast@fb.com>
	Thu, 28 Apr 2016 01:56:20 +0000 (18:56 -0700)
committer	David S. Miller <davem@davemloft.net>
	Thu, 28 Apr 2016 21:29:45 +0000 (17:29 -0400)
commit	1a0c8070d86f0e98b7cd53b7793ba4cbf4ca3ee2
tree	d0db595b54f82b59049d4b879561c2f97d25e18b	tree \| snapshot
parent	d4559a526822a9be57b731058b4c94b836566128	commit \| diff

bpf: fix refcnt overflow

On a system with >32Gbyte of phyiscal memory and infinite RLIMIT_MEMLOCK,
the malicious application may overflow 32-bit bpf program refcnt.
It's also possible to overflow map refcnt on 1Tb system.
Impose 32k hard limit which means that the same bpf program or
map cannot be shared by more than 32k processes.

Fixes: 6c3d98c5fcd7 ("bpf: enable non-root eBPF programs")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/bpf.h		diff \| blob \| history
kernel/bpf/inode.c		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
kernel/bpf/verifier.c		diff \| blob \| history