linux/kernel/bpf
Alexei Starovoitov 92117d8443 bpf: fix refcnt overflow
On a system with >32Gbyte of phyiscal memory and infinite RLIMIT_MEMLOCK,
the malicious application may overflow 32-bit bpf program refcnt.
It's also possible to overflow map refcnt on 1Tb system.
Impose 32k hard limit which means that the same bpf program or
map cannot be shared by more than 32k processes.

Fixes: 1be7f75d16 ("bpf: enable non-root eBPF programs")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-04-28 17:29:45 -04:00
..
arraymap.c bpf: check for reserved flag bits in array and stack maps 2016-03-08 15:28:31 -05:00
core.c bpf: Mark __bpf_prog_run() stack frame as non-standard 2016-02-29 08:35:11 +01:00
hashtab.c bpf: pre-allocate hash map elements 2016-03-08 15:28:31 -05:00
helpers.c bpf: avoid copying junk bytes in bpf_get_current_comm() 2016-03-09 23:27:30 -05:00
inode.c bpf: fix refcnt overflow 2016-04-28 17:29:45 -04:00
Makefile bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
percpu_freelist.c bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
percpu_freelist.h bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
stackmap.c bpf: convert stackmap to pre-allocation 2016-03-08 15:28:31 -05:00
syscall.c bpf: fix refcnt overflow 2016-04-28 17:29:45 -04:00
verifier.c bpf: fix refcnt overflow 2016-04-28 17:29:45 -04:00