diff mbox series

[bpf] bpf: Fix off-by-one error in bpf_mem_cache_idx()

Message ID 20230118084630.3750680-1-houtao@huaweicloud.com (mailing list archive)
State Accepted
Commit 36024d023d139a0c8b552dc3b7f4dc7b4c139e8f
Delegated to: BPF
Headers show
Series [bpf] bpf: Fix off-by-one error in bpf_mem_cache_idx() | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 5 this patch: 5
netdev/cc_maintainers fail 1 blamed authors not CCed: memxor@gmail.com; 1 maintainers not CCed: memxor@gmail.com
netdev/build_clang success Errors and warnings before: 1 this patch: 1
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 5 this patch: 5
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-VM_Test-4 success Logs for build for x86_64 with gcc
bpf/vmtest-bpf-VM_Test-5 success Logs for build for x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-6 success Logs for llvm-toolchain
bpf/vmtest-bpf-VM_Test-7 success Logs for set-matrix
bpf/vmtest-bpf-VM_Test-2 success Logs for build for aarch64 with gcc
bpf/vmtest-bpf-VM_Test-3 success Logs for build for aarch64 with llvm-16
bpf/vmtest-bpf-VM_Test-8 success Logs for test_maps on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-10 success Logs for test_maps on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-11 success Logs for test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-14 success Logs for test_progs on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-18 success Logs for test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-22 success Logs for test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-26 success Logs for test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-30 success Logs for test_verifier on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-31 success Logs for test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-PR success PR summary
bpf/vmtest-bpf-VM_Test-9 success Logs for test_maps on aarch64 with llvm-16
bpf/vmtest-bpf-VM_Test-12 success Logs for test_progs on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-13 success Logs for test_progs on aarch64 with llvm-16
bpf/vmtest-bpf-VM_Test-15 success Logs for test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-16 success Logs for test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-17 success Logs for test_progs_no_alu32 on aarch64 with llvm-16
bpf/vmtest-bpf-VM_Test-19 success Logs for test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-20 success Logs for test_progs_no_alu32_parallel on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-21 success Logs for test_progs_no_alu32_parallel on aarch64 with llvm-16
bpf/vmtest-bpf-VM_Test-23 success Logs for test_progs_no_alu32_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-24 success Logs for test_progs_parallel on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-25 success Logs for test_progs_parallel on aarch64 with llvm-16
bpf/vmtest-bpf-VM_Test-27 success Logs for test_progs_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-28 success Logs for test_verifier on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-29 success Logs for test_verifier on aarch64 with llvm-16

Commit Message

Hou Tao Jan. 18, 2023, 8:46 a.m. UTC 
From: Hou Tao <houtao1@huawei.com>

According to the definition of sizes[NUM_CACHES], when the size passed
to bpf_mem_cache_size() is 256, it should return 6 instead 7.

Fixes: 7c8199e24fa0 ("bpf: Introduce any context BPF specific memory allocator.")
Signed-off-by: Hou Tao <houtao1@huawei.com>
---
 kernel/bpf/memalloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Yonghong Song Jan. 18, 2023, 5:57 p.m. UTC | #1 
On 1/18/23 12:46 AM, Hou Tao wrote:
> From: Hou Tao <houtao1@huawei.com>
> 
> According to the definition of sizes[NUM_CACHES], when the size passed
> to bpf_mem_cache_size() is 256, it should return 6 instead 7.

More importantly, e.g., if the size is 4096, illegal memory access may 
happen.

> 
> Fixes: 7c8199e24fa0 ("bpf: Introduce any context BPF specific memory allocator.")
> Signed-off-by: Hou Tao <houtao1@huawei.com>

Acked-by: Yonghong Song <yhs@fb.com>

> ---
>   kernel/bpf/memalloc.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kernel/bpf/memalloc.c b/kernel/bpf/memalloc.c
> index ebcc3dd0fa19..1db156405b68 100644
> --- a/kernel/bpf/memalloc.c
> +++ b/kernel/bpf/memalloc.c
> @@ -71,7 +71,7 @@ static int bpf_mem_cache_idx(size_t size)
>   	if (size <= 192)
>   		return size_index[(size - 1) / 8] - 1;
>   
> -	return fls(size - 1) - 1;
> +	return fls(size - 1) - 2;
>   }
>   
>   #define NUM_CACHES 11
Alexei Starovoitov Jan. 19, 2023, 2:43 a.m. UTC | #2 
On Wed, Jan 18, 2023 at 9:58 AM Yonghong Song <yhs@meta.com> wrote:
>
> >
> > -     return fls(size - 1) - 1;
> > +     return fls(size - 1) - 2;

Wow. Thanks.
Not sure how I missed it and why the tests didn't catch it.
test_maps goes through many key/value sizes.

Applied.
patchwork-bot+netdevbpf@kernel.org Jan. 19, 2023, 2:50 a.m. UTC | #3 
Hello:

This patch was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Wed, 18 Jan 2023 16:46:30 +0800 you wrote:
> From: Hou Tao <houtao1@huawei.com>
> 
> According to the definition of sizes[NUM_CACHES], when the size passed
> to bpf_mem_cache_size() is 256, it should return 6 instead 7.
> 
> Fixes: 7c8199e24fa0 ("bpf: Introduce any context BPF specific memory allocator.")
> Signed-off-by: Hou Tao <houtao1@huawei.com>
> 
> [...]

Here is the summary with links:
  - [bpf] bpf: Fix off-by-one error in bpf_mem_cache_idx()
    https://git.kernel.org/bpf/bpf/c/36024d023d13

You are awesome, thank you!
diff mbox series

Patch

diff --git a/kernel/bpf/memalloc.c b/kernel/bpf/memalloc.c
index ebcc3dd0fa19..1db156405b68 100644
--- a/kernel/bpf/memalloc.c
+++ b/kernel/bpf/memalloc.c
@@ -71,7 +71,7 @@  static int bpf_mem_cache_idx(size_t size)
 	if (size <= 192)
 		return size_index[(size - 1) / 8] - 1;
 
-	return fls(size - 1) - 1;
+	return fls(size - 1) - 2;
 }
 
 #define NUM_CACHES 11