diff options
Diffstat (limited to 'kernel/bpf/arraymap.c')
| -rw-r--r-- | kernel/bpf/arraymap.c | 61 |
1 files changed, 49 insertions, 12 deletions
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 7c25426d3cf5..ab94d304a634 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c | |||
| @@ -53,9 +53,10 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) | |||
| 53 | { | 53 | { |
| 54 | bool percpu = attr->map_type == BPF_MAP_TYPE_PERCPU_ARRAY; | 54 | bool percpu = attr->map_type == BPF_MAP_TYPE_PERCPU_ARRAY; |
| 55 | int numa_node = bpf_map_attr_numa_node(attr); | 55 | int numa_node = bpf_map_attr_numa_node(attr); |
| 56 | u32 elem_size, index_mask, max_entries; | ||
| 57 | bool unpriv = !capable(CAP_SYS_ADMIN); | ||
| 56 | struct bpf_array *array; | 58 | struct bpf_array *array; |
| 57 | u64 array_size; | 59 | u64 array_size, mask64; |
| 58 | u32 elem_size; | ||
| 59 | 60 | ||
| 60 | /* check sanity of attributes */ | 61 | /* check sanity of attributes */ |
| 61 | if (attr->max_entries == 0 || attr->key_size != 4 || | 62 | if (attr->max_entries == 0 || attr->key_size != 4 || |
| @@ -72,11 +73,32 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) | |||
| 72 | 73 | ||
| 73 | elem_size = round_up(attr->value_size, 8); | 74 | elem_size = round_up(attr->value_size, 8); |
| 74 | 75 | ||
| 76 | max_entries = attr->max_entries; | ||
| 77 | |||
| 78 | /* On 32 bit archs roundup_pow_of_two() with max_entries that has | ||
| 79 | * upper most bit set in u32 space is undefined behavior due to | ||
| 80 | * resulting 1U << 32, so do it manually here in u64 space. | ||
| 81 | */ | ||
| 82 | mask64 = fls_long(max_entries - 1); | ||
| 83 | mask64 = 1ULL << mask64; | ||
| 84 | mask64 -= 1; | ||
| 85 | |||
| 86 | index_mask = mask64; | ||
| 87 | if (unpriv) { | ||
| 88 | /* round up array size to nearest power of 2, | ||
| 89 | * since cpu will speculate within index_mask limits | ||
| 90 | */ | ||
| 91 | max_entries = index_mask + 1; | ||
| 92 | /* Check for overflows. */ | ||
| 93 | if (max_entries < attr->max_entries) | ||
| 94 | return ERR_PTR(-E2BIG); | ||
| 95 | } | ||
| 96 | |||
| 75 | array_size = sizeof(*array); | 97 | array_size = sizeof(*array); |
| 76 | if (percpu) | 98 | if (percpu) |
| 77 | array_size += (u64) attr->max_entries * sizeof(void *); | 99 | array_size += (u64) max_entries * sizeof(void *); |
| 78 | else | 100 | else |
| 79 | array_size += (u64) attr->max_entries * elem_size; | 101 | array_size += (u64) max_entries * elem_size; |
| 80 | 102 | ||
| 81 | /* make sure there is no u32 overflow later in round_up() */ | 103 | /* make sure there is no u32 overflow later in round_up() */ |
| 82 | if (array_size >= U32_MAX - PAGE_SIZE) | 104 | if (array_size >= U32_MAX - PAGE_SIZE) |
| @@ -86,6 +108,8 @@ static struct bpf_map *array_map_alloc(union bpf_attr *attr) | |||
| 86 | array = bpf_map_area_alloc(array_size, numa_node); | 108 | array = bpf_map_area_alloc(array_size, numa_node); |
| 87 | if (!array) | 109 | if (!array) |
| 88 | return ERR_PTR(-ENOMEM); | 110 | return ERR_PTR(-ENOMEM); |
| 111 | array->index_mask = index_mask; | ||
| 112 | array->map.unpriv_array = unpriv; | ||
| 89 | 113 | ||
| 90 | /* copy mandatory map attributes */ | 114 | /* copy mandatory map attributes */ |
| 91 | array->map.map_type = attr->map_type; | 115 | array->map.map_type = attr->map_type; |
| @@ -121,12 +145,13 @@ static void *array_map_lookup_elem(struct bpf_map *map, void *key) | |||
| 121 | if (unlikely(index >= array->map.max_entries)) | 145 | if (unlikely(index >= array->map.max_entries)) |
| 122 | return NULL; | 146 | return NULL; |
| 123 | 147 | ||
| 124 | return array->value + array->elem_size * index; | 148 | return array->value + array->elem_size * (index & array->index_mask); |
| 125 | } | 149 | } |
| 126 | 150 | ||
| 127 | /* emit BPF instructions equivalent to C code of array_map_lookup_elem() */ | 151 | /* emit BPF instructions equivalent to C code of array_map_lookup_elem() */ |
| 128 | static u32 array_map_gen_lookup(struct bpf_map *map, struct bpf_insn *insn_buf) | 152 | static u32 array_map_gen_lookup(struct bpf_map *map, struct bpf_insn *insn_buf) |
| 129 | { | 153 | { |
| 154 | struct bpf_array *array = container_of(map, struct bpf_array, map); | ||
| 130 | struct bpf_insn *insn = insn_buf; | 155 | struct bpf_insn *insn = insn_buf; |
| 131 | u32 elem_size = round_up(map->value_size, 8); | 156 | u32 elem_size = round_up(map->value_size, 8); |
| 132 | const int ret = BPF_REG_0; | 157 | const int ret = BPF_REG_0; |
| @@ -135,7 +160,12 @@ static u32 array_map_gen_lookup(struct bpf_map *map, struct bpf_insn *insn_buf) | |||
| 135 | 160 | ||
| 136 | *insn++ = BPF_ALU64_IMM(BPF_ADD, map_ptr, offsetof(struct bpf_array, value)); | 161 | *insn++ = BPF_ALU64_IMM(BPF_ADD, map_ptr, offsetof(struct bpf_array, value)); |
| 137 | *insn++ = BPF_LDX_MEM(BPF_W, ret, index, 0); | 162 | *insn++ = BPF_LDX_MEM(BPF_W, ret, index, 0); |
| 138 | *insn++ = BPF_JMP_IMM(BPF_JGE, ret, map->max_entries, 3); | 163 | if (map->unpriv_array) { |
| 164 | *insn++ = BPF_JMP_IMM(BPF_JGE, ret, map->max_entries, 4); | ||
| 165 | *insn++ = BPF_ALU32_IMM(BPF_AND, ret, array->index_mask); | ||
| 166 | } else { | ||
| 167 | *insn++ = BPF_JMP_IMM(BPF_JGE, ret, map->max_entries, 3); | ||
| 168 | } | ||
| 139 | 169 | ||
| 140 | if (is_power_of_2(elem_size)) { | 170 | if (is_power_of_2(elem_size)) { |
| 141 | *insn++ = BPF_ALU64_IMM(BPF_LSH, ret, ilog2(elem_size)); | 171 | *insn++ = BPF_ALU64_IMM(BPF_LSH, ret, ilog2(elem_size)); |
| @@ -157,7 +187,7 @@ static void *percpu_array_map_lookup_elem(struct bpf_map *map, void *key) | |||
| 157 | if (unlikely(index >= array->map.max_entries)) | 187 | if (unlikely(index >= array->map.max_entries)) |
| 158 | return NULL; | 188 | return NULL; |
| 159 | 189 | ||
| 160 | return this_cpu_ptr(array->pptrs[index]); | 190 | return this_cpu_ptr(array->pptrs[index & array->index_mask]); |
| 161 | } | 191 | } |
| 162 | 192 | ||
| 163 | int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value) | 193 | int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value) |
| @@ -177,7 +207,7 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value) | |||
| 177 | */ | 207 | */ |
| 178 | size = round_up(map->value_size, 8); | 208 | size = round_up(map->value_size, 8); |
| 179 | rcu_read_lock(); | 209 | rcu_read_lock(); |
| 180 | pptr = array->pptrs[index]; | 210 | pptr = array->pptrs[index & array->index_mask]; |
| 181 | for_each_possible_cpu(cpu) { | 211 | for_each_possible_cpu(cpu) { |
| 182 | bpf_long_memcpy(value + off, per_cpu_ptr(pptr, cpu), size); | 212 | bpf_long_memcpy(value + off, per_cpu_ptr(pptr, cpu), size); |
| 183 | off += size; | 213 | off += size; |
| @@ -225,10 +255,11 @@ static int array_map_update_elem(struct bpf_map *map, void *key, void *value, | |||
| 225 | return -EEXIST; | 255 | return -EEXIST; |
| 226 | 256 | ||
| 227 | if (array->map.map_type == BPF_MAP_TYPE_PERCPU_ARRAY) | 257 | if (array->map.map_type == BPF_MAP_TYPE_PERCPU_ARRAY) |
| 228 | memcpy(this_cpu_ptr(array->pptrs[index]), | 258 | memcpy(this_cpu_ptr(array->pptrs[index & array->index_mask]), |
| 229 | value, map->value_size); | 259 | value, map->value_size); |
| 230 | else | 260 | else |
| 231 | memcpy(array->value + array->elem_size * index, | 261 | memcpy(array->value + |
| 262 | array->elem_size * (index & array->index_mask), | ||
| 232 | value, map->value_size); | 263 | value, map->value_size); |
| 233 | return 0; | 264 | return 0; |
| 234 | } | 265 | } |
| @@ -262,7 +293,7 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value, | |||
| 262 | */ | 293 | */ |
| 263 | size = round_up(map->value_size, 8); | 294 | size = round_up(map->value_size, 8); |
| 264 | rcu_read_lock(); | 295 | rcu_read_lock(); |
| 265 | pptr = array->pptrs[index]; | 296 | pptr = array->pptrs[index & array->index_mask]; |
| 266 | for_each_possible_cpu(cpu) { | 297 | for_each_possible_cpu(cpu) { |
| 267 | bpf_long_memcpy(per_cpu_ptr(pptr, cpu), value + off, size); | 298 | bpf_long_memcpy(per_cpu_ptr(pptr, cpu), value + off, size); |
| 268 | off += size; | 299 | off += size; |
| @@ -613,6 +644,7 @@ static void *array_of_map_lookup_elem(struct bpf_map *map, void *key) | |||
| 613 | static u32 array_of_map_gen_lookup(struct bpf_map *map, | 644 | static u32 array_of_map_gen_lookup(struct bpf_map *map, |
| 614 | struct bpf_insn *insn_buf) | 645 | struct bpf_insn *insn_buf) |
| 615 | { | 646 | { |
| 647 | struct bpf_array *array = container_of(map, struct bpf_array, map); | ||
| 616 | u32 elem_size = round_up(map->value_size, 8); | 648 | u32 elem_size = round_up(map->value_size, 8); |
| 617 | struct bpf_insn *insn = insn_buf; | 649 | struct bpf_insn *insn = insn_buf; |
| 618 | const int ret = BPF_REG_0; | 650 | const int ret = BPF_REG_0; |
| @@ -621,7 +653,12 @@ static u32 array_of_map_gen_lookup(struct bpf_map *map, | |||
| 621 | 653 | ||
| 622 | *insn++ = BPF_ALU64_IMM(BPF_ADD, map_ptr, offsetof(struct bpf_array, value)); | 654 | *insn++ = BPF_ALU64_IMM(BPF_ADD, map_ptr, offsetof(struct bpf_array, value)); |
| 623 | *insn++ = BPF_LDX_MEM(BPF_W, ret, index, 0); | 655 | *insn++ = BPF_LDX_MEM(BPF_W, ret, index, 0); |
| 624 | *insn++ = BPF_JMP_IMM(BPF_JGE, ret, map->max_entries, 5); | 656 | if (map->unpriv_array) { |
| 657 | *insn++ = BPF_JMP_IMM(BPF_JGE, ret, map->max_entries, 6); | ||
| 658 | *insn++ = BPF_ALU32_IMM(BPF_AND, ret, array->index_mask); | ||
| 659 | } else { | ||
| 660 | *insn++ = BPF_JMP_IMM(BPF_JGE, ret, map->max_entries, 5); | ||
| 661 | } | ||
| 625 | if (is_power_of_2(elem_size)) | 662 | if (is_power_of_2(elem_size)) |
| 626 | *insn++ = BPF_ALU64_IMM(BPF_LSH, ret, ilog2(elem_size)); | 663 | *insn++ = BPF_ALU64_IMM(BPF_LSH, ret, ilog2(elem_size)); |
| 627 | else | 664 | else |