https://github.com/torvalds/linux
Revision 573b3aa6940661dc50c383213d428c27df78be7c authored by Yonghong Song on 30 July 2018, 15:49:03 UTC, committed by Daniel Borkmann on 30 July 2018, 22:37:09 UTC
I hit the following problem when I tried to use bpftool
to dump a percpu array.
$ sudo ./bpftool map show
61: percpu_array name stub flags 0x0
key 4B value 4B max_entries 1 memlock 4096B
...
$ sudo ./bpftool map dump id 61
bpftool: malloc.c:2406: sysmalloc: Assertion
`(old_top == initial_top (av) && old_size == 0) || \
((unsigned long) (old_size) >= MINSIZE && \
prev_inuse (old_top) && \
((unsigned long) old_end & (pagesize - 1)) == 0)'
failed.
Aborted
Further debugging revealed that this is due to
miscommunication between bpftool and kernel.
For example, for the above percpu_array with value size of 4B.
The map info returned to user space has value size of 4B.
In bpftool, the values array for lookup is allocated like:
info->value_size * get_possible_cpus() = 4 * get_possible_cpus()
In kernel (kernel/bpf/syscall.c), the values array size is
rounded up to multiple of 8.
round_up(map->value_size, 8) * num_possible_cpus()
= 8 * num_possible_cpus()
So when kernel copies the values to user buffer, the kernel will
overwrite beyond user buffer boundary.
This patch fixed the issue by allocating and stepping through
percpu map value array properly in bpftool.
Fixes: 71bb428fe2c19 ("tools: bpf: add bpftool")
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
1 parent 61f4b23
Tip revision: 573b3aa6940661dc50c383213d428c27df78be7c authored by Yonghong Song on 30 July 2018, 15:49:03 UTC
tools/bpftool: fix a percpu_array map dump problem
tools/bpftool: fix a percpu_array map dump problem
Tip revision: 573b3aa
acpi_drivers.h
/*
* acpi_drivers.h ($Revision: 31 $)
*
* Copyright (C) 2001, 2002 Andy Grover <andrew.grover@intel.com>
* Copyright (C) 2001, 2002 Paul Diefenbaugh <paul.s.diefenbaugh@intel.com>
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*/
#ifndef __ACPI_DRIVERS_H__
#define __ACPI_DRIVERS_H__
#define ACPI_MAX_STRING 80
/*
* Please update drivers/acpi/debug.c and Documentation/acpi/debug.txt
* if you add to this list.
*/
#define ACPI_BUS_COMPONENT 0x00010000
#define ACPI_AC_COMPONENT 0x00020000
#define ACPI_BATTERY_COMPONENT 0x00040000
#define ACPI_BUTTON_COMPONENT 0x00080000
#define ACPI_SBS_COMPONENT 0x00100000
#define ACPI_FAN_COMPONENT 0x00200000
#define ACPI_PCI_COMPONENT 0x00400000
#define ACPI_POWER_COMPONENT 0x00800000
#define ACPI_CONTAINER_COMPONENT 0x01000000
#define ACPI_SYSTEM_COMPONENT 0x02000000
#define ACPI_THERMAL_COMPONENT 0x04000000
#define ACPI_MEMORY_DEVICE_COMPONENT 0x08000000
#define ACPI_VIDEO_COMPONENT 0x10000000
#define ACPI_PROCESSOR_COMPONENT 0x20000000
/*
* _HID definitions
* HIDs must conform to ACPI spec(6.1.4)
* Linux specific HIDs do not apply to this and begin with LNX:
*/
#define ACPI_POWER_HID "LNXPOWER"
#define ACPI_PROCESSOR_OBJECT_HID "LNXCPU"
#define ACPI_SYSTEM_HID "LNXSYSTM"
#define ACPI_THERMAL_HID "LNXTHERM"
#define ACPI_BUTTON_HID_POWERF "LNXPWRBN"
#define ACPI_BUTTON_HID_SLEEPF "LNXSLPBN"
#define ACPI_VIDEO_HID "LNXVIDEO"
#define ACPI_BAY_HID "LNXIOBAY"
#define ACPI_DOCK_HID "LNXDOCK"
#define ACPI_ECDT_HID "LNXEC"
/* Quirk for broken IBM BIOSes */
#define ACPI_SMBUS_IBM_HID "SMBUSIBM"
/*
* For fixed hardware buttons, we fabricate acpi_devices with HID
* ACPI_BUTTON_HID_POWERF or ACPI_BUTTON_HID_SLEEPF. Fixed hardware
* signals only an event; it doesn't supply a notification value.
* To allow drivers to treat notifications from fixed hardware the
* same as those from real devices, we turn the events into this
* notification value.
*/
#define ACPI_FIXED_HARDWARE_EVENT 0x100
/* --------------------------------------------------------------------------
PCI
-------------------------------------------------------------------------- */
/* ACPI PCI Interrupt Link (pci_link.c) */
int acpi_irq_penalty_init(void);
int acpi_pci_link_allocate_irq(acpi_handle handle, int index, int *triggering,
int *polarity, char **name);
int acpi_pci_link_free_irq(acpi_handle handle);
/* ACPI PCI Device Binding (pci_bind.c) */
struct pci_bus;
struct pci_dev *acpi_get_pci_dev(acpi_handle);
/* Arch-defined function to add a bus to the system */
struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root);
#ifdef CONFIG_X86
void pci_acpi_crs_quirks(void);
#else
static inline void pci_acpi_crs_quirks(void) { }
#endif
/* --------------------------------------------------------------------------
Processor
-------------------------------------------------------------------------- */
#define ACPI_PROCESSOR_LIMIT_NONE 0x00
#define ACPI_PROCESSOR_LIMIT_INCREMENT 0x01
#define ACPI_PROCESSOR_LIMIT_DECREMENT 0x02
/*--------------------------------------------------------------------------
Dock Station
-------------------------------------------------------------------------- */
#ifdef CONFIG_ACPI_DOCK
extern int is_dock_device(struct acpi_device *adev);
#else
static inline int is_dock_device(struct acpi_device *adev)
{
return 0;
}
#endif /* CONFIG_ACPI_DOCK */
#endif /*__ACPI_DRIVERS_H__*/
Computing file changes ...
