summaryrefslogtreecommitdiff
path: root/tools/lib
diff options
context:
space:
mode:
authorHou Tao <houtao1@huawei.com>2022-11-16 15:23:51 +0800
committerAndrii Nakryiko <andrii@kernel.org>2022-11-17 15:49:59 -0800
commit05c1558bfcb63b95a9f530767c04c7db091560f2 (patch)
treefa2ca7e67b027b642c4ed7cfb7872ab9b9106a29 /tools/lib
parent64176bff2446cd825b163976ee451fb6e5cd851d (diff)
libbpf: Check the validity of size in user_ring_buffer__reserve()
The top two bits of size are used as busy and discard flags, so reject the reservation that has any of these special bits in the size. With the addition of validity check, these is also no need to check whether or not total_size is overflowed. Signed-off-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221116072351.1168938-5-houtao@huaweicloud.com
Diffstat (limited to 'tools/lib')
-rw-r--r--tools/lib/bpf/ringbuf.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/tools/lib/bpf/ringbuf.c b/tools/lib/bpf/ringbuf.c
index 5c4401cac1db..6af142953a94 100644
--- a/tools/lib/bpf/ringbuf.c
+++ b/tools/lib/bpf/ringbuf.c
@@ -486,6 +486,10 @@ void *user_ring_buffer__reserve(struct user_ring_buffer *rb, __u32 size)
__u64 cons_pos, prod_pos;
struct ringbuf_hdr *hdr;
+ /* The top two bits are used as special flags */
+ if (size & (BPF_RINGBUF_BUSY_BIT | BPF_RINGBUF_DISCARD_BIT))
+ return errno = E2BIG, NULL;
+
/* Synchronizes with smp_store_release() in __bpf_user_ringbuf_peek() in
* the kernel.
*/