On Wed, Dec 13, 2023 at 3:24 AM Hou Tao <houtao@xxxxxxxxxxxxxxx> wrote:
>
> From: Hou Tao <houtao1@xxxxxxxxxx>
>
> An abnormally big cnt may also be assigned to kprobe_multi.cnt when
> attaching multiple kprobes. It will trigger the following warning in
> kvmalloc_node():
>
> if (unlikely(size > INT_MAX)) {
> WARN_ON_ONCE(!(flags & __GFP_NOWARN));
> return NULL;
> }
>
> Fix the warning by limiting the maximal number of kprobes in
> bpf_kprobe_multi_link_attach().
>
> Fixes: 0dcac2725406 ("bpf: Add multi kprobe link")
> Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx>
> ---
> kernel/trace/bpf_trace.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 2d1201f7b554..944678529f5c 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -43,6 +43,7 @@
> rcu_dereference_protected(p, lockdep_is_held(&bpf_event_mutex))
>
> #define MAX_UPROBE_MULTI_CNT (1U << 20)
> +#define MAX_KPROBE_MULTI_CNT (1U << 20)
>
> #ifdef CONFIG_MODULES
> struct bpf_trace_module {
> @@ -2970,7 +2971,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
> return -EINVAL;
>
> cnt = attr->link_create.kprobe_multi.cnt;
> - if (!cnt)
> + if (!cnt || cnt > MAX_KPROBE_MULTI_CNT)
> return -EINVAL;
let's return -E2BIG for `cnt > MAX` cases? Same in another patch
>
> size = cnt * sizeof(*addrs);
> --
> 2.29.2
>
