On Tue, May 14, 2024 at 11:24 PM Andrii Nakryiko <andrii@xxxxxxxxxx> wrote:
>
> ARRAY_OF_MAPS and HASH_OF_MAPS map types have special logic to save
> a few extra fields required for correct operations of ARRAY maps, when
> they are used as inner maps. PERCPU_ARRAY maps have similar
> requirements as they now support generating inline element lookup
> logic. So make sure that both classes of maps are handled correctly.
>
> Reported-by: Jakub Kicinski <kuba@xxxxxxxxxx>
> Fixes: db69718b8efa ("bpf: inline bpf_map_lookup_elem() for PERCPU_ARRAY maps")
> Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
> ---
> kernel/bpf/map_in_map.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/map_in_map.c b/kernel/bpf/map_in_map.c
> index 8ef269e66ba5..b4f18c85d7bc 100644
> --- a/kernel/bpf/map_in_map.c
> +++ b/kernel/bpf/map_in_map.c
> @@ -32,7 +32,7 @@ struct bpf_map *bpf_map_meta_alloc(int inner_map_ufd)
>
> inner_map_meta_size = sizeof(*inner_map_meta);
> /* In some cases verifier needs to access beyond just base map. */
> - if (inner_map->ops == &array_map_ops)
> + if (inner_map->ops == &array_map_ops || inner_map->ops == &percpu_array_map_ops)
> inner_map_meta_size = sizeof(struct bpf_array);
Applied the fix to stop the bleeding,
but we need to fix this fragility long term.
