Patch "bpf: Fix elem_size not being set for inner maps" has been added to the 6.1-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sat, 10 Jun 2023 22:06:51 -0400

This is a note to let you know that I've just added the patch titled

    bpf: Fix elem_size not being set for inner maps

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-fix-elem_size-not-being-set-for-inner-maps.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 6811d6288f67588d44a8605de1b665edf41feffa
Author: Rhys Rustad-Elliott <me@xxxxxxxxxx>
Date:   Fri Jun 2 19:02:02 2023 +0000

    bpf: Fix elem_size not being set for inner maps
    
    [ Upstream commit cba41bb78d70aad98d8e61e019fd48c561f7f396 ]
    
    Commit d937bc3449fa ("bpf: make uniform use of array->elem_size
    everywhere in arraymap.c") changed array_map_gen_lookup to use
    array->elem_size instead of round_up(map->value_size, 8) as the element
    size when generating code to access a value in an array map.
    
    array->elem_size, however, is not set by bpf_map_meta_alloc when
    initializing an BPF_MAP_TYPE_ARRAY_OF_MAPS or BPF_MAP_TYPE_HASH_OF_MAPS.
    This results in array_map_gen_lookup incorrectly outputting code that
    always accesses index 0 in the array (as the index will be calculated
    via a multiplication with the element size, which is incorrectly set to
    0).
    
    Set elem_size on the bpf_array object when allocating an array or hash
    of maps to fix this.
    
    Fixes: d937bc3449fa ("bpf: make uniform use of array->elem_size everywhere in arraymap.c")
    Signed-off-by: Rhys Rustad-Elliott <me@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230602190110.47068-2-me@xxxxxxxxxx
    Signed-off-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/bpf/map_in_map.c b/kernel/bpf/map_in_map.c
index 135205d0d5607..8e87f69aae60d 100644
--- a/kernel/bpf/map_in_map.c
+++ b/kernel/bpf/map_in_map.c
@@ -61,9 +61,13 @@ struct bpf_map *bpf_map_meta_alloc(int inner_map_ufd)
 	/* Misc members not needed in bpf_map_meta_equal() check. */
 	inner_map_meta->ops = inner_map->ops;
 	if (inner_map->ops == &array_map_ops) {
+		struct bpf_array *inner_array_meta =
+			container_of(inner_map_meta, struct bpf_array, map);
+		struct bpf_array *inner_array = container_of(inner_map, struct bpf_array, map);
+
+		inner_array_meta->index_mask = inner_array->index_mask;
+		inner_array_meta->elem_size = inner_array->elem_size;
 		inner_map_meta->bypass_spec_v1 = inner_map->bypass_spec_v1;
-		container_of(inner_map_meta, struct bpf_array, map)->index_mask =
-		     container_of(inner_map, struct bpf_array, map)->index_mask;
 	}
 
 	fdput(f);






