Patch "bpf: use kvzmalloc to allocate BPF verifier environment" has been added to the 4.19-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 14 Nov 2024 07:44:49 -0500

This is a note to let you know that I've just added the patch titled

    bpf: use kvzmalloc to allocate BPF verifier environment

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-use-kvzmalloc-to-allocate-bpf-verifier-environme.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 166af7e98a7e07a10c3906052e7cf1780eba9008
Author: Rik van Riel <riel@xxxxxxxxxxx>
Date:   Tue Oct 8 17:07:35 2024 -0400

    bpf: use kvzmalloc to allocate BPF verifier environment
    
    [ Upstream commit 434247637c66e1be2bc71a9987d4c3f0d8672387 ]
    
    The kzmalloc call in bpf_check can fail when memory is very fragmented,
    which in turn can lead to an OOM kill.
    
    Use kvzmalloc to fall back to vmalloc when memory is too fragmented to
    allocate an order 3 sized bpf verifier environment.
    
    Admittedly this is not a very common case, and only happens on systems
    where memory has already been squeezed close to the limit, but this does
    not seem like much of a hot path, and it's a simple enough fix.
    
    Signed-off-by: Rik van Riel <riel@xxxxxxxxxxx>
    Reviewed-by: Shakeel Butt <shakeel.butt@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20241008170735.16766766@xxxxxxxxxxxxxxxxxxxx
    Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a48de55f5630e..de0926cff8352 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6446,7 +6446,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
 	/* 'struct bpf_verifier_env' can be global, but since it's not small,
 	 * allocate/free it every time bpf_check() is called
 	 */
-	env = kzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
+	env = kvzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
 	if (!env)
 		return -ENOMEM;
 	log = &env->log;
@@ -6573,6 +6573,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
 	mutex_unlock(&bpf_verifier_lock);
 	vfree(env->insn_aux_data);
 err_free_env:
-	kfree(env);
+	kvfree(env);
 	return ret;
 }







