From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH bpf-next] bpf, xskmap: fix crash in xsk_map_alloc error
 path handling
Date: Fri, 04 May 2018 11:39:20 -0400 (EDT)
Message-ID: <20180504.113920.1481897063505688262.davem@davemloft.net>
References: <20180504142753.10621-1-daniel@iogearbox.net>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: alexei.starovoitov@gmail.com, netdev@vger.kernel.org,
        bjorn.topel@intel.com
To: daniel@iogearbox.net
Return-path: <netdev-owner@vger.kernel.org>
Received: from shards.monkeyblade.net ([184.105.139.130]:34514 "EHLO
        shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751415AbeEDPjY (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 4 May 2018 11:39:24 -0400
In-Reply-To: <20180504142753.10621-1-daniel@iogearbox.net>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

From: Daniel Borkmann <daniel@iogearbox.net>
Date: Fri,  4 May 2018 16:27:53 +0200

> If bpf_map_precharge_memlock() did not fail, then we set err to zero.
> However, any subsequent failure from either alloc_percpu() or the
> bpf_map_area_alloc() will return ERR_PTR(0) which in find_and_alloc_map()
> will cause NULL pointer deref.
> 
> In devmap we have the convention that we return -EINVAL on page count
> overflow, so keep the same logic here and just set err to -ENOMEM
> after successful bpf_map_precharge_memlock().
> 
> Fixes: fbfc504a24f5 ("bpf: introduce new bpf AF_XDP map type BPF_MAP_TYPE_XSKMAP")
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

Acked-by: David S. Miller <davem@davemloft.net>