libbpf: Handle size overflow for ringbuf mmap (beab943c) · Commits · EulixOS / Software / Kernel

tools/lib/bpf/ringbuf.c

+8 −4

Original line number	Diff line number	Diff line
		@@ -59,6 +59,7 @@ int ring_buffer__add(struct ring_buffer *rb, int map_fd,
		__u32 len = sizeof(info);
		struct epoll_event *e;
		struct ring *r;
		__u64 mmap_sz;
		void *tmp;
		int err;

		@@ -97,8 +98,7 @@ int ring_buffer__add(struct ring_buffer *rb, int map_fd,
		r->mask = info.max_entries - 1;

		/* Map writable consumer page */
		tmp = mmap(NULL, rb->page_size, PROT_READ \| PROT_WRITE, MAP_SHARED,
		map_fd, 0);
		tmp = mmap(NULL, rb->page_size, PROT_READ \| PROT_WRITE, MAP_SHARED, map_fd, 0);
		if (tmp == MAP_FAILED) {
		err = -errno;
		pr_warn("ringbuf: failed to mmap consumer page for map fd=%d: %d\n",
		@@ -111,8 +111,12 @@ int ring_buffer__add(struct ring_buffer *rb, int map_fd,
		* data size to allow simple reading of samples that wrap around the
		* end of a ring buffer. See kernel implementation for details.
		* */
		tmp = mmap(NULL, rb->page_size + 2 * info.max_entries, PROT_READ,
		MAP_SHARED, map_fd, rb->page_size);
		mmap_sz = rb->page_size + 2 * (__u64)info.max_entries;
		if (mmap_sz != (__u64)(size_t)mmap_sz) {
		pr_warn("ringbuf: ring buffer size (%u) is too big\n", info.max_entries);
		return -E2BIG;
		}
		tmp = mmap(NULL, (size_t)mmap_sz, PROT_READ, MAP_SHARED, map_fd, rb->page_size);
		if (tmp == MAP_FAILED) {
		err = -errno;
		ringbuf_unmap_ring(rb, r);