Commit 48e11bad authored by Kohei Enju's avatar Kohei Enju Committed by Alexei Starovoitov
Browse files

bpf: cpumap: propagate underlying error in cpu_map_update_elem() 



After commit 92164774 ("bpf: cpumap: Add the possibility to attach
an eBPF program to cpumap"), __cpu_map_entry_alloc() may fail with
errors other than -ENOMEM, such as -EBADF or -EINVAL.

However, __cpu_map_entry_alloc() returns NULL on all failures, and
cpu_map_update_elem() unconditionally converts this NULL into -ENOMEM.
As a result, user space always receives -ENOMEM regardless of the actual
underlying error.

Examples of unexpected behavior:
  - Nonexistent fd  : -ENOMEM (should be -EBADF)
  - Non-BPF fd      : -ENOMEM (should be -EINVAL)
  - Bad attach type : -ENOMEM (should be -EINVAL)

Change __cpu_map_entry_alloc() to return ERR_PTR(err) instead of NULL
and have cpu_map_update_elem() propagate this error.

Signed-off-by: default avatarKohei Enju <enjuk@amazon.com>
Reviewed-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/r/20251208131449.73036-2-enjuk@amazon.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 5d9fb42f

kernel/bpf/cpumap.c

+13 −8
Original line number Diff line number Diff line
@@ -430,7 +430,7 @@ static struct bpf_cpu_map_entry * 
__cpu_map_entry_alloc(struct bpf_map *map, struct bpf_cpumap_val *value,

		      u32 cpu)

{

	int numa, err, i, fd = value->bpf_prog.fd;

	int numa, err = -ENOMEM, i, fd = value->bpf_prog.fd;

	gfp_t gfp = GFP_KERNEL | __GFP_NOWARN;

	struct bpf_cpu_map_entry *rcpu;

	struct xdp_bulk_queue *bq;
@@ -440,7 +440,7 @@ __cpu_map_entry_alloc(struct bpf_map *map, struct bpf_cpumap_val *value, 


	rcpu = bpf_map_kmalloc_node(map, sizeof(*rcpu), gfp | __GFP_ZERO, numa);

	if (!rcpu)

		return NULL;

		return ERR_PTR(err);



	/* Alloc percpu bulkq */

	rcpu->bulkq = bpf_map_alloc_percpu(map, sizeof(*rcpu->bulkq),
@@ -468,16 +468,21 @@ __cpu_map_entry_alloc(struct bpf_map *map, struct bpf_cpumap_val *value, 
	rcpu->value.qsize  = value->qsize;

	gro_init(&rcpu->gro);



	if (fd > 0 && __cpu_map_load_bpf_program(rcpu, map, fd))

	if (fd > 0) {

		err = __cpu_map_load_bpf_program(rcpu, map, fd);

		if (err)

			goto free_ptr_ring;

	}



	/* Setup kthread */

	init_completion(&rcpu->kthread_running);

	rcpu->kthread = kthread_create_on_node(cpu_map_kthread_run, rcpu, numa,

					       "cpumap/%d/map:%d", cpu,

					       map->id);

	if (IS_ERR(rcpu->kthread))

	if (IS_ERR(rcpu->kthread)) {

		err = PTR_ERR(rcpu->kthread);

		goto free_prog;

	}



	/* Make sure kthread runs on a single CPU */

	kthread_bind(rcpu->kthread, cpu);
@@ -503,7 +508,7 @@ __cpu_map_entry_alloc(struct bpf_map *map, struct bpf_cpumap_val *value, 
	free_percpu(rcpu->bulkq);

free_rcu:

	kfree(rcpu);

	return NULL;

	return ERR_PTR(err);

}



static void __cpu_map_entry_free(struct work_struct *work)
@@ -596,8 +601,8 @@ static long cpu_map_update_elem(struct bpf_map *map, void *key, void *value, 
	} else {

		/* Updating qsize cause re-allocation of bpf_cpu_map_entry */

		rcpu = __cpu_map_entry_alloc(map, &cpumap_value, key_cpu);

		if (!rcpu)

			return -ENOMEM;

		if (IS_ERR(rcpu))

			return PTR_ERR(rcpu);

	}

	rcu_read_lock();

	__cpu_map_entry_replace(cmap, key_cpu, rcpu);