bpf/syscall: allow key to be null in map functions

This commit adds the required logic to allow key being NULL
in case the key_size of the map is 0.

A new __bpf_copy_key function helper only copies the key from
userpsace when key_size != 0, otherwise it enforces that key must be
null.

Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index f4ecd6ed22522aa27f26bc15a6b4387034f15179..78d9dd95e25f6190e12369fcfa00ed3f7eb977b9 100644 (file)
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -651,6 +651,17 @@ int __weak bpf_stackmap_copy(struct bpf_map *map, void *key, void *value)
        return -ENOTSUPP;
 }
 
+static void *__bpf_copy_key(void __user *ukey, u64 key_size)
+{
+       if (key_size)
+               return memdup_user(ukey, key_size);
+
+       if (ukey)
+               return ERR_PTR(-EINVAL);
+
+       return NULL;
+}
+
 /* last field in 'union bpf_attr' used by this command */
 #define BPF_MAP_LOOKUP_ELEM_LAST_FIELD value
 
@@ -678,7 +689,7 @@ static int map_lookup_elem(union bpf_attr *attr)
                goto err_put;
        }
 
-       key = memdup_user(ukey, map->key_size);
+       key = __bpf_copy_key(ukey, map->key_size);
        if (IS_ERR(key)) {
                err = PTR_ERR(key);
                goto err_put;
@@ -785,7 +796,7 @@ static int map_update_elem(union bpf_attr *attr)
                goto err_put;
        }
 
-       key = memdup_user(ukey, map->key_size);
+       key = __bpf_copy_key(ukey, map->key_size);
        if (IS_ERR(key)) {
                err = PTR_ERR(key);
                goto err_put;
@@ -888,7 +899,7 @@ static int map_delete_elem(union bpf_attr *attr)
                goto err_put;
        }
 
-       key = memdup_user(ukey, map->key_size);
+       key = __bpf_copy_key(ukey, map->key_size);
        if (IS_ERR(key)) {
                err = PTR_ERR(key);
                goto err_put;
@@ -941,7 +952,7 @@ static int map_get_next_key(union bpf_attr *attr)
        }
 
        if (ukey) {
-               key = memdup_user(ukey, map->key_size);
+               key = __bpf_copy_key(ukey, map->key_size);
                if (IS_ERR(key)) {
                        err = PTR_ERR(key);
                        goto err_put;