diff.patch

From a2f108365a8d34cf0908f9d1ed2deade9c9e8cc3 Mon Sep 17 00:00:00 2001
From: James Hsu <james.hsu@mediatek.com>
Date: Fri, 29 Jan 2021 02:19:06 +0800
Subject: [PATCH] [ALPS05247589] bpf: fix ubsan error

ubsan error log
[name:ubsan&]index 8 is out of range for type char [0]
Call trace:
dump_backtrace+0x0/0x394
show_stack+0x14/0x1c
dump_stack+0xe4/0x134
ubsan_epilogue+0x14/0x114
__ubsan_handle_out_of_bounds+0x1fc/0x21c
array_map_update_elem+0x43c/0x490
SyS_bpf+0x296c/0x4898
__sys_trace_return+0x0/0x4

MTK-Commit-Id: 77ac33722f4c2fbab1ec71281a1ddccb80e2b5e7

Change-Id: I00e93a1556d8ef8ea8da2cb6b0eb4ced530299ad
Signed-off-by: James Hsu <james.hsu@mediatek.com>
CR-Id: ALPS05247589
Feature: [Module]Kernel Maintenance
(cherry picked from commit 252e87cac5b668d39ad95c767eb0d15abef695a1)
---
 kernel/bpf/arraymap.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index 148895e2457f..92a0b8c5cfb1 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -264,10 +264,15 @@ static int array_map_update_elem(struct bpf_map *map, void *key, void *value,
 	if (array->map.map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
 		memcpy(this_cpu_ptr(array->pptrs[index & array->index_mask]),
 		       value, map->value_size);
-	else
+	else  {
+		if (unlikely(sizeof(array->value) <
+			array->elem_size * (index & array->index_mask)))
+			return -EINVAL;
+
 		memcpy(array->value +
 		       array->elem_size * (index & array->index_mask),
 		       value, map->value_size);
+	}
 	return 0;
 }