[bpf-next,0/2] Fix double-free when linker processes empty sections

Message

Eduard Zingerman March 28, 2023, 12:47 a.m. UTC

Fixes double-free error in linker.c:bpf_linker__free() caused by
realloc(..., 0) call in linker.c:extend_sec() (such a call "frees"
memory every second time :). The error is triggered when object files
with empty sections of the same name are processed by linker.

- The first patch extends progs/linked_funcs[12].c to trigger the
  error upon tests compilation;
- The second patch contains detailed description of the error, fix and
  appropriate attributions.

Eduard Zingerman (2):
  selftests/bpf: Test if bpftool linker handles empty sections
  libbpf: Fix double-free when linker processes empty sections

 tools/lib/bpf/linker.c                            | 14 +++++++++++++-
 tools/testing/selftests/bpf/progs/linked_funcs1.c |  3 +++
 tools/testing/selftests/bpf/progs/linked_funcs2.c |  3 +++
 3 files changed, 19 insertions(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org March 28, 2023, 3:10 a.m. UTC | #1

Hello:

This series was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Tue, 28 Mar 2023 03:47:36 +0300 you wrote:
> Fixes double-free error in linker.c:bpf_linker__free() caused by
> realloc(..., 0) call in linker.c:extend_sec() (such a call "frees"
> memory every second time :). The error is triggered when object files
> with empty sections of the same name are processed by linker.
> 
> - The first patch extends progs/linked_funcs[12].c to trigger the
>   error upon tests compilation;
> - The second patch contains detailed description of the error, fix and
>   appropriate attributions.
> 
> [...]

Here is the summary with links:
  - [bpf-next,1/2] selftests/bpf: Test if bpftool linker handles empty sections
    (no matching commit)
  - [bpf-next,2/2] libbpf: Fix double-free when linker processes empty sections
    https://git.kernel.org/bpf/bpf-next/c/d08ab82f59d5

You are awesome, thank you!