| Message ID | 20210707043811.5349-3-hefengqing@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | BPF |
| Headers | show |
| Series | potential memleak and use after free in bpf verifier | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for bpf-next |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | success | CCed 10 of 10 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 30 this patch: 30 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 12 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 30 this patch: 30 |
| netdev/header_inline | success | Link |
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index be38bb930bf1..41109f49b724 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -11501,8 +11501,11 @@ static struct bpf_prog *bpf_patch_insn_data(struct bpf_verifier_env *env, u32 of env->insn_aux_data[off].orig_idx); return NULL; } - if (adjust_insn_aux_data(env, new_prog, off, len)) + if (adjust_insn_aux_data(env, new_prog, off, len)) { + if (new_prog != env->prog) + bpf_prog_clone_free(new_prog); return NULL; + } adjust_subprog_starts(env, off, len); adjust_poke_descs(new_prog, off, len); return new_prog;
In bpf_patch_insn_data function, if adjust_insn_aux_data() return error, we need to free new_prog. Signed-off-by: He Fengqing <hefengqing@huawei.com> --- kernel/bpf/verifier.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)