Message ID | 20210707043811.5349-3-hefengqing@huawei.com |
---|---|
State | New |
Headers | show |
Series | potential memleak and use after free in bpf verifier | expand |
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index be38bb930bf1..41109f49b724 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -11501,8 +11501,11 @@ static struct bpf_prog *bpf_patch_insn_data(struct bpf_verifier_env *env, u32 of env->insn_aux_data[off].orig_idx); return NULL; } - if (adjust_insn_aux_data(env, new_prog, off, len)) + if (adjust_insn_aux_data(env, new_prog, off, len)) { + if (new_prog != env->prog) + bpf_prog_clone_free(new_prog); return NULL; + } adjust_subprog_starts(env, off, len); adjust_poke_descs(new_prog, off, len); return new_prog;
In bpf_patch_insn_data function, if adjust_insn_aux_data() return error, we need to free new_prog. Signed-off-by: He Fengqing <hefengqing@huawei.com> --- kernel/bpf/verifier.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)