Message ID | 20180518075810.GA28285@mwanda |
---|---|
State | Superseded, archived |
Delegated to: | BPF Maintainers |
Headers | show |
Series | [1/2] bpf: sockmap, double free in __sock_map_ctx_update_elem() | expand |
Hi Dan, On 05/18/2018 09:58 AM, Dan Carpenter wrote: > We accidentally free "e" twice. > > Fixes: 81110384441a ("bpf: sockmap, add hash map support") > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> > > diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c > index c6de1393df63..216d5c9b0eb3 100644 > --- a/kernel/bpf/sockmap.c > +++ b/kernel/bpf/sockmap.c > @@ -1833,7 +1833,6 @@ static int __sock_map_ctx_update_elem(struct bpf_map *map, > if (tx_msg) > bpf_prog_put(tx_msg); > write_unlock_bh(&sock->sk_callback_lock); > - kfree(e); > return err; > } Thanks for the two fixes, appreciate it! There were two similar ones that fix the same issues which were already applied yesterday to bpf-next: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0e4364560361d57e8cd873a8990327f3471d7d8a https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=a78622932c27e8ec33e5ba180f3d2e87fb806b28
On Fri, May 18, 2018 at 10:27:18AM +0200, Daniel Borkmann wrote: > > Thanks for the two fixes, appreciate it! There were two similar ones that > fix the same issues which were already applied yesterday to bpf-next: > > https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0e4364560361d57e8cd873a8990327f3471d7d8a > https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=a78622932c27e8ec33e5ba180f3d2e87fb806b28 Hey Gustavo, We're sort of duplicating each other's work. Could you CC kernel-janitors@vger.kernel.org for static checker fixes so that I can see what you're working on? We'll probably still send the occasional duplicate which is fine... regards, dan carpenter
Hi Dan, On 05/18/2018 09:39 AM, Dan Carpenter wrote: > On Fri, May 18, 2018 at 10:27:18AM +0200, Daniel Borkmann wrote: >> >> Thanks for the two fixes, appreciate it! There were two similar ones that >> fix the same issues which were already applied yesterday to bpf-next: >> >> https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0e4364560361d57e8cd873a8990327f3471d7d8a >> https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=a78622932c27e8ec33e5ba180f3d2e87fb806b28 > > Hey Gustavo, > > We're sort of duplicating each other's work. Could you CC > kernel-janitors@vger.kernel.org for static checker fixes so that I can > see what you're working on? > Sure thing. I've been doing this work for more than a year now and just recently we are having these issues. I'm a bit curious about it. > We'll probably still send the occasional duplicate which is fine... > Yep. Not a big deal for me. Have a good one. -- Gustavo
diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c index c6de1393df63..216d5c9b0eb3 100644 --- a/kernel/bpf/sockmap.c +++ b/kernel/bpf/sockmap.c @@ -1833,7 +1833,6 @@ static int __sock_map_ctx_update_elem(struct bpf_map *map, if (tx_msg) bpf_prog_put(tx_msg); write_unlock_bh(&sock->sk_callback_lock); - kfree(e); return err; }
We accidentally free "e" twice. Fixes: 81110384441a ("bpf: sockmap, add hash map support") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>