[1/2] bpf: sockmap, double free in __sock_map_ctx_update_elem()
diff mbox series

Message ID 20180518075810.GA28285@mwanda
State Superseded, archived
Delegated to: BPF Maintainers
Headers show
Series
  • [1/2] bpf: sockmap, double free in __sock_map_ctx_update_elem()
Related show

Commit Message

Dan Carpenter May 18, 2018, 7:58 a.m. UTC
We accidentally free "e" twice.

Fixes: 81110384441a ("bpf: sockmap, add hash map support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

Comments

Daniel Borkmann May 18, 2018, 8:27 a.m. UTC | #1
Hi Dan,

On 05/18/2018 09:58 AM, Dan Carpenter wrote:
> We accidentally free "e" twice.
> 
> Fixes: 81110384441a ("bpf: sockmap, add hash map support")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
> index c6de1393df63..216d5c9b0eb3 100644
> --- a/kernel/bpf/sockmap.c
> +++ b/kernel/bpf/sockmap.c
> @@ -1833,7 +1833,6 @@ static int __sock_map_ctx_update_elem(struct bpf_map *map,
>  	if (tx_msg)
>  		bpf_prog_put(tx_msg);
>  	write_unlock_bh(&sock->sk_callback_lock);
> -	kfree(e);
>  	return err;
>  }

Thanks for the two fixes, appreciate it! There were two similar ones that
fix the same issues which were already applied yesterday to bpf-next:

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0e4364560361d57e8cd873a8990327f3471d7d8a
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=a78622932c27e8ec33e5ba180f3d2e87fb806b28
Dan Carpenter May 18, 2018, 2:39 p.m. UTC | #2
On Fri, May 18, 2018 at 10:27:18AM +0200, Daniel Borkmann wrote:
> 
> Thanks for the two fixes, appreciate it! There were two similar ones that
> fix the same issues which were already applied yesterday to bpf-next:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0e4364560361d57e8cd873a8990327f3471d7d8a
> https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=a78622932c27e8ec33e5ba180f3d2e87fb806b28

Hey Gustavo,

We're sort of duplicating each other's work.  Could you CC
kernel-janitors@vger.kernel.org for static checker fixes so that I can
see what you're working on?

We'll probably still send the occasional duplicate which is fine...

regards,
dan carpenter
Gustavo A. R. Silva May 19, 2018, 12:17 a.m. UTC | #3
Hi Dan,

On 05/18/2018 09:39 AM, Dan Carpenter wrote:
> On Fri, May 18, 2018 at 10:27:18AM +0200, Daniel Borkmann wrote:
>>
>> Thanks for the two fixes, appreciate it! There were two similar ones that
>> fix the same issues which were already applied yesterday to bpf-next:
>>
>> https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=0e4364560361d57e8cd873a8990327f3471d7d8a
>> https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=a78622932c27e8ec33e5ba180f3d2e87fb806b28
> 
> Hey Gustavo,
> 
> We're sort of duplicating each other's work.  Could you CC
> kernel-janitors@vger.kernel.org for static checker fixes so that I can
> see what you're working on?
> 

Sure thing.

I've been doing this work for more than a year now and just recently we 
are having these issues. I'm a bit curious about it.

> We'll probably still send the occasional duplicate which is fine...
> 

Yep. Not a big deal for me.

Have a good one.
--
Gustavo

Patch
diff mbox series

diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
index c6de1393df63..216d5c9b0eb3 100644
--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -1833,7 +1833,6 @@  static int __sock_map_ctx_update_elem(struct bpf_map *map,
 	if (tx_msg)
 		bpf_prog_put(tx_msg);
 	write_unlock_bh(&sock->sk_callback_lock);
-	kfree(e);
 	return err;
 }