In bpf/syscall.c, map_create() first set map->usercnt to 1, a file descriptor is
supposed to return to userspace. When bpf_map_new_fd() fails, drop the refcount.
Signed-off-by: Peng Sun <[email protected]>
---
kernel/bpf/syscall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index cf5040f..1c4f1c4 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -558,12 +558,12 @@ static int map_create(union bpf_attr *attr)
err = bpf_map_new_fd(map, f_flags);
if (err < 0) {
/* failed to allocate fd.
- * bpf_map_put() is needed because the above
+ * bpf_map_put_with_uref() is needed because the above
* bpf_map_alloc_id() has published the map
* to the userspace and the userspace may
* have refcnt-ed it through BPF_MAP_GET_FD_BY_ID.
*/
- bpf_map_put(map);
+ bpf_map_put_with_uref(map);
return err;
}
--
2.7.4
On Wed, Feb 27, 2019 at 10:36:25PM +0800, zerons wrote:
> In bpf/syscall.c, map_create() first set map->usercnt to 1, a file descriptor is
> supposed to return to userspace. When bpf_map_new_fd() fails, drop the refcount.
Thanks for the patch.
Please add a Fixes tag for bug fix in the future.
Fixes: bd5f5f4ecb78 ("bpf: Add BPF_MAP_GET_FD_BY_ID")
Acked-by: Martin KaFai Lau <[email protected]>
On Wed, Feb 27, 2019 at 04:52:16PM +0000, Martin Lau wrote:
> On Wed, Feb 27, 2019 at 10:36:25PM +0800, zerons wrote:
> > In bpf/syscall.c, map_create() first set map->usercnt to 1, a file descriptor is
> > supposed to return to userspace. When bpf_map_new_fd() fails, drop the refcount.
> Thanks for the patch.
>
> Please add a Fixes tag for bug fix in the future.
>
> Fixes: bd5f5f4ecb78 ("bpf: Add BPF_MAP_GET_FD_BY_ID")
> Acked-by: Martin KaFai Lau <[email protected]>
Applied, Thanks