Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3708838imm;
        Mon, 18 Jun 2018 02:43:56 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKIeOqZCXqtntEQ6g+9k2OytJISqO8xub+Urk6sAe2dgs8B60fEsm0nx3nQkkcV2hXEAsXmQ
X-Received: by 2002:a17:902:8b8c:: with SMTP id ay12-v6mr13250196plb.74.1529315036842;
        Mon, 18 Jun 2018 02:43:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1529315036; cv=none;
        d=google.com; s=arc-20160816;
        b=CHFy2NScM0MTjc8mduNDArV94wZyF/JZfudYccCYgfShuQ0OH81sNG8E9iiyxkBr19
         2EXze4CrfJkPbGx8dFvy57em/FkaK2dMVmUgr0Y3TxfIGU2EgSvjBiWmCTWrm+f5vxql
         x66G2m0cOR2RnFS8Xe56NsF6q58NsyL2GV27F9VH6FEaFG9cNNSq62cD6cBFgYqG/aJ3
         ecz8S04Bwd0Pi3tSkiSuyIv5ZOT7rFUErvOIWUNkV4W6jQsnqPppKyntpHvoX3tpQRvH
         Qqo8avgzsFXKCiLweP0HAWkjIJTXqSXg1VKCpqu61Sv2inW8Fqq2Z9u3c8veRVgxPeXv
         zQQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=zphVtELmjVHBHgXzx/K0tmyNxp2IXlgtDyNcuYz5Ink=;
        b=WCAQay3eR9vlYOGgRFTb0GoAcNEas9Qegfo/uB80qubX5hoMyKprcJ44UvcBBVuakd
         59RduUoq7KIcl6dar1+Lnpfg9x6t/rhyj1MxfXVn+bmIBcTnCJmyO1mssiup+NWrkkvV
         rBdWWFhSCNLL+rhlLvDBB9JZRssJ2fU8QjXjiCAGvdmyRAdWK+AaD1evNP8xK/o9/W+W
         roYXVP0T3CjDxzw7JWZQBRG5RNpyROXiWiJqlHPvewWPoFyNYNouYfBm+Ub+FoGS0972
         2eiVfTATG+yHBda+ViMjxChG4GDMMHW22O+DkhngKV0TWDfO9ylqfNT++IyBGFyZhVf/
         6C5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t138-v6si11808293pgb.124.2018.06.18.02.43.43;
        Mon, 18 Jun 2018 02:43:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S965517AbeFRIW3 (ORCPT <rfc822;chenl.lei@gmail.com> + 99 others);
        Mon, 18 Jun 2018 04:22:29 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:55538 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S965435AbeFRIW0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 18 Jun 2018 04:22:26 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 0D479C7F;
        Mon, 18 Jun 2018 08:22:25 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>,
        Alexei Starovoitov <ast@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.16 156/279] bpf, x64: fix memleak when not converging after image
Date:   Mon, 18 Jun 2018 10:12:21 +0200
Message-Id: <20180618080615.286989869@linuxfoundation.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180618080608.851973560@linuxfoundation.org>
References: <20180618080608.851973560@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.16-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit 3aab8884c9eb99189a3569ac4e6b205371c9ac0b ]

While reviewing x64 JIT code, I noticed that we leak the prior allocated
JIT image in the case where proglen != oldproglen during the JIT passes.
Prior to the commit e0ee9c12157d ("x86: bpf_jit: fix two bugs in eBPF JIT
compiler") we would just break out of the loop, and using the image as the
JITed prog since it could only shrink in size anyway. After e0ee9c12157d,
we would bail out to out_addrs label where we free addrs and jit_data but
not the image coming from bpf_jit_binary_alloc().

Fixes: e0ee9c12157d ("x86: bpf_jit: fix two bugs in eBPF JIT compiler")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/x86/net/bpf_jit_comp.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -1201,6 +1201,7 @@ skip_init_addrs:
 	for (pass = 0; pass < 20 || image; pass++) {
 		proglen = do_jit(prog, addrs, image, oldproglen, &ctx);
 		if (proglen <= 0) {
+out_image:
 			image = NULL;
 			if (header)
 				bpf_jit_binary_free(header);
@@ -1211,8 +1212,7 @@ skip_init_addrs:
 			if (proglen != oldproglen) {
 				pr_err("bpf_jit: proglen=%d != oldproglen=%d\n",
 				       proglen, oldproglen);
-				prog = orig_prog;
-				goto out_addrs;
+				goto out_image;
 			}
 			break;
 		}