Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp5204750pxv;
        Tue, 6 Jul 2021 20:54:56 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyzDktQ84Gtj5PhVSp19iWurHs39aNvFUPs7reKnDo5bY31ZR54BsgCD0H5Rxtt3uL63KWC
X-Received: by 2002:a05:6602:249a:: with SMTP id g26mr18057485ioe.150.1625630095963;
        Tue, 06 Jul 2021 20:54:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1625630095; cv=none;
        d=google.com; s=arc-20160816;
        b=feSBeDVhfXl4WhkMMmeLC2XS3kxEkgX2n3GfpEj4gI65XFsEXZL2Wqu05uUEuz6v79
         VlZhtJZTuzQV7J8Clpswf1Y/u+aIvMoU3ojys1LZuQvlPY7psNher/sWuAUMp94SIXzP
         52GN6Ca/tjwO1LxsBAjuch59WFJGd7OqLejmdTHLfJy3edFkzXhmhstK7PkRUrhBMIYF
         YoQaX/PhMzdYaVQvTJkPZppY5hC6MbUqmXZPR0vWdikb7h4lbeFR2NZU7PaHA4t6+sXf
         2nZusEgfUSCPDrVjBdEIXKysleWGPsr/FbAO9+bBotqwWYZuMeEWBNc7+lCknDEjOdXO
         Jf4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from;
        bh=dDgtkZQTbSadPwsBVnEIf3yhUdmkuA4/15+paOuVpyE=;
        b=SKcMlaoaaxDYubv/oiJ3DgV8InaRI9wTngGv8gXnpZPPw5gAdil3dMH3WPOwNXkDFy
         0OXa93PuPnDlxiYGT4IeWp5j86xHf5rqcL8aQXVVimq1xpIlhXmt9H6n9IXzHOVf6oAu
         7OBzxy7CDUYH9bbDiI0Iou/8/QFlswEW40KPUHW1UW3Sf4GxMiZjZ9aIqmJa/NacwZZH
         R2au2eZ1yE6tCVKwoWawcN0ehBqa25qAb16OlFQbUIbtlLcRlDpcbQKddbq7EVw2c+ap
         64mdpiZKY6QMQlRlI4VfXEqRBtMT1ZuqJM3z+bOUmAa0nktsIhdYTESj7wAf1U5rwhal
         9IPg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id j23si18236206iok.60.2021.07.06.20.54.44;
        Tue, 06 Jul 2021 20:54:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230265AbhGGDzl (ORCPT <rfc822;mahongyuan1997@gmail.com>
        + 99 others); Tue, 6 Jul 2021 23:55:41 -0400
Received: from szxga08-in.huawei.com ([45.249.212.255]:10282 "EHLO
        szxga08-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230117AbhGGDzb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 6 Jul 2021 23:55:31 -0400
Received: from dggeme751-chm.china.huawei.com (unknown [172.30.72.55])
        by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4GKQNT5lhGz1CG6f;
        Wed,  7 Jul 2021 11:47:21 +0800 (CST)
Received: from k03.huawei.com (10.67.174.111) by
 dggeme751-chm.china.huawei.com (10.3.19.97) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.2176.2; Wed, 7 Jul 2021 11:52:49 +0800
From:   He Fengqing <hefengqing@huawei.com>
To:     <ast@kernel.org>, <daniel@iogearbox.net>, <andrii@kernel.org>,
        <kafai@fb.com>, <songliubraving@fb.com>, <yhs@fb.com>,
        <john.fastabend@gmail.com>, <kpsingh@kernel.org>
CC:     <davem@davemloft.net>, <kuba@kernel.org>, <netdev@vger.kernel.org>,
        <bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [bpf-next 2/3] bpf: Fix a memory leak in an error handling path in 'bpf_patch_insn_data()'
Date:   Wed, 7 Jul 2021 04:38:10 +0000
Message-ID: <20210707043811.5349-3-hefengqing@huawei.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20210707043811.5349-1-hefengqing@huawei.com>
References: <20210707043811.5349-1-hefengqing@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.67.174.111]
X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To
 dggeme751-chm.china.huawei.com (10.3.19.97)
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In bpf_patch_insn_data function, if adjust_insn_aux_data() return error,
we need to free new_prog.

Signed-off-by: He Fengqing <hefengqing@huawei.com>
---
 kernel/bpf/verifier.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index be38bb930bf1..41109f49b724 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -11501,8 +11501,11 @@ static struct bpf_prog *bpf_patch_insn_data(struct bpf_verifier_env *env, u32 of
 				env->insn_aux_data[off].orig_idx);
 		return NULL;
 	}
-	if (adjust_insn_aux_data(env, new_prog, off, len))
+	if (adjust_insn_aux_data(env, new_prog, off, len)) {
+		if (new_prog != env->prog)
+			bpf_prog_clone_free(new_prog);
 		return NULL;
+	}
 	adjust_subprog_starts(env, off, len);
 	adjust_poke_descs(new_prog, off, len);
 	return new_prog;
-- 
2.25.1