| From: Daniel Borkmann <daniel@iogearbox.net> |
| Date: Wed, 2 May 2018 20:12:22 +0200 |
| Subject: bpf, x64: fix memleak when not converging after image |
| |
| commit 3aab8884c9eb99189a3569ac4e6b205371c9ac0b upstream. |
| |
| While reviewing x64 JIT code, I noticed that we leak the prior allocated |
| JIT image in the case where proglen != oldproglen during the JIT passes. |
| Prior to the commit e0ee9c12157d ("x86: bpf_jit: fix two bugs in eBPF JIT |
| compiler") we would just break out of the loop, and using the image as the |
| JITed prog since it could only shrink in size anyway. After e0ee9c12157d, |
| we would bail out to out_addrs label where we free addrs and jit_data but |
| not the image coming from bpf_jit_binary_alloc(). |
| |
| Fixes: e0ee9c12157d ("x86: bpf_jit: fix two bugs in eBPF JIT compiler") |
| Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
| Acked-by: Alexei Starovoitov <ast@kernel.org> |
| Acked-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
| [bwh: Backported to 3.16: Deleted code is slightly different] |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| arch/x86/net/bpf_jit_comp.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/arch/x86/net/bpf_jit_comp.c |
| +++ b/arch/x86/net/bpf_jit_comp.c |
| @@ -914,6 +914,7 @@ void bpf_int_jit_compile(struct sk_filte |
| for (pass = 0; pass < 10 || image; pass++) { |
| proglen = do_jit(prog, addrs, image, oldproglen, &ctx); |
| if (proglen <= 0) { |
| +out_image: |
| image = NULL; |
| if (header) |
| module_free(NULL, header); |
| @@ -923,7 +924,7 @@ void bpf_int_jit_compile(struct sk_filte |
| if (proglen != oldproglen) { |
| pr_err("bpf_jit: proglen=%d != oldproglen=%d\n", |
| proglen, oldproglen); |
| - goto out; |
| + goto out_image; |
| } |
| break; |
| } |