| From foo@baz Wed Aug 22 09:42:09 CEST 2018 |
| From: Daniel Borkmann <daniel@iogearbox.net> |
| Date: Thu, 28 Jun 2018 23:34:58 +0200 |
| Subject: bpf, s390: fix potential memleak when later bpf_jit_prog fails |
| |
| From: Daniel Borkmann <daniel@iogearbox.net> |
| |
| [ Upstream commit f605ce5eb26ac934fb8106d75d46a2c875a2bf23 ] |
| |
| If we would ever fail in the bpf_jit_prog() pass that writes the |
| actual insns to the image after we got header via bpf_jit_binary_alloc() |
| then we also need to make sure to free it through bpf_jit_binary_free() |
| again when bailing out. Given we had prior bpf_jit_prog() passes to |
| initially probe for clobbered registers, program size and to fill in |
| addrs arrray for jump targets, this is more of a theoretical one, |
| but at least make sure this doesn't break with future changes. |
| |
| Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend") |
| Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
| Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> |
| Acked-by: Alexei Starovoitov <ast@kernel.org> |
| Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/s390/net/bpf_jit_comp.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/arch/s390/net/bpf_jit_comp.c |
| +++ b/arch/s390/net/bpf_jit_comp.c |
| @@ -1386,6 +1386,7 @@ struct bpf_prog *bpf_int_jit_compile(str |
| goto free_addrs; |
| } |
| if (bpf_jit_prog(&jit, fp)) { |
| + bpf_jit_binary_free(header); |
| fp = orig_fp; |
| goto free_addrs; |
| } |