| From foo@baz Sun Jun 17 12:07:34 CEST 2018 |
| From: Daniel Borkmann <daniel@iogearbox.net> |
| Date: Wed, 2 May 2018 20:12:22 +0200 |
| Subject: bpf, x64: fix memleak when not converging after image |
| |
| From: Daniel Borkmann <daniel@iogearbox.net> |
| |
| [ Upstream commit 3aab8884c9eb99189a3569ac4e6b205371c9ac0b ] |
| |
| While reviewing x64 JIT code, I noticed that we leak the prior allocated |
| JIT image in the case where proglen != oldproglen during the JIT passes. |
| Prior to the commit e0ee9c12157d ("x86: bpf_jit: fix two bugs in eBPF JIT |
| compiler") we would just break out of the loop, and using the image as the |
| JITed prog since it could only shrink in size anyway. After e0ee9c12157d, |
| we would bail out to out_addrs label where we free addrs and jit_data but |
| not the image coming from bpf_jit_binary_alloc(). |
| |
| Fixes: e0ee9c12157d ("x86: bpf_jit: fix two bugs in eBPF JIT compiler") |
| Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
| Acked-by: Alexei Starovoitov <ast@kernel.org> |
| Acked-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| arch/x86/net/bpf_jit_comp.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/arch/x86/net/bpf_jit_comp.c |
| +++ b/arch/x86/net/bpf_jit_comp.c |
| @@ -1201,6 +1201,7 @@ skip_init_addrs: |
| for (pass = 0; pass < 20 || image; pass++) { |
| proglen = do_jit(prog, addrs, image, oldproglen, &ctx); |
| if (proglen <= 0) { |
| +out_image: |
| image = NULL; |
| if (header) |
| bpf_jit_binary_free(header); |
| @@ -1211,8 +1212,7 @@ skip_init_addrs: |
| if (proglen != oldproglen) { |
| pr_err("bpf_jit: proglen=%d != oldproglen=%d\n", |
| proglen, oldproglen); |
| - prog = orig_prog; |
| - goto out_addrs; |
| + goto out_image; |
| } |
| break; |
| } |