* [PATCH net-next] bpf: fix verifier memory leaks
@ 2017-11-01 7:08 Alexei Starovoitov
2017-11-01 13:07 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Alexei Starovoitov @ 2017-11-01 7:08 UTC (permalink / raw)
To: David S . Miller
Cc: Daniel Borkmann, Edward Cree, Jakub Kicinski, netdev, kernel-team
fix verifier memory leaks
Fixes: 638f5b90d460 ("bpf: reduce verifier memory consumption")
Signed-off-by: Alexei Starovoitov <ast@fb.com>
---
while re-reviewing my own code noticed few memory leaks.
Sorry rushed the rewrite stack[0] into *stack too fast.
Used kasan only and didn't test it with kmemleak.
Now kmemleak+kasan are clean.
---
kernel/bpf/verifier.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 5f26f7ad124f..2bb6d6aa7085 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -341,10 +341,12 @@ static int realloc_verifier_state(struct bpf_verifier_state *state, int size,
return 0;
}
-static void free_verifier_state(struct bpf_verifier_state *state)
+static void free_verifier_state(struct bpf_verifier_state *state,
+ bool free_self)
{
kfree(state->stack);
- kfree(state);
+ if (free_self)
+ kfree(state);
}
/* copy verifier state from src to dst growing dst stack space
@@ -382,6 +384,7 @@ static int pop_stack(struct bpf_verifier_env *env, int *prev_insn_idx,
if (prev_insn_idx)
*prev_insn_idx = head->prev_insn_idx;
elem = head->next;
+ free_verifier_state(&head->st, false);
kfree(head);
env->head = elem;
env->stack_size--;
@@ -399,14 +402,14 @@ static struct bpf_verifier_state *push_stack(struct bpf_verifier_env *env,
if (!elem)
goto err;
- err = copy_verifier_state(&elem->st, cur);
- if (err)
- return NULL;
elem->insn_idx = insn_idx;
elem->prev_insn_idx = prev_insn_idx;
elem->next = env->head;
env->head = elem;
env->stack_size++;
+ err = copy_verifier_state(&elem->st, cur);
+ if (err)
+ goto err;
if (env->stack_size > BPF_COMPLEXITY_LIMIT_STACK) {
verbose(env, "BPF program is too complex\n");
goto err;
@@ -3641,7 +3644,7 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
struct bpf_verifier_state_list *new_sl;
struct bpf_verifier_state_list *sl;
struct bpf_verifier_state *cur = env->cur_state;
- int i;
+ int i, err;
sl = env->explored_states[insn_idx];
if (!sl)
@@ -3679,7 +3682,12 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
return -ENOMEM;
/* add new state to the head of linked list */
- copy_verifier_state(&new_sl->state, cur);
+ err = copy_verifier_state(&new_sl->state, cur);
+ if (err) {
+ free_verifier_state(&new_sl->state, false);
+ kfree(new_sl);
+ return err;
+ }
new_sl->next = env->explored_states[insn_idx];
env->explored_states[insn_idx] = new_sl;
/* connect new state to parentage chain */
@@ -4424,6 +4432,7 @@ static void free_states(struct bpf_verifier_env *env)
if (sl)
while (sl != STATE_LIST_MARK) {
sln = sl->next;
+ free_verifier_state(&sl->state, false);
kfree(sl);
sl = sln;
}
@@ -4494,7 +4503,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
env->allow_ptr_leaks = capable(CAP_SYS_ADMIN);
ret = do_check(env);
- free_verifier_state(env->cur_state);
+ free_verifier_state(env->cur_state, true);
env->cur_state = NULL;
skip_full_check:
@@ -4601,7 +4610,7 @@ int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
env->allow_ptr_leaks = capable(CAP_SYS_ADMIN);
ret = do_check(env);
- free_verifier_state(env->cur_state);
+ free_verifier_state(env->cur_state, true);
env->cur_state = NULL;
skip_full_check:
--
2.9.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] bpf: fix verifier memory leaks
2017-11-01 7:08 [PATCH net-next] bpf: fix verifier memory leaks Alexei Starovoitov
@ 2017-11-01 13:07 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2017-11-01 13:07 UTC (permalink / raw)
To: ast; +Cc: daniel, ecree, jakub.kicinski, netdev, kernel-team
From: Alexei Starovoitov <ast@fb.com>
Date: Wed, 1 Nov 2017 00:08:04 -0700
> fix verifier memory leaks
>
> Fixes: 638f5b90d460 ("bpf: reduce verifier memory consumption")
> Signed-off-by: Alexei Starovoitov <ast@fb.com>
Applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-11-01 13:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-01 7:08 [PATCH net-next] bpf: fix verifier memory leaks Alexei Starovoitov
2017-11-01 13:07 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.