* [PATCH bpf v2] bpf: don't leak memory in bpf getsockopt when optlen == 0
@ 2021-01-12 16:28 Stanislav Fomichev
2021-01-12 18:04 ` Martin KaFai Lau
2021-01-12 20:10 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Stanislav Fomichev @ 2021-01-12 16:28 UTC (permalink / raw)
To: netdev, bpf; +Cc: ast, daniel, Stanislav Fomichev, Martin KaFai Lau
optlen == 0 indicates that the kernel should ignore BPF buffer
and use the original one from the user. We, however, forget
to free the temporary buffer that we've allocated for BPF.
Reported-by: Martin KaFai Lau <kafai@fb.com>
Fixes: d8fe449a9c51 ("bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE")
Signed-off-by: Stanislav Fomichev <sdf@google.com>
---
kernel/bpf/cgroup.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 6ec088a96302..96555a8a2c54 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1391,12 +1391,13 @@ int __cgroup_bpf_run_filter_setsockopt(struct sock *sk, int *level,
if (ctx.optlen != 0) {
*optlen = ctx.optlen;
*kernel_optval = ctx.optval;
+ /* export and don't free sockopt buf */
+ return 0;
}
}
out:
- if (ret)
- sockopt_free_buf(&ctx);
+ sockopt_free_buf(&ctx);
return ret;
}
--
2.30.0.284.gd98b1dd5eaa7-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH bpf v2] bpf: don't leak memory in bpf getsockopt when optlen == 0
2021-01-12 16:28 [PATCH bpf v2] bpf: don't leak memory in bpf getsockopt when optlen == 0 Stanislav Fomichev
@ 2021-01-12 18:04 ` Martin KaFai Lau
2021-01-12 20:10 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Martin KaFai Lau @ 2021-01-12 18:04 UTC (permalink / raw)
To: Stanislav Fomichev; +Cc: netdev, bpf, ast, daniel
On Tue, Jan 12, 2021 at 08:28:29AM -0800, Stanislav Fomichev wrote:
> optlen == 0 indicates that the kernel should ignore BPF buffer
> and use the original one from the user. We, however, forget
> to free the temporary buffer that we've allocated for BPF.
Acked-by: Martin KaFai Lau <kafai@fb.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH bpf v2] bpf: don't leak memory in bpf getsockopt when optlen == 0
2021-01-12 16:28 [PATCH bpf v2] bpf: don't leak memory in bpf getsockopt when optlen == 0 Stanislav Fomichev
2021-01-12 18:04 ` Martin KaFai Lau
@ 2021-01-12 20:10 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-01-12 20:10 UTC (permalink / raw)
To: Stanislav Fomichev; +Cc: netdev, bpf, ast, daniel, kafai
Hello:
This patch was applied to bpf/bpf.git (refs/heads/master):
On Tue, 12 Jan 2021 08:28:29 -0800 you wrote:
> optlen == 0 indicates that the kernel should ignore BPF buffer
> and use the original one from the user. We, however, forget
> to free the temporary buffer that we've allocated for BPF.
>
> Reported-by: Martin KaFai Lau <kafai@fb.com>
> Fixes: d8fe449a9c51 ("bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE")
> Signed-off-by: Stanislav Fomichev <sdf@google.com>
>
> [...]
Here is the summary with links:
- [bpf,v2] bpf: don't leak memory in bpf getsockopt when optlen == 0
https://git.kernel.org/bpf/bpf/c/4be34f3d0731
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-12 21:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-12 16:28 [PATCH bpf v2] bpf: don't leak memory in bpf getsockopt when optlen == 0 Stanislav Fomichev
2021-01-12 18:04 ` Martin KaFai Lau
2021-01-12 20:10 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).