Commit 6dae957c authored Mar 29, 2024 by Anton Protopopov Committed by Alexei Starovoitov Mar 29, 2024

bpf: fix possible file descriptor leaks in verifier



The resolve_pseudo_ldimm64() function might have leaked file
descriptors when BPF_MAP_TYPE_ARENA was used in a program (some
error paths missed a corresponding fdput). Add missing fdputs.

v2:
  remove unrelated changes from the fix

Fixes: 6082b6c3 ("bpf: Recognize addr_space_cast instruction in the verifier.")
Signed-off-by: Anton Protopopov <aspsk@isovalent.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Acked-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Link: https://lore.kernel.org/r/20240329071106.67968-1-aspsk@isovalent.com


Signed-off-by: Alexei Starovoitov <ast@kernel.org>

parent 62248b22

kernel/bpf/verifier.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -18379,15 +18379,18 @@ static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env)
		}
		if (!env->prog->jit_requested) {
		verbose(env, "JIT is required to use arena\n");
		fdput(f);
		return -EOPNOTSUPP;
		}
		if (!bpf_jit_supports_arena()) {
		verbose(env, "JIT doesn't support arena\n");
		fdput(f);
		return -EOPNOTSUPP;
		}
		env->prog->aux->arena = (void *)map;
		if (!bpf_arena_get_user_vm_start(env->prog->aux->arena)) {
		verbose(env, "arena's user address must be set via map_extra or mmap()\n");
		fdput(f);
		return -EINVAL;
		}
		}