[PATCH bpf v4 07/20] resolve_btfids: Fix memory leaks reported by ASAN

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ihor Solodrai <ihor.solodrai@linux.dev>
To: "Alexei Starovoitov" <ast@kernel.org>,
	"Andrii Nakryiko" <andrii@kernel.org>,
	"Daniel Borkmann" <daniel@iogearbox.net>,
	"Eduard Zingerman" <eddyz87@gmail.com>,
	"Jiri Olsa" <olsajiri@gmail.com>,
	"Mykyta Yatsenko" <yatsenko@meta.com>,
	"Alexis Lothoré" <alexis.lothore@bootlin.com>
Cc: Amery Hung <ameryhung@gmail.com>,
	bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
	kernel-team@meta.com
Subject: [PATCH bpf v4 07/20] resolve_btfids: Fix memory leaks reported by ASAN
Date: Mon, 23 Feb 2026 11:07:23 -0800	[thread overview]
Message-ID: <20260223190736.649171-8-ihor.solodrai@linux.dev> (raw)
In-Reply-To: <20260223190736.649171-1-ihor.solodrai@linux.dev>

Running resolve_btfids with ASAN reveals memory leaks in btf_id
handling.

- Change get_id() to use a local buffer
- Make btf_id__add() strdup the name internally
- Add btf_id__free_all() that frees all nodese of a tree
- Call the cleanup function on exit for every tree

Acked-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
---
 tools/bpf/resolve_btfids/main.c | 81 ++++++++++++++++++++++-----------
 1 file changed, 54 insertions(+), 27 deletions(-)

diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
index ca7fcd03efb6..5208f650080f 100644
--- a/tools/bpf/resolve_btfids/main.c
+++ b/tools/bpf/resolve_btfids/main.c
@@ -226,7 +226,7 @@ static struct btf_id *btf_id__find(struct rb_root *root, const char *name)
 }
 
 static struct btf_id *__btf_id__add(struct rb_root *root,
-				    char *name,
+				    const char *name,
 				    enum btf_id_kind kind,
 				    bool unique)
 {
@@ -250,7 +250,11 @@ static struct btf_id *__btf_id__add(struct rb_root *root,
 	id = zalloc(sizeof(*id));
 	if (id) {
 		pr_debug("adding symbol %s\n", name);
-		id->name = name;
+		id->name = strdup(name);
+		if (!id->name) {
+			free(id);
+			return NULL;
+		}
 		id->kind = kind;
 		rb_link_node(&id->rb_node, parent, p);
 		rb_insert_color(&id->rb_node, root);
@@ -258,17 +262,21 @@ static struct btf_id *__btf_id__add(struct rb_root *root,
 	return id;
 }
 
-static inline struct btf_id *btf_id__add(struct rb_root *root, char *name, enum btf_id_kind kind)
+static inline struct btf_id *btf_id__add(struct rb_root *root,
+					 const char *name,
+					 enum btf_id_kind kind)
 {
 	return __btf_id__add(root, name, kind, false);
 }
 
-static inline struct btf_id *btf_id__add_unique(struct rb_root *root, char *name, enum btf_id_kind kind)
+static inline struct btf_id *btf_id__add_unique(struct rb_root *root,
+						const char *name,
+						enum btf_id_kind kind)
 {
 	return __btf_id__add(root, name, kind, true);
 }
 
-static char *get_id(const char *prefix_end)
+static int get_id(const char *prefix_end, char *buf, size_t buf_sz)
 {
 	/*
 	 * __BTF_ID__func__vfs_truncate__0
@@ -277,28 +285,28 @@ static char *get_id(const char *prefix_end)
 	 */
 	int len = strlen(prefix_end);
 	int pos = sizeof("__") - 1;
-	char *p, *id;
+	char *p;
 
 	if (pos >= len)
-		return NULL;
+		return -1;
 
-	id = strdup(prefix_end + pos);
-	if (id) {
-		/*
-		 * __BTF_ID__func__vfs_truncate__0
-		 * id =            ^
-		 *
-		 * cut the unique id part
-		 */
-		p = strrchr(id, '_');
-		p--;
-		if (*p != '_') {
-			free(id);
-			return NULL;
-		}
-		*p = '\0';
-	}
-	return id;
+	if (len - pos >= buf_sz)
+		return -1;
+
+	strcpy(buf, prefix_end + pos);
+	/*
+	 * __BTF_ID__func__vfs_truncate__0
+	 * buf =           ^
+	 *
+	 * cut the unique id part
+	 */
+	p = strrchr(buf, '_');
+	p--;
+	if (*p != '_')
+		return -1;
+	*p = '\0';
+
+	return 0;
 }
 
 static struct btf_id *add_set(struct object *obj, char *name, enum btf_id_kind kind)
@@ -335,10 +343,9 @@ static struct btf_id *add_set(struct object *obj, char *name, enum btf_id_kind k
 
 static struct btf_id *add_symbol(struct rb_root *root, char *name, size_t size)
 {
-	char *id;
+	char id[KSYM_NAME_LEN];
 
-	id = get_id(name + size);
-	if (!id) {
+	if (get_id(name + size, id, sizeof(id))) {
 		pr_err("FAILED to parse symbol name: %s\n", name);
 		return NULL;
 	}
@@ -346,6 +353,21 @@ static struct btf_id *add_symbol(struct rb_root *root, char *name, size_t size)
 	return btf_id__add(root, id, BTF_ID_KIND_SYM);
 }
 
+static void btf_id__free_all(struct rb_root *root)
+{
+	struct rb_node *next;
+	struct btf_id *id;
+
+	next = rb_first(root);
+	while (next) {
+		id = rb_entry(next, struct btf_id, rb_node);
+		next = rb_next(&id->rb_node);
+		rb_erase(&id->rb_node, root);
+		free(id->name);
+		free(id);
+	}
+}
+
 static void bswap_32_data(void *data, u32 nr_bytes)
 {
 	u32 cnt, i;
@@ -1547,6 +1569,11 @@ int main(int argc, const char **argv)
 out:
 	btf__free(obj.base_btf);
 	btf__free(obj.btf);
+	btf_id__free_all(&obj.structs);
+	btf_id__free_all(&obj.unions);
+	btf_id__free_all(&obj.typedefs);
+	btf_id__free_all(&obj.funcs);
+	btf_id__free_all(&obj.sets);
 	if (obj.efile.elf) {
 		elf_end(obj.efile.elf);
 		close(obj.efile.fd);
-- 
2.53.0

next prev parent reply	other threads:[~2026-02-23 19:08 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-23 19:07 [PATCH bpf v4 00/20] selftests/bpf: Fixes for userspace ASAN Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 01/20] selftests/bpf: Add simple strscpy() implementation Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 02/20] selftests/bpf: Replace strcpy() calls with strscpy() Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 03/20] selftests/bpf: Replace strncpy() " Ihor Solodrai
2026-02-23 22:28   ` Eduard Zingerman
2026-02-23 22:32     ` Ihor Solodrai
2026-02-23 22:59       ` Eduard Zingerman
2026-02-23 19:07 ` [PATCH bpf v4 04/20] selftests/bpf: Use strscpy in bpftool_helpers.c Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 05/20] selftests/bpf: Use memcpy() for bounded non-NULL-terminated copies Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 06/20] selftests/bpf: Pass through build flags to bpftool and resolve_btfids Ihor Solodrai
2026-02-23 19:07 ` Ihor Solodrai [this message]
2026-02-23 19:07 ` [PATCH bpf v4 08/20] selftests/bpf: Add DENYLIST.asan Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 09/20] selftests/bpf: Refactor bpf_get_ksyms() trace helper Ihor Solodrai
2026-02-23 23:23   ` Eduard Zingerman
2026-02-23 19:07 ` [PATCH bpf v4 10/20] selftests/bpf: Fix memory leaks in tests Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 11/20] selftests/bpf: Fix cleanup in check_fd_array_cnt__fd_array_too_big() Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 12/20] veristat: Fix a memory leak for preset ENUMERATOR Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 13/20] selftests/bpf: Fix use-after-free in xdp_metadata test Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 14/20] selftests/bpf: Fix double thread join in uprobe_multi_test Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 15/20] selftests/bpf: Fix resource leaks caused by missing cleanups Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 16/20] selftests/bpf: Free bpf_object in test_sysctl Ihor Solodrai
2026-02-23 19:07 ` [PATCH bpf v4 17/20] selftests/bpf: Fix array bounds warning in jit_disasm_helpers Ihor Solodrai
2026-02-23 19:11 ` [PATCH bpf v4 18/20] selftests/bpf: Fix out-of-bounds array access bugs reported by ASAN Ihor Solodrai
2026-02-23 19:11   ` [PATCH bpf v4 19/20] selftests/bpf: Check BPFTOOL env var in detect_bpftool_path() Ihor Solodrai
2026-02-23 19:11   ` [PATCH bpf v4 20/20] selftests/bpf: Don't override SIGSEGV handler with ASAN Ihor Solodrai
2026-02-24  3:00 ` [PATCH bpf v4 00/20] selftests/bpf: Fixes for userspace ASAN patchwork-bot+netdevbpf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ca7fcd03efb dfblob:5208f650080 )
 OR (
bs:"[PATCH bpf v4 07/20] resolve_btfids: Fix memory leaks reported by ASAN" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260223190736.649171-8-ihor.solodrai@linux.dev \
    --to=ihor.solodrai@linux.dev \
    --cc=alexis.lothore@bootlin.com \
    --cc=ameryhung@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=kernel-team@meta.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=olsajiri@gmail.com \
    --cc=yatsenko@meta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.