From: Jiri Olsa <olsajiri@gmail.com>
To: Hou Tao <houtao@huaweicloud.com>
Cc: bpf@vger.kernel.org, Martin KaFai Lau <martin.lau@linux.dev>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Hao Luo <haoluo@google.com>,
Yonghong Song <yonghong.song@linux.dev>,
Daniel Borkmann <daniel@iogearbox.net>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>,
John Fastabend <john.fastabend@gmail.com>,
Yafang Shao <laoar.shao@gmail.com>,
houtao1@huawei.com, xukuohai@huawei.com
Subject: Re: [PATCH bpf v2 3/7] bpf: Preserve param->string when parsing mount options
Date: Mon, 21 Oct 2024 11:09:33 +0200 [thread overview]
Message-ID: <ZxYaTSRE1N59vscc@krava> (raw)
In-Reply-To: <20241021014004.1647816-4-houtao@huaweicloud.com>
On Mon, Oct 21, 2024 at 09:40:00AM +0800, Hou Tao wrote:
> From: Hou Tao <houtao1@huawei.com>
>
> In bpf_parse_param(), keep the value of param->string intact so it can
> be freed later. Otherwise, the kmalloc area pointed to by param->string
> will be leaked as shown below:
>
> unreferenced object 0xffff888118c46d20 (size 8):
> comm "new_name", pid 12109, jiffies 4295580214
> hex dump (first 8 bytes):
> 61 6e 79 00 38 c9 5c 7e any.8.\~
> backtrace (crc e1b7f876):
> [<00000000c6848ac7>] kmemleak_alloc+0x4b/0x80
> [<00000000de9f7d00>] __kmalloc_node_track_caller_noprof+0x36e/0x4a0
> [<000000003e29b886>] memdup_user+0x32/0xa0
> [<0000000007248326>] strndup_user+0x46/0x60
> [<0000000035b3dd29>] __x64_sys_fsconfig+0x368/0x3d0
> [<0000000018657927>] x64_sys_call+0xff/0x9f0
> [<00000000c0cabc95>] do_syscall_64+0x3b/0xc0
> [<000000002f331597>] entry_SYSCALL_64_after_hwframe+0x4b/0x53
>
> Fixes: 6c1752e0b6ca ("bpf: Support symbolic BPF FS delegation mount options")
> Signed-off-by: Hou Tao <houtao1@huawei.com>
nice, I saw that memleak report recently and couldn't make sense of it ;-)
Acked-by: Jiri Olsa <jolsa@kernel.org>
thanks,
jirka
> ---
> kernel/bpf/inode.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> index d8fc5eba529d..9aaf5124648b 100644
> --- a/kernel/bpf/inode.c
> +++ b/kernel/bpf/inode.c
> @@ -880,7 +880,7 @@ static int bpf_parse_param(struct fs_context *fc, struct fs_parameter *param)
> const struct btf_type *enum_t;
> const char *enum_pfx;
> u64 *delegate_msk, msk = 0;
> - char *p;
> + char *p, *str;
> int val;
>
> /* ignore errors, fallback to hex */
> @@ -911,7 +911,8 @@ static int bpf_parse_param(struct fs_context *fc, struct fs_parameter *param)
> return -EINVAL;
> }
>
> - while ((p = strsep(¶m->string, ":"))) {
> + str = param->string;
> + while ((p = strsep(&str, ":"))) {
> if (strcmp(p, "any") == 0) {
> msk |= ~0ULL;
> } else if (find_btf_enum_const(info.btf, enum_t, enum_pfx, p, &val)) {
> --
> 2.29.2
>
next prev parent reply other threads:[~2024-10-21 9:09 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-21 1:39 [PATCH bpf v2 0/7] Misc fixes for bpf Hou Tao
2024-10-21 1:39 ` [PATCH bpf v2 1/7] bpf: Add the missing BPF_LINK_TYPE invocation for sockmap Hou Tao
2024-10-21 1:39 ` [PATCH bpf v2 2/7] bpf: Add assertion for the size of bpf_link_type_strs[] Hou Tao
2024-10-21 8:18 ` Jiri Olsa
2024-10-21 23:02 ` Andrii Nakryiko
2024-10-22 7:35 ` Hou Tao
2024-10-22 17:40 ` Andrii Nakryiko
2024-10-22 20:26 ` Alexei Starovoitov
2024-10-22 20:41 ` Andrii Nakryiko
2024-10-21 1:40 ` [PATCH bpf v2 3/7] bpf: Preserve param->string when parsing mount options Hou Tao
2024-10-21 9:09 ` Jiri Olsa [this message]
2024-10-21 1:40 ` [PATCH bpf v2 4/7] bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() Hou Tao
2024-10-21 2:45 ` Hou Tao
2024-10-21 23:07 ` Andrii Nakryiko
2024-10-22 7:25 ` Hou Tao
2024-10-21 1:40 ` [PATCH bpf v2 5/7] bpf: Check the validity of nr_words in bpf_iter_bits_new() Hou Tao
2024-10-21 9:51 ` Jiri Olsa
2024-10-21 23:09 ` Andrii Nakryiko
2024-10-23 3:17 ` Yafang Shao
2024-10-23 8:29 ` Hou Tao
2024-10-23 9:25 ` Yafang Shao
2024-10-23 9:34 ` Yafang Shao
2024-10-21 1:40 ` [PATCH bpf v2 6/7] bpf: Use __u64 to save the bits in bits iterator Hou Tao
2024-10-23 3:10 ` Yafang Shao
2024-10-23 8:09 ` Hou Tao
2024-10-21 1:40 ` [PATCH bpf v2 7/7] selftests/bpf: Test multiplication overflow of nr_bits in bits_iter Hou Tao
2024-10-21 23:11 ` [PATCH bpf v2 0/7] Misc fixes for bpf Andrii Nakryiko
2024-10-22 7:37 ` Hou Tao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZxYaTSRE1N59vscc@krava \
--to=olsajiri@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=houtao1@huawei.com \
--cc=houtao@huaweicloud.com \
--cc=john.fastabend@gmail.com \
--cc=kpsingh@kernel.org \
--cc=laoar.shao@gmail.com \
--cc=martin.lau@linux.dev \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=xukuohai@huawei.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.