From: bot+bpf-ci@kernel.org
To: piliu@redhat.com,bpf@vger.kernel.org
Cc: piliu@redhat.com,davem@davemloft.net,ast@kernel.org,daniel@iogearbox.net,john.fastabend@gmail.com,andrii@kernel.org,martin.lau@linux.dev,eddyz87@gmail.com,song@kernel.org,yonghong.song@linux.dev,jeremy.linton@arm.com,catalin.marinas@arm.com,will@kernel.org,ardb@kernel.org,horms@kernel.org,kraxel@redhat.com,vkuznets@redhat.com,prudo@redhat.com,vmalik@redhat.com,kernel@jfarr.cc,bhe@redhat.com,dyoung@redhat.com,akpm@linux-foundation.org,kexec@lists.infradead.org,systemd-devel@lists.freedesktop.org,linux-kernel@vger.kernel.org,kpsingh@kernel.org,sdf@fomichev.me,haoluo@google.com,jolsa@kernel.org,ast@kernel.org,andrii@kernel.org,daniel@iogearbox.net,martin.lau@kernel.org,eddyz87@gmail.com,yonghong.song@linux.dev,clm@meta.com,ihor.solodrai@linux.dev
Subject: Re: [PATCHv6 01/13] bpf: Introduce kfuncs to parser buffer content
Date: Mon, 19 Jan 2026 18:45:43 +0000 (UTC) [thread overview]
Message-ID: <ac79262dc46cbfcc238dfb3bfbb5feaa804a2b3b3e8ce2ab1e4b096b6985bdec@mail.kernel.org> (raw)
In-Reply-To: <20260119032424.10781-2-piliu@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2219 bytes --]
> diff --git a/kernel/bpf/bpf_buffer_parser.c b/kernel/bpf/bpf_buffer_parser.c
> new file mode 100644
> index 000000000000..6acb4b5da71b
> --- /dev/null
> +++ b/kernel/bpf/bpf_buffer_parser.c
[ ... ]
> +static void release_bpf_parser_context(struct kref *kref)
> +{
> + struct bpf_parser_context *ctx = container_of(kref, struct bpf_parser_context, ref);
> +
> + if (!!ctx->buf) {
> + vfree(ctx->buf->buf);
> + kfree(ctx->buf);
> + }
[ ... ]
> +struct bpf_parser_context *alloc_bpf_parser_context(bpf_parser_handler_t func,
> + void *data)
> +{
> + struct bpf_parser_context *ctx;
> + unsigned int key;
> +
> + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
ctx->buf is NULL here from kzalloc.
[ ... ]
> +__bpf_kfunc int bpf_buffer_parser(char *buf, int buf_sz,
> + struct bpf_parser_context *context)
> +{
> + struct bpf_parser_buf *parser_buf;
> + int ret;
> + char *b;
> +
> + if (unlikely(context->func == NULL))
> + return -EINVAL;
> +
> + b = __vmalloc(buf_sz, GFP_KERNEL_ACCOUNT | __GFP_ZERO);
> + if (!b)
> + return -ENOMEM;
> + ret = copy_from_kernel_nofault(b, buf, buf_sz);
> + if (!!ret) {
> + vfree(b);
> + return ret;
> + }
> +
> + parser_buf = kmalloc(sizeof(struct bpf_parser_buf), GFP_KERNEL);
> + if (!parser_buf) {
> + vfree(b);
> + return -ENOMEM;
> + }
> + parser_buf->buf = b;
> + parser_buf->size = buf_sz;
> + context->buf = parser_buf;
If bpf_buffer_parser() is called multiple times on the same context, does
this leak the previous parser_buf and its backing vmalloc buffer? The
assignment to context->buf overwrites any existing pointer without first
freeing it.
release_bpf_parser_context() will only free the final context->buf value
when the context is destroyed, so any intermediate buffers from prior
calls would be lost.
Should there be a check here to either return an error if context->buf is
already set, or free the old buffer before assigning the new one?
> + ret = context->func(context);
> +
> + return ret;
> +}
[ ... ]
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21147860407
next prev parent reply other threads:[~2026-01-19 18:45 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-19 3:24 [PATCHv6 00/13] kexec: Use BPF lskel to enable kexec to load PE format boot image Pingfan Liu
2026-01-19 3:24 ` [PATCHv6 01/13] bpf: Introduce kfuncs to parser buffer content Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci [this message]
2026-01-19 3:24 ` [PATCHv6 02/13] kexec_file: Move signature validation ahead Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci
2026-02-26 13:37 ` Philipp Rudo
2026-02-27 2:33 ` Pingfan Liu
2026-01-19 3:24 ` [PATCHv6 03/13] kexec_file: Introduce routines to parse PE file Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci
2026-01-19 3:24 ` [PATCHv6 04/13] kexec_file: Use bpf-prog to decompose image Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci
2026-02-26 13:37 ` Philipp Rudo
2026-02-27 2:40 ` Pingfan Liu
2026-01-19 3:24 ` [PATCHv6 05/13] lib/decompress: Keep decompressor when CONFIG_KEEP_DECOMPRESSOR Pingfan Liu
2026-01-19 3:24 ` [PATCHv6 06/13] kexec_file: Implement decompress method for parser Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci
2026-01-19 3:24 ` [PATCHv6 07/13] kexec_file: Implement copy " Pingfan Liu
2026-01-19 3:24 ` [PATCHv6 08/13] kexec_file: Introduce a bpf-prog lskel to parse PE file Pingfan Liu
2026-01-19 3:24 ` [PATCHv6 09/13] kexec_file: Factor out routine to find a symbol in ELF Pingfan Liu
2026-01-19 3:24 ` [PATCHv6 10/13] kexec_file: Integrate bpf light skeleton to load image with bpf-prog Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci
2026-01-19 3:24 ` [PATCHv6 11/13] arm64/kexec: Select KEXEC_BPF to support UEFI-style kernel image Pingfan Liu
2026-01-19 8:23 ` kernel test robot
2026-01-19 18:45 ` bot+bpf-ci
2026-01-19 3:24 ` [PATCHv6 12/13] tools/kexec: Introduce a bpf-prog to parse zboot image format Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci
2026-01-19 3:24 ` [PATCHv6 13/13] tools/kexec: Add a zboot image building tool Pingfan Liu
2026-01-19 18:45 ` bot+bpf-ci
2026-02-26 13:36 ` [PATCHv6 00/13] kexec: Use BPF lskel to enable kexec to load PE format boot image Philipp Rudo
2026-02-27 6:03 ` Pingfan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac79262dc46cbfcc238dfb3bfbb5feaa804a2b3b3e8ce2ab1e4b096b6985bdec@mail.kernel.org \
--to=bot+bpf-ci@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=andrii@kernel.org \
--cc=ardb@kernel.org \
--cc=ast@kernel.org \
--cc=bhe@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=catalin.marinas@arm.com \
--cc=clm@meta.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dyoung@redhat.com \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=horms@kernel.org \
--cc=ihor.solodrai@linux.dev \
--cc=jeremy.linton@arm.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kernel@jfarr.cc \
--cc=kexec@lists.infradead.org \
--cc=kpsingh@kernel.org \
--cc=kraxel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@kernel.org \
--cc=martin.lau@linux.dev \
--cc=piliu@redhat.com \
--cc=prudo@redhat.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=systemd-devel@lists.freedesktop.org \
--cc=vkuznets@redhat.com \
--cc=vmalik@redhat.com \
--cc=will@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox