From: Jiri Olsa <olsajiri@gmail.com>
To: Ihor Solodrai <ihor.solodrai@linux.dev>
Cc: "Alexei Starovoitov" <ast@kernel.org>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Eduard Zingerman" <eddyz87@gmail.com>,
"Amery Hung" <ameryhung@gmail.com>,
"Mykyta Yatsenko" <yatsenko@meta.com>,
"Alexis Lothoré" <alexis.lothore@bootlin.com>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-team@meta.com
Subject: Re: [PATCH bpf-next v1 02/14] resolve_btfids: Fix memory leaks reported by ASAN
Date: Thu, 12 Feb 2026 12:28:21 +0100 [thread overview]
Message-ID: <aY25VcBtWd3O7-Gp@krava> (raw)
In-Reply-To: <20260212011356.3266753-3-ihor.solodrai@linux.dev>
On Wed, Feb 11, 2026 at 05:13:44PM -0800, Ihor Solodrai wrote:
> Running resolve_btfids with ASAN reveals memory leaks in btf_id
> handling.
>
> - Change get_id() to use a local buffer
> - Make btf_id__add() strdup the name internally
> - Add btf_id__free_all() that frees all nodese of a tree
> - Call the cleanup function on exit for every tree
>
> Signed-off-by: Ihor Solodrai <ihor.solodrai@linux.dev>
Acked-by: Jiri Olsa <jolsa@kernel.org>
one nit below
thanks,
jirka
> ---
> tools/bpf/resolve_btfids/main.c | 78 +++++++++++++++++++++------------
> 1 file changed, 51 insertions(+), 27 deletions(-)
>
> diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
> index ca7fcd03efb6..863fa0faaa31 100644
> --- a/tools/bpf/resolve_btfids/main.c
> +++ b/tools/bpf/resolve_btfids/main.c
> @@ -226,7 +226,7 @@ static struct btf_id *btf_id__find(struct rb_root *root, const char *name)
> }
>
> static struct btf_id *__btf_id__add(struct rb_root *root,
> - char *name,
> + const char *name,
> enum btf_id_kind kind,
> bool unique)
> {
> @@ -250,7 +250,11 @@ static struct btf_id *__btf_id__add(struct rb_root *root,
> id = zalloc(sizeof(*id));
> if (id) {
> pr_debug("adding symbol %s\n", name);
> - id->name = name;
> + id->name = strdup(name);
> + if (!id->name) {
> + free(id);
> + return NULL;
> + }
> id->kind = kind;
> rb_link_node(&id->rb_node, parent, p);
> rb_insert_color(&id->rb_node, root);
> @@ -258,17 +262,17 @@ static struct btf_id *__btf_id__add(struct rb_root *root,
> return id;
> }
>
> -static inline struct btf_id *btf_id__add(struct rb_root *root, char *name, enum btf_id_kind kind)
> +static inline struct btf_id *btf_id__add(struct rb_root *root, const char *name, enum btf_id_kind kind)
> {
> return __btf_id__add(root, name, kind, false);
> }
>
> -static inline struct btf_id *btf_id__add_unique(struct rb_root *root, char *name, enum btf_id_kind kind)
> +static inline struct btf_id *btf_id__add_unique(struct rb_root *root, const char *name, enum btf_id_kind kind)
> {
> return __btf_id__add(root, name, kind, true);
> }
>
> -static char *get_id(const char *prefix_end)
> +static int get_id(const char *prefix_end, char *buf, size_t buf_sz)
> {
> /*
> * __BTF_ID__func__vfs_truncate__0
> @@ -277,28 +281,28 @@ static char *get_id(const char *prefix_end)
> */
> int len = strlen(prefix_end);
> int pos = sizeof("__") - 1;
> - char *p, *id;
> + char *p;
>
> if (pos >= len)
> - return NULL;
> + return -1;
>
> - id = strdup(prefix_end + pos);
> - if (id) {
> - /*
> - * __BTF_ID__func__vfs_truncate__0
> - * id = ^
> - *
> - * cut the unique id part
> - */
> - p = strrchr(id, '_');
> - p--;
> - if (*p != '_') {
> - free(id);
> - return NULL;
> - }
> - *p = '\0';
> - }
> - return id;
> + if (len - pos >= buf_sz)
> + return -1;
> +
> + strcpy(buf, prefix_end + pos);
> + /*
> + * __BTF_ID__func__vfs_truncate__0
> + * buf = ^
> + *
> + * cut the unique id part
> + */
> + p = strrchr(buf, '_');
> + p--;
> + if (*p != '_')
> + return -1;
> + *p = '\0';
> +
> + return 0;
> }
>
> static struct btf_id *add_set(struct object *obj, char *name, enum btf_id_kind kind)
> @@ -335,10 +339,9 @@ static struct btf_id *add_set(struct object *obj, char *name, enum btf_id_kind k
>
> static struct btf_id *add_symbol(struct rb_root *root, char *name, size_t size)
> {
> - char *id;
> + char id[KSYM_NAME_LEN];
>
> - id = get_id(name + size);
> - if (!id) {
> + if (get_id(name + size, id, sizeof(id))) {
> pr_err("FAILED to parse symbol name: %s\n", name);
> return NULL;
> }
> @@ -346,6 +349,22 @@ static struct btf_id *add_symbol(struct rb_root *root, char *name, size_t size)
> return btf_id__add(root, id, BTF_ID_KIND_SYM);
> }
>
> +static void btf_id__free_all(struct rb_root *root)
> +{
> + struct rb_node *node, *next;
> + struct btf_id *id;
> +
> + node = rb_first(root);
> + while (node) {
> + next = rb_next(node);
> + id = rb_entry(node, struct btf_id, rb_node);
> + rb_erase(node, root);
> + free(id->name);
> + free(id);
> + node = next;
> + }
> +}
nit, I think we could do it with just single rb_node pointer, like:
next = rb_first(root);
while (next) {
id = rb_entry(next, struct btf_id, rb_node);
next = rb_next(&id->rb_node);
rb_erase(&id->rb_node, root);
free(id->name);
free(id);
}
jirka
> +
> static void bswap_32_data(void *data, u32 nr_bytes)
> {
> u32 cnt, i;
> @@ -1547,6 +1566,11 @@ int main(int argc, const char **argv)
> out:
> btf__free(obj.base_btf);
> btf__free(obj.btf);
> + btf_id__free_all(&obj.structs);
> + btf_id__free_all(&obj.unions);
> + btf_id__free_all(&obj.typedefs);
> + btf_id__free_all(&obj.funcs);
> + btf_id__free_all(&obj.sets);
> if (obj.efile.elf) {
> elf_end(obj.efile.elf);
> close(obj.efile.fd);
> --
> 2.53.0
>
>
next prev parent reply other threads:[~2026-02-12 11:28 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-12 1:13 [PATCH bpf-next v1 00/14] selftests/bpf: Fixes for userspace ASAN Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 01/14] selftests/bpf: Pass through build flags to bpftool and resolve_btfids Ihor Solodrai
2026-02-12 2:39 ` Alexei Starovoitov
2026-02-12 3:08 ` Ihor Solodrai
2026-02-13 0:08 ` Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 02/14] resolve_btfids: Fix memory leaks reported by ASAN Ihor Solodrai
2026-02-12 11:28 ` Jiri Olsa [this message]
2026-02-12 1:13 ` [PATCH bpf-next v1 03/14] selftests/bpf: Add DENYLIST.asan Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 04/14] selftests/bpf: Refactor bpf_get_ksyms() trace helper Ihor Solodrai
2026-02-12 11:29 ` Jiri Olsa
2026-02-17 20:42 ` Ihor Solodrai
2026-02-18 13:14 ` Jiri Olsa
2026-02-13 9:56 ` Alexis Lothoré
2026-02-12 1:13 ` [PATCH bpf-next v1 05/14] selftests/bpf: Fix memory leaks in tests Ihor Solodrai
2026-02-12 23:08 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 06/14] selftests/bpf: Fix cleanup in check_fd_array_cnt__fd_array_too_big() Ihor Solodrai
2026-02-12 23:17 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 07/14] veristat: Fix a memory leak for preset ENUMERATOR Ihor Solodrai
2026-02-12 13:37 ` Mykyta Yatsenko
2026-02-12 1:13 ` [PATCH bpf-next v1 08/14] selftests/bpf: Fix use-after-free in xdp_metadata test Ihor Solodrai
2026-02-12 13:40 ` Mykyta Yatsenko
2026-02-12 1:13 ` [PATCH bpf-next v1 09/14] selftests/bpf: Fix double thread join in uprobe_multi_test Ihor Solodrai
2026-02-12 11:29 ` Jiri Olsa
2026-02-12 14:49 ` Mykyta Yatsenko
2026-02-13 16:48 ` Jiri Olsa
2026-02-12 1:13 ` [PATCH bpf-next v1 10/14] selftests/bpf: Fix resource leaks caused by missing cleanups Ihor Solodrai
2026-02-13 0:45 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 11/14] selftests/bpf: Free bpf_object in test_sysctl Ihor Solodrai
2026-02-13 0:54 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 12/14] selftests/bpf: Fix array bounds warning in jit_disasm_helpers Ihor Solodrai
2026-02-13 1:02 ` Eduard Zingerman
2026-02-12 1:13 ` [PATCH bpf-next v1 13/14] selftests/bpf: Fix out-of-bounds array access bugs reported by ASAN Ihor Solodrai
2026-02-13 1:11 ` Eduard Zingerman
2026-02-17 23:27 ` Ihor Solodrai
2026-02-12 1:13 ` [PATCH bpf-next v1 14/14] selftests/bpf: Check BPFTOOL env var in detect_bpftool_path() Ihor Solodrai
2026-02-12 15:03 ` Mykyta Yatsenko
2026-02-13 10:36 ` Alexis Lothoré
2026-02-12 22:00 ` [PATCH bpf-next v1 00/14] selftests/bpf: Fixes for userspace ASAN Eduard Zingerman
2026-02-12 23:57 ` Ihor Solodrai
2026-02-13 0:23 ` Eduard Zingerman
2026-02-13 16:13 ` Ihor Solodrai
2026-02-13 18:06 ` Eduard Zingerman
2026-02-12 23:26 ` Eduard Zingerman
2026-02-13 17:56 ` Ihor Solodrai
2026-02-13 18:09 ` Eduard Zingerman
2026-02-13 18:29 ` Ihor Solodrai
2026-02-13 18:35 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aY25VcBtWd3O7-Gp@krava \
--to=olsajiri@gmail.com \
--cc=alexis.lothore@bootlin.com \
--cc=ameryhung@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=ihor.solodrai@linux.dev \
--cc=kernel-team@meta.com \
--cc=linux-kernel@vger.kernel.org \
--cc=yatsenko@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox