On Thu, 15 Feb 2024 at 17:31, Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
>
> On Thu, 2024-02-01 at 04:21 +0000, Kumar Kartikeya Dwivedi wrote:
>
> [...]
>
> > +static int adjust_subprog_frame_descs_after_remove(struct bpf_verifier_env *env, u32 off, u32 cnt)
> > +{
> > + for (int i = 0; i < env->subprog_cnt; i++) {
> > + struct bpf_exception_frame_desc_tab *fdtab = subprog_info(env, i)->fdtab;
> > +
> > + if (!fdtab)
> > + continue;
> > + for (int j = 0; j < fdtab->cnt; j++) {
> > + /* Part of a subprog_info whose instructions were removed partially, but the fdtab remained. */
> > + if (fdtab->desc[j]->pc >= off && fdtab->desc[j]->pc < off + cnt) {
> > + void *p = fdtab->desc[j];
> > + if (j < fdtab->cnt - 1)
> > + memmove(fdtab->desc + j, fdtab->desc + j + 1, sizeof(fdtab->desc[0]) * (fdtab->cnt - j - 1));
> > + kfree(p);
>
> Is it necessary to release btf references for desc entries that are removed?
> Those that were grabbed by add_used_btf() in gen_exception_frame_desc_iter_entry().
>
I think these btf pointers are just a view, the real owner is in
the used_btfs array, in case of failure, it is dropped as part of
bpf_verifier_env cleanup, or in case of success, transferred to
bpf_prog struct and released on bpf_prog cleanup.
So I think it should be ok, but I will recheck again.
> [...]
