From: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
The pointer returned by btf_parse_base could be an error pointer.
IS_ERR() check is needed before calling btf_free(base_btf).
Cc: Alan Maguire <alan.maguire@xxxxxxxxxx>
Fixes: 8646db238997 ("libbpf,bpf: Share BTF relocate-related code with kernel")
Signed-off-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
---
It was discovered in a bpf CI run that crashed in s390 due to
the wrong endian in the btf header. It caused the btf_parse_base()
to fail and triggered this crash.
This patch is tested in the bpf CI. It fails to load the bpf_testmod
but does not crash the kernel:
https://github.com/kernel-patches/bpf/actions/runs/10623574366/job/29450422150?pr=7630
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 520f49f422fe..e3377dd61f7e 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6283,7 +6283,7 @@ static struct btf *btf_parse_module(const char *module_name, const void *data,
errout:
btf_verifier_env_free(env);
- if (base_btf != vmlinux_btf)
+ if (!IS_ERR(base_btf) && base_btf != vmlinux_btf)
btf_free(base_btf);
if (btf) {
kvfree(btf->data);
--
2.43.5
