On Mon, Oct 21, 2024 at 09:40:00AM +0800, Hou Tao wrote:
> From: Hou Tao <houtao1@xxxxxxxxxx>
>
> In bpf_parse_param(), keep the value of param->string intact so it can
> be freed later. Otherwise, the kmalloc area pointed to by param->string
> will be leaked as shown below:
>
> unreferenced object 0xffff888118c46d20 (size 8):
> comm "new_name", pid 12109, jiffies 4295580214
> hex dump (first 8 bytes):
> 61 6e 79 00 38 c9 5c 7e any.8.\~
> backtrace (crc e1b7f876):
> [<00000000c6848ac7>] kmemleak_alloc+0x4b/0x80
> [<00000000de9f7d00>] __kmalloc_node_track_caller_noprof+0x36e/0x4a0
> [<000000003e29b886>] memdup_user+0x32/0xa0
> [<0000000007248326>] strndup_user+0x46/0x60
> [<0000000035b3dd29>] __x64_sys_fsconfig+0x368/0x3d0
> [<0000000018657927>] x64_sys_call+0xff/0x9f0
> [<00000000c0cabc95>] do_syscall_64+0x3b/0xc0
> [<000000002f331597>] entry_SYSCALL_64_after_hwframe+0x4b/0x53
>
> Fixes: 6c1752e0b6ca ("bpf: Support symbolic BPF FS delegation mount options")
> Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx>
nice, I saw that memleak report recently and couldn't make sense of it ;-)
Acked-by: Jiri Olsa <jolsa@xxxxxxxxxx>
thanks,
jirka
> ---
> kernel/bpf/inode.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> index d8fc5eba529d..9aaf5124648b 100644
> --- a/kernel/bpf/inode.c
> +++ b/kernel/bpf/inode.c
> @@ -880,7 +880,7 @@ static int bpf_parse_param(struct fs_context *fc, struct fs_parameter *param)
> const struct btf_type *enum_t;
> const char *enum_pfx;
> u64 *delegate_msk, msk = 0;
> - char *p;
> + char *p, *str;
> int val;
>
> /* ignore errors, fallback to hex */
> @@ -911,7 +911,8 @@ static int bpf_parse_param(struct fs_context *fc, struct fs_parameter *param)
> return -EINVAL;
> }
>
> - while ((p = strsep(¶m->string, ":"))) {
> + str = param->string;
> + while ((p = strsep(&str, ":"))) {
> if (strcmp(p, "any") == 0) {
> msk |= ~0ULL;
> } else if (find_btf_enum_const(info.btf, enum_t, enum_pfx, p, &val)) {
> --
> 2.29.2
>
