On Sat, Jan 8, 2022 at 5:47 AM Yafang Shao <laoar.shao@xxxxxxxxx> wrote: > > When I checked the code in skelton header file generated with my own bpf > prog, I found there may be possible NULL pointer derefence when destroy > skelton. Then I checked the in-tree bpf progs, finding that is a common > issue. Let's take the generated samples/bpf/xdp_redirect_cpu.skel.h for > example. Below is the generated code in > xdp_redirect_cpu__create_skeleton(), > xdp_redirect_cpu__create_skeleton > struct bpf_object_skeleton *s; > s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s)); > if (!s) > goto error; > ... > error: > bpf_object__destroy_skeleton(s); > return -ENOMEM; > > After goto error, the NULL 's' will be deferenced in > bpf_object__destroy_skeleton(). > > We can simply fix this issue by just adding a NULL check in > bpf_object__destroy_skeleton(). > > Fixes: d66562fba ("libbpf: Add BPF object skeleton support") We ask to use 12-character short SHA, I've fixed it up, but for future submissions keep this in mind. Fixed a few typos and applied to bpf-next, thanks. > Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx> > Cc: Andrii Nakryiko <andrii@xxxxxxxxxx> > --- > tools/lib/bpf/libbpf.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > index 7c74342bb668..a07fbd59e4b8 100644 > --- a/tools/lib/bpf/libbpf.c > +++ b/tools/lib/bpf/libbpf.c > @@ -11464,6 +11464,9 @@ void bpf_object__detach_skeleton(struct bpf_object_skeleton *s) > > void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s) > { > + if (!s) > + return; > + > if (s->progs) > bpf_object__detach_skeleton(s); > if (s->obj) > -- > 2.17.1 >