On 4/3/23 1:31 PM, Dave Marchevsky wrote:
> bpf_obj_drop_impl has a void return type. In check_kfunc_call, the "else
> if" which sets kptr_struct_meta for bpf_obj_drop_impl is
> surrounded by a larger if statement which checks btf_type_is_ptr. As a
> result:
>
> * The bpf_obj_drop_impl-specific code will never execute
> * The btf_struct_meta input to bpf_obj_drop is always NULL
> * bpf_obj_drop_impl will always see a NULL btf_record when called
> from BPF program, and won't call bpf_obj_free_fields
> * program-allocated kptrs which have fields that should be cleaned up
> by bpf_obj_free_fields may instead leak resources
>
> This patch adds a btf_type_is_void branch to the larger if and moves
> special handling for bpf_obj_drop_impl there, fixing the issue.
>
> Fixes: ac9f06050a35 ("bpf: Introduce bpf_obj_drop")
> Cc: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>
> Signed-off-by: Dave Marchevsky <davemarchevsky@xxxxxx>
> ---
> I can send a version of this patch which applies on bpf-next as well,
> but think this makes sense in bpf as the issue exists there too.
Alexei and I talked offline, I'll send bpf-next version of this
shortly. This can be ignored.
