Commit 418c96ac151a16a5094a95d14252c92c1d47ec67
Committed by
David S. Miller
David S. Miller
1 parent
3aab01d800
Exists in
ti-lsk-linux-4.1.y
and in
12 other branches
net: filter: fix possible memory leak in __sk_prepare_filter()
__sk_prepare_filter() was reworked in commit bd4cf0ed3 (net: filter: rework/optimize internal BPF interpreter's instruction set) so that it should have uncharged memory once things went wrong. However that work isn't complete. Error is handled only in __sk_migrate_filter() while memory can still leak in the error path right after sk_chk_filter(). Fixes: bd4cf0ed331a ("net: filter: rework/optimize internal BPF interpreter's instruction set") Signed-off-by: Leon Yu <chianglungyu@gmail.com> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Tested-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 6 additions and 1 deletions Side-by-side Diff
net/core/filter.c
| ... | ... | @@ -1559,8 +1559,13 @@ |
| 1559 | 1559 | fp->jited = 0; |
| 1560 | 1560 | |
| 1561 | 1561 | err = sk_chk_filter(fp->insns, fp->len); |
| 1562 | - if (err) | |
| 1562 | + if (err) { | |
| 1563 | + if (sk != NULL) | |
| 1564 | + sk_filter_uncharge(sk, fp); | |
| 1565 | + else | |
| 1566 | + kfree(fp); | |
| 1563 | 1567 | return ERR_PTR(err); |
| 1568 | + } | |
| 1564 | 1569 | |
| 1565 | 1570 | /* Probe if we can JIT compile the filter and if so, do |
| 1566 | 1571 | * the compilation of the filter. |