[bpf-next 0/3] potential memleak and use after free in bpf verifier

From: He Fengqing
Date: Tue Jul 06 2021 - 23:53:08 EST

Next message: He Fengqing: "[bpf-next 3/3] bpf: Fix a use after free in bpf_check()"
Previous message: He Fengqing: "[bpf-next 1/3] bpf: Move bpf_prog_clone_free into filter.h file"
Next in thread: He Fengqing: "[bpf-next 2/3] bpf: Fix a memory leak in an error handling path in 'bpf_patch_insn_data()'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

While reading the code of bpf verifier, I found these two issues.
Patch 1 move the bpf_prog_clone_free function into filter.h, so
we can use it in other file. Patch 2 fix memleak in an error
handling path in bpf_patch_insn_data function.
Patch 3 fix a use after free in bpf_check function.

He Fengqing (3):
bpf: Move bpf_prog_clone_free into filter.h file
bpf: Fix a memory leak in an error handling path in
'bpf_patch_insn_data()'
bpf: Fix a use after free in bpf_check()

include/linux/filter.h | 17 ++++++++++++-
kernel/bpf/core.c | 27 +++++---------------
kernel/bpf/verifier.c | 58 ++++++++++++++++++++++++++++++++----------
net/core/filter.c | 2 +-
4 files changed, 68 insertions(+), 36 deletions(-)

--
2.25.1

Next message: He Fengqing: "[bpf-next 3/3] bpf: Fix a use after free in bpf_check()"
Previous message: He Fengqing: "[bpf-next 1/3] bpf: Move bpf_prog_clone_free into filter.h file"
Next in thread: He Fengqing: "[bpf-next 2/3] bpf: Fix a memory leak in an error handling path in 'bpf_patch_insn_data()'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]