diff options
author | Wei Fu <fuweid89@gmail.com> | 2022-01-08 09:40:08 +0100 |
---|---|---|
committer | Andrii Nakryiko <andrii@kernel.org> | 2022-01-13 02:01:38 +0100 |
commit | 0991f6a38f576aa9a5e34713e23c998a3310d4d0 (patch) | |
tree | 6a547d61b2ad8701c2ecca39b6887306bfb834d8 | |
parent | libbpf: Fix possible NULL pointer dereference when destroying skeleton (diff) | |
download | linux-0991f6a38f576aa9a5e34713e23c998a3310d4d0.tar.xz linux-0991f6a38f576aa9a5e34713e23c998a3310d4d0.zip |
bpftool: Only set obj->skeleton on complete success
After `bpftool gen skeleton`, the ${bpf_app}.skel.h will provide that
${bpf_app_name}__open helper to load bpf. If there is some error
like ENOMEM, the ${bpf_app_name}__open will rollback(free) the allocated
object, including `bpf_object_skeleton`.
Since the ${bpf_app_name}__create_skeleton set the obj->skeleton first
and not rollback it when error, it will cause double-free in
${bpf_app_name}__destory at ${bpf_app_name}__open. Therefore, we should
set the obj->skeleton before return 0;
Fixes: 5dc7a8b21144 ("bpftool, selftests/bpf: Embed object file inside skeleton")
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220108084008.1053111-1-fuweid89@gmail.com
-rw-r--r-- | tools/bpf/bpftool/gen.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/bpf/bpftool/gen.c b/tools/bpf/bpftool/gen.c index b4695df2ea3d..a7387c265e3c 100644 --- a/tools/bpf/bpftool/gen.c +++ b/tools/bpf/bpftool/gen.c @@ -927,7 +927,6 @@ static int do_skeleton(int argc, char **argv) s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s));\n\ if (!s) \n\ goto err; \n\ - obj->skeleton = s; \n\ \n\ s->sz = sizeof(*s); \n\ s->name = \"%1$s\"; \n\ @@ -1000,6 +999,7 @@ static int do_skeleton(int argc, char **argv) \n\ s->data = (void *)%2$s__elf_bytes(&s->data_sz); \n\ \n\ + obj->skeleton = s; \n\ return 0; \n\ err: \n\ bpf_object__destroy_skeleton(s); \n\ |