mirror of https://github.com/torvalds/linux.git
1b30d44417
env->scc_info array contains references to bpf_scc_info objects
allocated lazily in verifier.c:scc_visit_alloc().
env->scc_cnt was supposed to track env->scc_info array size
in order to free referenced objects in verifier.c:free_states().
Fix initialization of env->scc_cnt that was omitted in
verifier.c:compute_scc().
To reproduce the bug:
- build with CONFIG_DEBUG_KMEMLEAK
- boot and load bpf program with loops, e.g.:
./veristat -q pyperf180.bpf.o
- initiate memleak scan and check results:
echo scan > /sys/kernel/debug/kmemleak
cat /sys/kernel/debug/kmemleak
Fixes:
|
||
|---|---|---|
| .. | ||
| preload | ||
| Kconfig | ||
| Makefile | ||
| arena.c | ||
| arraymap.c | ||
| bloom_filter.c | ||
| bpf_cgrp_storage.c | ||
| bpf_inode_storage.c | ||
| bpf_iter.c | ||
| bpf_local_storage.c | ||
| bpf_lru_list.c | ||
| bpf_lru_list.h | ||
| bpf_lsm.c | ||
| bpf_struct_ops.c | ||
| bpf_task_storage.c | ||
| btf.c | ||
| btf_iter.c | ||
| btf_relocate.c | ||
| cgroup.c | ||
| cgroup_iter.c | ||
| core.c | ||
| cpumap.c | ||
| cpumask.c | ||
| crypto.c | ||
| devmap.c | ||
| disasm.c | ||
| disasm.h | ||
| dispatcher.c | ||
| dmabuf_iter.c | ||
| hashtab.c | ||
| helpers.c | ||
| inode.c | ||
| kmem_cache_iter.c | ||
| link_iter.c | ||
| local_storage.c | ||
| log.c | ||
| lpm_trie.c | ||
| map_in_map.c | ||
| map_in_map.h | ||
| map_iter.c | ||
| memalloc.c | ||
| mmap_unlock_work.h | ||
| mprog.c | ||
| net_namespace.c | ||
| offload.c | ||
| percpu_freelist.c | ||
| percpu_freelist.h | ||
| prog_iter.c | ||
| queue_stack_maps.c | ||
| range_tree.c | ||
| range_tree.h | ||
| relo_core.c | ||
| reuseport_array.c | ||
| ringbuf.c | ||
| rqspinlock.c | ||
| rqspinlock.h | ||
| stackmap.c | ||
| stream.c | ||
| syscall.c | ||
| sysfs_btf.c | ||
| task_iter.c | ||
| tcx.c | ||
| tnum.c | ||
| token.c | ||
| trampoline.c | ||
| verifier.c | ||