| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Sep 2022 10:27:26 -0700
From: sdf@...gle.com
To: Wang Yufen <wangyufen@...wei.com>
Cc: ast@...nel.org, daniel@...earbox.net, john.fastabend@...il.com,
andrii@...nel.org, martin.lau@...ux.dev, song@...nel.org,
yhs@...com, kpsingh@...nel.org, haoluo@...gle.com,
jolsa@...nel.org, bpf@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [bpf-next] bpf: use kvmemdup_bpfptr helper
On 09/09, Wang Yufen wrote:
> Use kvmemdup_bpfptr helper instead of open-coding to
> simplify the code.
> Signed-off-by: Wang Yufen <wangyufen@...wei.com>
> ---
> kernel/bpf/syscall.c | 14 ++++----------
> 1 file changed, 4 insertions(+), 10 deletions(-)
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 4e9d4622aef7..13ce28081982 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -1413,20 +1413,14 @@ static int map_update_elem(union bpf_attr *attr,
> bpfptr_t uattr)
> }
> value_size = bpf_map_value_size(map);
> -
> - err = -ENOMEM;
> - value = kvmalloc(value_size, GFP_USER | __GFP_NOWARN);
> - if (!value)
> + value = kvmemdup_bpfptr(uvalue, value_size);
> + if (IS_ERR(value)) {
> + err = PTR_ERR(value);
> goto free_key;
> -
> - err = -EFAULT;
> - if (copy_from_bpfptr(value, uvalue, value_size) != 0)
> - goto free_value;
> + }
> err = bpf_map_update_value(map, f, key, value, attr->flags);
[..]
> -free_value:
> - kvfree(value);
And here you leak the value. We need to free it after update regardless
of error/success. That's why it is coded like that.
> free_key:
> kvfree(key);
> err_put:
> --
> 2.25.1
Powered by blists - more mailing lists