lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <ac79262dc46cbfcc238dfb3bfbb5feaa804a2b3b3e8ce2ab1e4b096b6985bdec@mail.kernel.org>
Date: Mon, 19 Jan 2026 18:45:43 +0000 (UTC)
From: bot+bpf-ci@...nel.org
To: piliu@...hat.com,bpf@...r.kernel.org
Cc: piliu@...hat.com,davem@...emloft.net,ast@...nel.org,daniel@...earbox.net,john.fastabend@...il.com,andrii@...nel.org,martin.lau@...ux.dev,eddyz87@...il.com,song@...nel.org,yonghong.song@...ux.dev,jeremy.linton@....com,catalin.marinas@....com,will@...nel.org,ardb@...nel.org,horms@...nel.org,kraxel@...hat.com,vkuznets@...hat.com,prudo@...hat.com,vmalik@...hat.com,kernel@...rr.cc,bhe@...hat.com,dyoung@...hat.com,akpm@...ux-foundation.org,kexec@...ts.infradead.org,systemd-devel@...ts.freedesktop.org,linux-kernel@...r.kernel.org,kpsingh@...nel.org,sdf@...ichev.me,haoluo@...gle.com,jolsa@...nel.org,ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,martin.lau@...nel.org,eddyz87@...il.com,yonghong.song@...ux.dev,clm@...a.com,ihor.solodrai@...ux.dev
Subject: Re: [PATCHv6 01/13] bpf: Introduce kfuncs to parser buffer content

> diff --git a/kernel/bpf/bpf_buffer_parser.c b/kernel/bpf/bpf_buffer_parser.c
> new file mode 100644
> index 000000000000..6acb4b5da71b
> --- /dev/null
> +++ b/kernel/bpf/bpf_buffer_parser.c

[ ... ]

> +static void release_bpf_parser_context(struct kref *kref)
> +{
> +	struct bpf_parser_context *ctx = container_of(kref, struct bpf_parser_context, ref);
> +
> +	if (!!ctx->buf) {
> +		vfree(ctx->buf->buf);
> +		kfree(ctx->buf);
> +	}

[ ... ]

> +struct bpf_parser_context *alloc_bpf_parser_context(bpf_parser_handler_t func,
> +		void *data)
> +{
> +	struct bpf_parser_context *ctx;
> +	unsigned int key;
> +
> +	ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);

ctx->buf is NULL here from kzalloc.

[ ... ]

> +__bpf_kfunc int bpf_buffer_parser(char *buf, int buf_sz,
> +		struct bpf_parser_context *context)
> +{
> +	struct bpf_parser_buf *parser_buf;
> +	int ret;
> +	char *b;
> +
> +	if (unlikely(context->func == NULL))
> +		return -EINVAL;
> +
> +	b = __vmalloc(buf_sz, GFP_KERNEL_ACCOUNT | __GFP_ZERO);
> +	if (!b)
> +		return -ENOMEM;
> +	ret = copy_from_kernel_nofault(b, buf, buf_sz);
> +	if (!!ret) {
> +		vfree(b);
> +		return ret;
> +	}
> +
> +	parser_buf = kmalloc(sizeof(struct bpf_parser_buf), GFP_KERNEL);
> +	if (!parser_buf) {
> +		vfree(b);
> +		return -ENOMEM;
> +	}
> +	parser_buf->buf = b;
> +	parser_buf->size = buf_sz;
> +	context->buf = parser_buf;

If bpf_buffer_parser() is called multiple times on the same context, does
this leak the previous parser_buf and its backing vmalloc buffer? The
assignment to context->buf overwrites any existing pointer without first
freeing it.

release_bpf_parser_context() will only free the final context->buf value
when the context is destroyed, so any intermediate buffers from prior
calls would be lost.

Should there be a check here to either return an error if context->buf is
already set, or free the old buffer before assigning the new one?

> +	ret = context->func(context);
> +
> +	return ret;
> +}

[ ... ]


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21147860407

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ