提交 4adb7a4a 编写于 作者: A Andrii Nakryiko 提交者: Alexei Starovoitov

bpf: Fix leak in LINK_UPDATE and enforce empty old_prog_fd

Fix bug of not putting bpf_link in LINK_UPDATE command.
Also enforce zeroed old_prog_fd if no BPF_F_REPLACE flag is specified.
Signed-off-by: NAndrii Nakryiko <andriin@fb.com>
Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200424052045.4002963-1-andriin@fb.com
上级 5ca1ca01
...@@ -3628,8 +3628,10 @@ static int link_update(union bpf_attr *attr) ...@@ -3628,8 +3628,10 @@ static int link_update(union bpf_attr *attr)
return PTR_ERR(link); return PTR_ERR(link);
new_prog = bpf_prog_get(attr->link_update.new_prog_fd); new_prog = bpf_prog_get(attr->link_update.new_prog_fd);
if (IS_ERR(new_prog)) if (IS_ERR(new_prog)) {
return PTR_ERR(new_prog); ret = PTR_ERR(new_prog);
goto out_put_link;
}
if (flags & BPF_F_REPLACE) { if (flags & BPF_F_REPLACE) {
old_prog = bpf_prog_get(attr->link_update.old_prog_fd); old_prog = bpf_prog_get(attr->link_update.old_prog_fd);
...@@ -3638,6 +3640,9 @@ static int link_update(union bpf_attr *attr) ...@@ -3638,6 +3640,9 @@ static int link_update(union bpf_attr *attr)
old_prog = NULL; old_prog = NULL;
goto out_put_progs; goto out_put_progs;
} }
} else if (attr->link_update.old_prog_fd) {
ret = -EINVAL;
goto out_put_progs;
} }
#ifdef CONFIG_CGROUP_BPF #ifdef CONFIG_CGROUP_BPF
...@@ -3653,6 +3658,8 @@ static int link_update(union bpf_attr *attr) ...@@ -3653,6 +3658,8 @@ static int link_update(union bpf_attr *attr)
bpf_prog_put(old_prog); bpf_prog_put(old_prog);
if (ret) if (ret)
bpf_prog_put(new_prog); bpf_prog_put(new_prog);
out_put_link:
bpf_link_put(link);
return ret; return ret;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册