[PATCH OLK-6.6 V1] sched: Fix bpf cpustats refcount leak
From: Hui Tang <tanghui20@huawei.com> hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBG1V2 CVE: NA -------------------------------- Refcount 'cpustats->usage' is clear in bpf_sched_cpu_stats_of which triggering WARNING bpf_sched_cpustats_release called. refcount_t: underflow; use-after-free. WARNING: CPU: 31 PID: 9517 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148 Call trace: refcount_warn_saturate+0xf4/0x148 bpf_sched_cpustats_release+0xa4/0xc0 bpf_prog_62f48e1f0ef32ae3_select_rq+0x360/0x398 bpf_trampoline_6442463850+0x8c/0x1000 bpf_sched_cfs_select_rq+0x8/0x18 select_task_rq_fair+0x250/0x4c8 Ctx is clear in bpf_sched_cpustats_create, so it not need to clear in bpf_sched_cpu_stats_of. Fixes: ace175278fa1 ("sched: Add kfunc to get cpu statistics") Signed-off-by: Hui Tang <tanghui20@huawei.com> Signed-off-by: Cheng Yu <serein.chengyu@huawei.com> --- kernel/sched/bpf_sched.c | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/sched/bpf_sched.c b/kernel/sched/bpf_sched.c index 2958b3029d38..1973cfacc079 100644 --- a/kernel/sched/bpf_sched.c +++ b/kernel/sched/bpf_sched.c @@ -152,7 +152,6 @@ __bpf_kfunc s32 bpf_sched_cpu_stats_of(int cpuid, return -EINVAL; rq = cpu_rq(cpu); - memset(ctx, 0, sizeof(*ctx)); SCHED_WARN_ON(!rcu_read_lock_held()); /* nr_running */ -- 2.25.1
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/14730 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/14730 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/F...
participants (2)
-
Cheng Yu -
patchwork bot