git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Shardul Bankar <shardulsb08@gmail.com>
	Tue, 14 Oct 2025 12:00:37 +0000 (17:30 +0530)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 17 Jan 2026 15:30:02 +0000 (16:30 +0100)
commit	5192f17d1127a6a62022ef8363099b6d20967d2a
tree	fe470117c8876c87193d85548ed66ea3004628d7	tree \| snapshot
parent	83eef6f904a84bc960a013d536dd2ba7905f7036	commit \| diff

bpf: test_run: Fix ctx leak in bpf_prog_test_run_xdp error path

commit 7f9ee5fc97e14682e36fe22ae2654c07e4998b82 upstream.

Fix a memory leak in bpf_prog_test_run_xdp() where the context buffer
allocated by bpf_ctx_init() is not freed when the function returns early
due to a data size check.

On the failing path:
  ctx = bpf_ctx_init(...);
  if (kattr->test.data_size_in - meta_sz < ETH_HLEN)
      return -EINVAL;

The early return bypasses the cleanup label that kfree()s ctx, leading to a
leak detectable by kmemleak under fuzzing. Change the return to jump to the
existing free_ctx label.

Fixes: fe9544ed1a2e ("bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN")
Reported-by: BPF Runtime Fuzzer (BRF)
Signed-off-by: Shardul Bankar <shardulsb08@gmail.com>
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://patch.msgid.link/20251014120037.1981316-1-shardulsb08@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>