From: Stanislav Fomichev <sdf@google.com>
Date: Sat, 3 Oct 2020 00:25:44 +0000 (-0700)
Subject: bpf: Deref map in BPF_PROG_BIND_MAP when it's already used
X-Git-Tag: v5.15~2655^2~16^2~26
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1028ae4069991e26d1522e957939fb61d2da1d12;p=platform%2Fkernel%2Flinux-starfive.git

bpf: Deref map in BPF_PROG_BIND_MAP when it's already used

We are missing a deref for the case when we are doing BPF_PROG_BIND_MAP
on a map that's being already held by the program.
There is 'if (ret) bpf_map_put(map)' below which doesn't trigger
because we don't consider this an error.
Let's add missing bpf_map_put() for this specific condition.

Fixes: ef15314aa5de ("bpf: Add BPF_PROG_BIND_MAP syscall")
Reported-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20201003002544.3601440-1-sdf@google.com
---

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index f1528c2..1110ecd 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4323,8 +4323,10 @@ static int bpf_prog_bind_map(union bpf_attr *attr)
 	used_maps_old = prog->aux->used_maps;
 
 	for (i = 0; i < prog->aux->used_map_cnt; i++)
-		if (used_maps_old[i] == map)
+		if (used_maps_old[i] == map) {
+			bpf_map_put(map);
 			goto out_unlock;
+		}
 
 	used_maps_new = kmalloc_array(prog->aux->used_map_cnt + 1,
 				      sizeof(used_maps_new[0]),