From: Wei Fu <fuweid89@gmail.com>
Date: Sat, 8 Jan 2022 08:40:08 +0000 (+0800)
Subject: bpftool: Only set obj->skeleton on complete success
X-Git-Tag: v5.15.73~5847
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e5f642c55f4ce1021838d87ed4806c35943136d1;p=platform%2Fkernel%2Flinux-rpi.git

bpftool: Only set obj->skeleton on complete success

[ Upstream commit 0991f6a38f576aa9a5e34713e23c998a3310d4d0 ]

After `bpftool gen skeleton`, the ${bpf_app}.skel.h will provide that
${bpf_app_name}__open helper to load bpf. If there is some error
like ENOMEM, the ${bpf_app_name}__open will rollback(free) the allocated
object, including `bpf_object_skeleton`.

Since the ${bpf_app_name}__create_skeleton set the obj->skeleton first
and not rollback it when error, it will cause double-free in
${bpf_app_name}__destory at ${bpf_app_name}__open. Therefore, we should
set the obj->skeleton before return 0;

Fixes: 5dc7a8b21144 ("bpftool, selftests/bpf: Embed object file inside skeleton")
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220108084008.1053111-1-fuweid89@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/tools/bpf/bpftool/gen.c b/tools/bpf/bpftool/gen.c
index d40d92b..07fa502 100644
--- a/tools/bpf/bpftool/gen.c
+++ b/tools/bpf/bpftool/gen.c
@@ -870,7 +870,6 @@ static int do_skeleton(int argc, char **argv)
 			s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s));\n\
 			if (!s)						    \n\
 				goto err;				    \n\
-			obj->skeleton = s;				    \n\
 									    \n\
 			s->sz = sizeof(*s);				    \n\
 			s->name = \"%1$s\";				    \n\
@@ -955,6 +954,7 @@ static int do_skeleton(int argc, char **argv)
 		\n\
 		\";							    \n\
 									    \n\
+			obj->skeleton = s;				    \n\
 			return 0;					    \n\
 		err:							    \n\
 			bpf_object__destroy_skeleton(s);		    \n\