Running with CONFIG_DEBUG_KMEMLEAK enabled, I've noticed a few memory leaks reported as follows: unreferenced object 0xffff8881ce3bd080 (size 64): comm "systemd", pid 3524, jiffies 4294789711 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 8c5ed7af): __kmalloc_node_track_caller_noprof+0x25e/0x4e0 krealloc_noprof+0xe8/0x2f0 kvrealloc_noprof+0x65/0xe0 do_check+0x3ef1/0xcd10 do_check_common+0x1631/0x2110 bpf_check+0x3686/0x1e430 bpf_prog_load+0xda2/0x13f0 __sys_bpf+0x374/0x5b0 __x64_sys_bpf+0x7c/0x90 do_syscall_64+0x8a/0x220 entry_SYSCALL_64_after_hwframe+0x76/0x7e Wnen an array of SCC slots is allocated in 'compute_scc()', 'scc_cnt' of the corresponding environment should be adjusted to match the size of this array. Otherwise an array members (re)assigned in 'scc_visit_alloc()' will be unreachable from the freeing loop in 'free_states()'. Fixes: c9e31900b54c ("bpf: propagate read/precision marks over state graph backedges") Signed-off-by: Dmitry Antipov --- kernel/bpf/verifier.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 0806295945e4..c4f69a9e9af6 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -23114,6 +23114,8 @@ static void free_states(struct bpf_verifier_env *env) for (i = 0; i < env->scc_cnt; ++i) { info = env->scc_info[i]; + if (!info) + continue; for (j = 0; j < info->num_visits; j++) free_backedges(&info->visits[j]); kvfree(info); @@ -24554,6 +24556,7 @@ static int compute_scc(struct bpf_verifier_env *env) err = -ENOMEM; goto exit; } + env->scc_cnt = next_scc_id; exit: kvfree(stack); kvfree(pre); -- 2.50.1