From: Abhishek Dubey The existing conditional statement in bpf_int_jit_compile() frees the percpu private stack at out_addrs only when the image buffer was never allocated. If bpf_jit_build_body() fails during a code-generation pass, the image buffer has already been allocated, so !image is false and the percpu stack is not freed. Because JIT compilation failed, fp->jited remains at 0. The subsequent bpf_jit_free() path only frees priv_stack_ptr when fp->jited is set, so freeing is skipped here too, leaking the percpu allocation. Fix implements freeing the private stack whenever fp->jited was not set, i.e. compilation did not succeed, instead of keying off !image. !fp->jited already covers the !image case, since image is only NULL on early-failure paths where fp->jited is likewise 0. Reported-by: sashiko-bot@kernel.org Closes: https://lore.kernel.org/bpf/20260616135426.A06B71F000E9@smtp.kernel.org Fixes: 156d985123b6 ("powerpc64/bpf: Implement JIT support for private stack") Cc: stable@vger.kernel.org Signed-off-by: Abhishek Dubey --- arch/powerpc/net/bpf_jit_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index 171cb6017259..46bbfb6be613 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c @@ -403,7 +403,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_verifier_env *env, struct bpf_pr (void *)fimage + FUNCTION_DESCR_SIZE); out_addrs: - if (!image && priv_stack_ptr) { + if (!fp->jited && priv_stack_ptr) { fp->aux->priv_stack_ptr = NULL; free_percpu(priv_stack_ptr); } -- 2.52.0