Commit 4266f41f authored by Daniel Borkmann's avatar Daniel Borkmann
Browse files

bpf: Fix bad unlock balance on freeze_mutex 



Commit c4c84f6f ("bpf: drop unnecessary bpf_capable() check in
BPF_MAP_FREEZE command") moved the permissions check outside of the
freeze_mutex in the map_freeze() handler. The error paths still jumps
to the err_put which tries to unlock the freeze_mutex even though it
was not locked in the first place. Fix it.

Fixes: c4c84f6f ("bpf: drop unnecessary bpf_capable() check in BPF_MAP_FREEZE command")
Reported-by: default avatar <syzbot+8982e75c2878b9ffeac5@syzkaller.appspotmail.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent 4aadd292

kernel/bpf/syscall.c

+2 −2
Original line number Diff line number Diff line
@@ -1932,8 +1932,8 @@ static int map_freeze(const union bpf_attr *attr) 
	}



	if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) {

		err = -EPERM;

		goto err_put;

		fdput(f);

		return -EPERM;

	}



	mutex_lock(&map->freeze_mutex);