Commit b38865b0 authored by Hui Tang's avatar Hui Tang Committed by Cheng Yu
Browse files

sched: Fix bpf cpustats refcount leak 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBG1V2


CVE: NA

--------------------------------

Refcount 'cpustats->usage' is clear in bpf_sched_cpu_stats_of
which triggering WARNING bpf_sched_cpustats_release called.

refcount_t: underflow; use-after-free.
WARNING: CPU: 31 PID: 9517 at lib/refcount.c:28 refcount_warn_saturate+0xf4/0x148
Call trace:
 refcount_warn_saturate+0xf4/0x148
 bpf_sched_cpustats_release+0xa4/0xc0
 bpf_prog_62f48e1f0ef32ae3_select_rq+0x360/0x398
 bpf_trampoline_6442463850+0x8c/0x1000
 bpf_sched_cfs_select_rq+0x8/0x18
 select_task_rq_fair+0x250/0x4c8

Ctx is clear in bpf_sched_cpustats_create, so it not need to
clear in bpf_sched_cpu_stats_of.

Fixes: ace17527 ("sched: Add kfunc to get cpu statistics")
Signed-off-by: default avatarHui Tang <tanghui20@huawei.com>
Signed-off-by: default avatarCheng Yu <serein.chengyu@huawei.com>
parent fc1d9b69

kernel/sched/bpf_sched.c

+0 −1
Original line number Diff line number Diff line
@@ -152,7 +152,6 @@ __bpf_kfunc s32 bpf_sched_cpu_stats_of(int cpuid, 
		return -EINVAL;



	rq = cpu_rq(cpu);

	memset(ctx, 0, sizeof(*ctx));



	SCHED_WARN_ON(!rcu_read_lock_held());

	/* nr_running */