bpf: drop refcount if bpf_map_new_fd() fails in map_create() [Linux 5.0]

This Linux kernel change "bpf: drop refcount if bpf_map_new_fd() fails in map_create()" is included in the Linux 5.0 release. This change is authored by Peng Sun <sironhide0null [at] gmail.com> on Wed Feb 27 22:36:25 2019 +0800. The commit for this change in Linux stable tree is 352d20d (patch).

bpf: drop refcount if bpf_map_new_fd() fails in map_create()

In bpf/syscall.c, map_create() first set map->usercnt to 1, a file
descriptor is supposed to return to userspace. When bpf_map_new_fd()
fails, drop the refcount.

Fixes: bd5f5f4ecb78 ("bpf: Add BPF_MAP_GET_FD_BY_ID")
Signed-off-by: Peng Sun <[email protected]>
Acked-by: Martin KaFai Lau <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>

There are 4 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 kernel/bpf/syscall.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index f98328a..84470d1 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -559,12 +559,12 @@ static int map_create(union bpf_attr *attr)
    err = bpf_map_new_fd(map, f_flags);
    if (err < 0) {
        /* failed to allocate fd.
-        * bpf_map_put() is needed because the above
+        * bpf_map_put_with_uref() is needed because the above
         * bpf_map_alloc_id() has published the map
         * to the userspace and the userspace may
         * have refcnt-ed it through BPF_MAP_GET_FD_BY_ID.
-       bpf_map_put(map);
+       bpf_map_put_with_uref(map);
        return err;

Leave a Reply

Your email address will not be published. Required fields are marked *