Skip to content

Commit

Permalink
Fix memory leak in ubpf_exec (#306)
Browse files Browse the repository at this point in the history 
* Fix memory leak in ubpf_exec

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* PR feedback

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

---------

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: Alan Jowett <alan.jowett@microsoft.com>
  • Loading branch information
@Alan-Jowett
Alan-Jowett and Alan Jowett committed Jun 27, 2023
1 parent aabb8e3 commit 4e1bb3c
Showing 1 changed file with 19 additions and 9 deletions.
28 changes: 19 additions & 9 deletions vm/ubpf_vm.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,7 @@ ubpf_exec(const struct ubpf_vm* vm, void* mem, size_t mem_len, uint64_t* bpf_ret
uint64_t* reg;
uint64_t _reg[16];
uint64_t ras_index = 0;
int return_value = -1;

// Windows Kernel mode limits stack usage to 12K, so we need to allocate it dynamically.
#if defined(NTDDI_VERSION) && defined(WINNT)
Expand All @@ -298,13 +299,14 @@ ubpf_exec(const struct ubpf_vm* vm, void* mem, size_t mem_len, uint64_t* bpf_ret

stack = calloc(UBPF_STACK_SIZE, 1);
if (!stack) {
return -1;
return_value = -1;
goto cleanup;
}

stack_frames = calloc(UBPF_MAX_CALL_DEPTH, sizeof(struct ubpf_stack_frame));
if (!stack_frames) {
free(stack);
return -1;
return_value = -1;
goto cleanup;
}

#else
Expand Down Expand Up @@ -538,13 +540,15 @@ ubpf_exec(const struct ubpf_vm* vm, void* mem, size_t mem_len, uint64_t* bpf_ret
#define BOUNDS_CHECK_LOAD(size) \
do { \
if (!bounds_check(vm, (char*)reg[inst.src] + inst.offset, size, "load", cur_pc, mem, mem_len, stack)) { \
return -1; \
return_value = -1; \
goto cleanup; \
} \
} while (0)
#define BOUNDS_CHECK_STORE(size) \
do { \
if (!bounds_check(vm, (char*)reg[inst.dst] + inst.offset, size, "store", cur_pc, mem, mem_len, stack)) { \
return -1; \
return_value = -1; \
goto cleanup; \
} \
} while (0)

Expand Down Expand Up @@ -837,7 +841,8 @@ ubpf_exec(const struct ubpf_vm* vm, void* mem, size_t mem_len, uint64_t* bpf_ret
break;
}
*bpf_return_value = reg[0];
return 0;
return_value = 0;
goto cleanup;
case EBPF_OP_CALL:
// Differentiate between local and external calls -- assume that the
// program was assembled with the same endianess as the host machine.
Expand All @@ -847,7 +852,8 @@ ubpf_exec(const struct ubpf_vm* vm, void* mem, size_t mem_len, uint64_t* bpf_ret
// Unwind the stack if unwind extension returns success.
if (inst.imm == vm->unwind_stack_extension_index && reg[0] == 0) {
*bpf_return_value = reg[0];
return 0;
return_value = 0;
goto cleanup;
}
} else if (inst.src == 1) {
if (ras_index >= UBPF_MAX_CALL_DEPTH) {
Expand All @@ -857,7 +863,8 @@ ubpf_exec(const struct ubpf_vm* vm, void* mem, size_t mem_len, uint64_t* bpf_ret
ras_index + 1,
UBPF_MAX_CALL_DEPTH,
cur_pc);
return -1;
return_value = -1;
goto cleanup;
}
stack_frames[ras_index].saved_registers[0] = reg[BPF_REG_6];
stack_frames[ras_index].saved_registers[1] = reg[BPF_REG_7];
Expand All @@ -869,18 +876,21 @@ ubpf_exec(const struct ubpf_vm* vm, void* mem, size_t mem_len, uint64_t* bpf_ret
break;
} else if (inst.src == 2) {
// Calling external function by BTF ID is not yet supported.
return -1;
return_value = -1;
goto cleanup;
}
// Because we have already validated, we can assume that the type code is
// valid.
break;
}
}

cleanup:
#if defined(NTDDI_VERSION) && defined(WINNT)
free(stack_frames);
free(stack);
#endif
return return_value;
}

static bool
Expand Down

0 comments on commit 4e1bb3c

Please sign in to comment.