bpf: Fix bad unlock balance on freeze_mutex

Commit c4c84f6fb2c4 ("bpf: drop unnecessary bpf_capable() check in BPF_MAP_FREEZE command") moved the permissions check outside of the freeze_mutex in the map_freeze() handler. The error paths still jumps to the err_put which tries to unlock the freeze_mutex even though it was not locked in the first place. Fix it. Fixes: c4c84f6fb2c4 ("bpf: drop unnecessary bpf_capable() check in BPF_MAP_FREEZE command") Reported-by: syzbot+8982e75c2878b9ffeac5@syzkaller.appspotmail.com Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
author: Daniel Borkmann <daniel@iogearbox.net> 2023-05-26 12:13:56 +0200
committer: Daniel Borkmann <daniel@iogearbox.net> 2023-05-26 12:16:12 +0200
commit: 4266f41feaeee2521749ce2cfb52eafd4e2947c5 (patch)
tree: 93e49d931c5c4355463771d46cc181f643e1dd0b
parent: libbpf: Ensure FD >= 3 during bpf_map__reuse_fd() (diff)
download: linux-4266f41feaeee2521749ce2cfb52eafd4e2947c5.tar.gz
linux-4266f41feaeee2521749ce2cfb52eafd4e2947c5.tar.bz2
linux-4266f41feaeee2521749ce2cfb52eafd4e2947c5.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index c9a201e4c457..92a57efc77de 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1932,8 +1932,8 @@ static int map_freeze(const union bpf_attr *attr)
 	}
 
 	if (!(map_get_sys_perms(map, f) & FMODE_CAN_WRITE)) {
-		err = -EPERM;
-		goto err_put;
+		fdput(f);
+		return -EPERM;
 	}
 
 	mutex_lock(&map->freeze_mutex);
author	Daniel Borkmann <daniel@iogearbox.net>	2023-05-26 12:13:56 +0200
committer	Daniel Borkmann <daniel@iogearbox.net>	2023-05-26 12:16:12 +0200
commit	4266f41feaeee2521749ce2cfb52eafd4e2947c5 (patch)
tree	93e49d931c5c4355463771d46cc181f643e1dd0b
parent	libbpf: Ensure FD >= 3 during bpf_map__reuse_fd() (diff)
download	linux-4266f41feaeee2521749ce2cfb52eafd4e2947c5.tar.gz linux-4266f41feaeee2521749ce2cfb52eafd4e2947c5.tar.bz2 linux-4266f41feaeee2521749ce2cfb52eafd4e2947c5.zip