commit 99ff4fc269e79df2798e822e75f3531690e7279b
author Wei Fu <fuweid89@gmail.com> Sat Jan 08 16:40:08 2022 +0800
committer Quentin Monnet <quentin@isovalent.com> Tue Jan 18 20:36:55 2022 +0000
tree e5f9de11fb691f4ae3e513d65e83a6028042fa95
parent 8ce7ed088b936795768c4cb11fa7f721ab41784f

bpftool: Only set obj->skeleton on complete success

After `bpftool gen skeleton`, the ${bpf_app}.skel.h will provide that
${bpf_app_name}__open helper to load bpf. If there is some error
like ENOMEM, the ${bpf_app_name}__open will rollback(free) the allocated
object, including `bpf_object_skeleton`.

Since the ${bpf_app_name}__create_skeleton set the obj->skeleton first
and not rollback it when error, it will cause double-free in
${bpf_app_name}__destory at ${bpf_app_name}__open. Therefore, we should
set the obj->skeleton before return 0;

Fixes: 5dc7a8b21144 ("bpftool, selftests/bpf: Embed object file inside skeleton")
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220108084008.1053111-1-fuweid89@gmail.com

src/gen.c

diff --git a/src/gen.c b/src/gen.c
index b4695df..a7387c2 100644
--- a/src/gen.c
+++ b/src/gen.c
@@ -927,7 +927,6 @@
 			s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s));\n\
 			if (!s)						    \n\
 				goto err;				    \n\
-			obj->skeleton = s;				    \n\
 									    \n\
 			s->sz = sizeof(*s);				    \n\
 			s->name = \"%1$s\";				    \n\
@@ -1000,6 +999,7 @@
 									    \n\
 			s->data = (void *)%2$s__elf_bytes(&s->data_sz);	    \n\
 									    \n\
+			obj->skeleton = s;				    \n\
 			return 0;					    \n\
 		err:							    \n\
 			bpf_object__destroy_skeleton(s);		    \n\