Re: [PATCH bpf 1/1] bpf: test_run: fix ctx leak in bpf_prog_test_run_xdp error path

[Daniel Borkmann]

On 10/14/25 2:00 PM, Shardul Bankar wrote:
> Fix a memory leak in bpf_prog_test_run_xdp() where the context buffer
> allocated by bpf_ctx_init() is not freed when the function returns early
> due to a data size check.
>
> On the failing path:
>    ctx = bpf_ctx_init(...);
>    if (kattr->test.data_size_in - meta_sz < ETH_HLEN)
>        return -EINVAL;
>
> The early return bypasses the cleanup label that kfree()s ctx, leading to a
> leak detectable by kmemleak under fuzzing. Change the return to jump to the
> existing free_ctx label.
>
> Fixes: fe9544ed1a2e ("bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN")
> Reported-by: BPF Runtime Fuzzer (BRF)
> Signed-off-by: Shardul Bankar <shardulsb08@xxxxxxxxx>
Acked-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>