bpf: Fix exclusive map memory leak

When excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak problem reported by syzbot [1]. syzbot reported: BUG: memory leak backtrace (crc 7b9fb9b4): map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512 __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131 Fixes: baefdbdf6812 ("bpf: Implement exclusive map creation") Reported-by: syzbot+cf08c551fecea9fd1320@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=cf08c551fecea9fd1320 Tested-by: syzbot+cf08c551fecea9fd1320@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@qq.com> Acked-by: Yonghong Song <yonghong.song@linux.dev> Link: https://lore.kernel.org/r/tencent_3F226F882CE56DCC94ACE90EED1ECCFC780A@qq.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Edward Adam Davis <eadavis@qq.com> 2025-11-16 22:58:13 +0800
committer: Alexei Starovoitov <ast@kernel.org> 2025-11-26 11:23:27 -0800
commit: 688b745401ab16e2e1a3b504863f0a45fd345638 (patch)
tree: 6b0b75083c679d388861e852a6c6d2b4c1bf62df /kernel/bpf
parent: 5262cb23393f7e86a64d1a45eeaa8a6f99f03d10 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index cef8963d69f9..d5851800b3de 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1586,7 +1586,8 @@ static int map_create(union bpf_attr *attr, bpfptr_t uattr)
 			goto free_map;
 		}
 	} else if (attr->excl_prog_hash_size) {
-		return -EINVAL;
+		err = -EINVAL;
+		goto free_map;
 	}
 
 	err = security_bpf_map_create(map, attr, token, uattr.is_kernel);
author	Edward Adam Davis <eadavis@qq.com>	2025-11-16 22:58:13 +0800
committer	Alexei Starovoitov <ast@kernel.org>	2025-11-26 11:23:27 -0800
commit	688b745401ab16e2e1a3b504863f0a45fd345638 (patch)
tree	6b0b75083c679d388861e852a6c6d2b4c1bf62df /kernel/bpf
parent	5262cb23393f7e86a64d1a45eeaa8a6f99f03d10 (diff)