Re: [PATCHv6 bpf-next 22/29] selftests/bpf: Add tracing multi skel/pattern/ids module attach tests

Thu, 28 May 2026 06:16:42 -0700 

On Wed, May 27, 2026 at 12:59:39PM +0000, [email protected] wrote:
> > diff --git a/tools/testing/selftests/bpf/prog_tests/tracing_multi.c 
> > b/tools/testing/selftests/bpf/prog_tests/tracing_multi.c
> > index e290513358d9..746a8398211a 100644
> > --- a/tools/testing/selftests/bpf/prog_tests/tracing_multi.c
> > +++ b/tools/testing/selftests/bpf/prog_tests/tracing_multi.c
> 
> [ ... ]
> 
> > @@ -241,6 +250,96 @@ static void test_link_api_ids(void)
> 
> [ ... ]
> 
> > +static void test_module_link_api_ids(void)
> > +{
> > +   size_t cnt = ARRAY_SIZE(bpf_testmod_fentry_test);
> > +   LIBBPF_OPTS(bpf_tracing_multi_opts, opts);
> > +   struct tracing_multi_module *skel = NULL;
> > +   __u32 *ids;
> > +
> > +   skel = tracing_multi_module__open_and_load();
> > +   if (!ASSERT_OK_PTR(skel, "tracing_multi_module__open_and_load"))
> > +           return;
> > +
> > +   skel->bss->pid = getpid();
> > +
> > +   ids = get_ids(bpf_testmod_fentry_test, cnt, "bpf_testmod");
> > +   if (!ASSERT_OK_PTR(ids, "get_ids"))
> > +           goto cleanup;
> 
> This new test calls get_ids() but there's an unaddressed review comment
> from sashiko-bot about a memory leak in that function. Looking at get_ids()
> in the same file:
> 
>     for (i = 0; i < funcs_cnt; i++) {
>         if (!tsearch(&funcs[i], &root, compare)) {
>             ASSERT_FAIL("tsearch failed");
>             err = -1;
>             goto out;
>         }
>     }
> 
>     ...
> 
>     if (err) {
>         free(ids);
>         ids = NULL;
>     }
> 
> out:
>     tdestroy(root, tdestroy_free_nop);
>     btf__free(vmlinux_btf);
>     btf__free(btf);
>     return ids;
> 
> If tsearch() fails, the code sets err = -1 and jumps to the out label.
> However, the out label is positioned after the cleanup block that frees ids
> (the "if (err)" block), not before it. This means the cleanup code is
> bypassed when we goto out, causing two issues:
> 
> 1. The ids array is leaked
> 
> 2. The function returns a non-NULL pointer to allocated but potentially
>    invalid memory, which will incorrectly pass the ASSERT_OK_PTR check above
> 
> Should the out label be moved before the cleanup block so that the error
> path properly frees the ids array and sets it to NULL?

yes, will fix

jirka

Reply via email to