bpf: Free inner_map_meta when btf_record_dup fails

Whenever btf_record_dup fails, we must free inner_map_meta that was
allocated before.

This fixes a memory leak (in case of errors) during inner map creation.

Fixes: aa3496accc41 ("bpf: Refactor kptr_off_tab into btf_record")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20221118015614.2013203-4-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/bpf/map_in_map.c b/kernel/bpf/map_in_map.c
index 8ca0cca..a423130 100644 (file)
--- a/kernel/bpf/map_in_map.c
+++ b/kernel/bpf/map_in_map.c
@@ -52,12 +52,14 @@ struct bpf_map *bpf_map_meta_alloc(int inner_map_ufd)
        inner_map_meta->max_entries = inner_map->max_entries;
        inner_map_meta->record = btf_record_dup(inner_map->record);
        if (IS_ERR(inner_map_meta->record)) {
+               struct bpf_map *err_ptr = ERR_CAST(inner_map_meta->record);
                /* btf_record_dup returns NULL or valid pointer in case of
                 * invalid/empty/valid, but ERR_PTR in case of errors. During
                 * equality NULL or IS_ERR is equivalent.
                 */
+               kfree(inner_map_meta);
                fdput(f);
-               return ERR_CAST(inner_map_meta->record);
+               return err_ptr;
        }
        if (inner_map->btf) {
                btf_get(inner_map->btf);