bpf: Fix memory leak of bpf_scc_info objects

JIRA: https://issues.redhat.com/browse/RHEL-78204

commit 1b30d44
Author: Eduard Zingerman <[email protected]>
Date:   Fri Aug 1 16:23:30 2025 -0700

    bpf: Fix memory leak of bpf_scc_info objects

    env->scc_info array contains references to bpf_scc_info objects
    allocated lazily in verifier.c:scc_visit_alloc().
    env->scc_cnt was supposed to track env->scc_info array size
    in order to free referenced objects in verifier.c:free_states().
    Fix initialization of env->scc_cnt that was omitted in
    verifier.c:compute_scc().

    To reproduce the bug:
    - build with CONFIG_DEBUG_KMEMLEAK
    - boot and load bpf program with loops, e.g.:
      ./veristat -q pyperf180.bpf.o
    - initiate memleak scan and check results:
      echo scan > /sys/kernel/debug/kmemleak
      cat /sys/kernel/debug/kmemleak

    Fixes: c9e3190 ("bpf: propagate read/precision marks over state graph backedges")
    Reported-by: Jens Axboe <[email protected]>
    Closes: https://lore.kernel.org/bpf/CAADnVQKXUWg9uRCPD5ebRXwN4dmBCRUFFM7kN=GxymYz3zU25A@mail.gmail.com/T/
    Suggested-by: Alexei Starovoitov <[email protected]>
    Tested-by: Jens Axboe <[email protected]>
    Signed-off-by: Eduard Zingerman <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Alexei Starovoitov <[email protected]>

Signed-off-by: Jerome Marchand <[email protected]>

Author: jeromemarchand

kernel/bpf/verifier.c

@@ -23118,6 +23118,8 @@ static void free_states(struct bpf_verifier_env *env)
 
 	for (i = 0; i < env->scc_cnt; ++i) {
 		info = env->scc_info[i];
+		if (!info)
+			continue;
 		for (j = 0; j < info->num_visits; j++)
 			free_backedges(&info->visits[j]);
 		kvfree(info);
@@ -24558,6 +24560,7 @@ static int compute_scc(struct bpf_verifier_env *env)
 		err = -ENOMEM;
 		goto exit;
 	}
+	env->scc_cnt = next_scc_id;
 exit:
 	kvfree(stack);
 	kvfree(pre);