From: Steven Rostedt <rostedt@goodmis.org>
To: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>, Shuah Khan <shuah@kernel.org>,
Hiraku Toyooka <hiraku.toyooka@cybertrust.co.jp>,
linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH 1/3] [BUGFIX] tracing: Fix double free of event_trigger_data
Date: Tue, 24 Jul 2018 22:41:49 -0400 [thread overview]
Message-ID: <20180724224149.0767fd13@gandalf.local.home> (raw)
In-Reply-To: <20180725101653.09e095092a4bb77e6fc558df@kernel.org>
On Wed, 25 Jul 2018 10:16:53 +0900
Masami Hiramatsu <mhiramat@kernel.org> wrote:
> Hm, as far as I can see, when register_trigger() returns >= 0, it already
> calls ->init the trigger_data. This means its refcount++, and in that
> case, below patch will miss to free the trigger_data.
> How about below for tentative fix?
>
> if (!ret) {
> ret = -ENOENT;
> /* We have to forcibly free the trigger_data */
> goto out_free;
> } else if (ret > 0)
> ret = 0;
Or better yet, match it properly:
out_reg:
/* Up the trigger_data count to make sure reg doesn't free it on failure */
event_trigger_init(trigger_ops, trigger_data);
ret = cmd_ops->reg(glob, trigger_ops, trigger_data, file);
/*
* The above returns on success the # of functions enabled,
* but if it didn't find any functions it returns zero.
* Consider no functions a failure too.
*/
if (!ret) {
cmd_ops->unreg(glob, trigger_ops, trigger_data, file);
ret = -ENOENT;
} else if (ret > 0)
ret = 0;
/* Down the counter of trigger_data or free it if not used anymore */
event_trigger_free(trigger_ops, trigger_data);
out:
return ret;
-- Steve
next prev parent reply other threads:[~2018-07-25 2:41 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-13 16:27 [PATCH 0/3] tracing: Fix bugs on snapshot feature Masami Hiramatsu
2018-07-13 16:27 ` [PATCH 1/3] [BUGFIX] tracing: Fix double free of event_trigger_data Masami Hiramatsu
2018-07-24 2:10 ` Steven Rostedt
2018-07-24 15:09 ` Masami Hiramatsu
2018-07-24 20:49 ` Steven Rostedt
2018-07-24 21:30 ` Steven Rostedt
2018-07-24 23:13 ` Steven Rostedt
2018-07-25 1:16 ` Masami Hiramatsu
2018-07-25 2:41 ` Steven Rostedt [this message]
2018-07-25 14:14 ` Masami Hiramatsu
2018-07-25 16:01 ` Tom Zanussi
2018-07-25 16:09 ` Steven Rostedt
2018-07-25 1:05 ` Masami Hiramatsu
2018-07-13 16:28 ` [PATCH 2/3] [BUGFIX] ring_buffer: tracing: Inherit the tracing setting to next ring buffer Masami Hiramatsu
2018-07-24 2:25 ` Steven Rostedt
2018-07-24 14:30 ` Masami Hiramatsu
2018-07-13 16:28 ` [PATCH 3/3] selftests/ftrace: Add snapshot and tracing_on test case Masami Hiramatsu
2018-07-13 16:28 ` Masami Hiramatsu
2018-07-13 16:28 ` mhiramat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180724224149.0767fd13@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=hiraku.toyooka@cybertrust.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=shuah@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tom.zanussi@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.