From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 849D1C388F7 for ; Mon, 9 Nov 2020 13:30:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 377BF206ED for ; Mon, 9 Nov 2020 13:30:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604928613; bh=aPefkbBdorBDpi6h4LgguXzdMHidbQExQ0tW19MFI/M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=K7KtC8XDG7T5k4coqTu5QDc3ZkghhCVtGjURnD+BsDCQcTzkTiG6O7l8EsvtCyvbd zECg0Jq3wEzt7lFWg2SmtfJzovr0ez6LkoV44udL4HhJPg1J+TkQWMQv4iOwKL86EB TmhQBk9AJBZbv8NRN6uN3S2DSIldEOzrvwPcDOm0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732283AbgKINaM (ORCPT ); Mon, 9 Nov 2020 08:30:12 -0500 Received: from mail.kernel.org ([198.145.29.99]:36934 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732340AbgKINLZ (ORCPT ); Mon, 9 Nov 2020 08:11:25 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A05DF20663; Mon, 9 Nov 2020 13:11:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604927484; bh=aPefkbBdorBDpi6h4LgguXzdMHidbQExQ0tW19MFI/M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uyodfuRN3sXnHt8TE6g9A34QEHnO1rCteHpsDjOmd57f/W59sEMSD9Tn2d+o4YmFe MiwjauAdkQfw6zs104uZ7ZVNBA6Gs/RUgFB7pc9jWQURipJjOXQ8rL4I4GM/r5inZT v+cytSOvWhIPHeLhSgWNc9N+LrhMJ/EqsqW5vOKM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?kiyin ?= , Dan Carpenter , Ingo Molnar , "Srivatsa S. Bhat" , Anthony Liguori Subject: [PATCH 4.19 68/71] perf/core: Fix a memory leak in perf_event_parse_addr_filter() Date: Mon, 9 Nov 2020 13:56:02 +0100 Message-Id: <20201109125023.090502218@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201109125019.906191744@linuxfoundation.org> References: <20201109125019.906191744@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: kiyin(尹亮) commit 7bdb157cdebbf95a1cd94ed2e01b338714075d00 upstream. As shown through runtime testing, the "filename" allocation is not always freed in perf_event_parse_addr_filter(). There are three possible ways that this could happen: - It could be allocated twice on subsequent iterations through the loop, - or leaked on the success path, - or on the failure path. Clean up the code flow to make it obvious that 'filename' is always freed in the reallocation path and in the two return paths as well. We rely on the fact that kfree(NULL) is NOP and filename is initialized with NULL. This fixes the leak. No other side effects expected. [ Dan Carpenter: cleaned up the code flow & added a changelog. ] [ Ingo Molnar: updated the changelog some more. ] Fixes: 375637bc5249 ("perf/core: Introduce address range filtering") Signed-off-by: "kiyin(尹亮)" Signed-off-by: Dan Carpenter Signed-off-by: Ingo Molnar Cc: "Srivatsa S. Bhat" Cc: Anthony Liguori -- kernel/events/core.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) Signed-off-by: Greg Kroah-Hartman --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -9047,6 +9047,7 @@ perf_event_parse_addr_filter(struct perf if (token == IF_SRC_FILE || token == IF_SRC_FILEADDR) { int fpos = token == IF_SRC_FILE ? 2 : 1; + kfree(filename); filename = match_strdup(&args[fpos]); if (!filename) { ret = -ENOMEM; @@ -9093,16 +9094,13 @@ perf_event_parse_addr_filter(struct perf */ ret = -EOPNOTSUPP; if (!event->ctx->task) - goto fail_free_name; + goto fail; /* look up the path and grab its inode */ ret = kern_path(filename, LOOKUP_FOLLOW, &filter->path); if (ret) - goto fail_free_name; - - kfree(filename); - filename = NULL; + goto fail; ret = -EINVAL; if (!filter->path.dentry || @@ -9122,13 +9120,13 @@ perf_event_parse_addr_filter(struct perf if (state != IF_STATE_ACTION) goto fail; + kfree(filename); kfree(orig); return 0; -fail_free_name: - kfree(filename); fail: + kfree(filename); free_filters_list(filters); kfree(orig);