2021-12-08 17:11:30

by José Expósito

[permalink] [raw]
Subject: [PATCH] perf util: Fix use after free in metric__new

Addresses-Coverity-ID: 1494000
Signed-off-by: José Expósito <[email protected]>
---
tools/perf/util/metricgroup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/metricgroup.c b/tools/perf/util/metricgroup.c
index fffe02aae3ed..4d2fed3aefd1 100644
--- a/tools/perf/util/metricgroup.c
+++ b/tools/perf/util/metricgroup.c
@@ -209,8 +209,8 @@ static struct metric *metric__new(const struct pmu_event *pe,
m->metric_name = pe->metric_name;
m->modifier = modifier ? strdup(modifier) : NULL;
if (modifier && !m->modifier) {
- free(m);
expr__ctx_free(m->pctx);
+ free(m);
return NULL;
}
m->metric_expr = pe->metric_expr;
--
2.25.1



2021-12-08 17:33:31

by Ian Rogers

[permalink] [raw]
Subject: Re: [PATCH] perf util: Fix use after free in metric__new

On Wed, Dec 8, 2021 at 9:11 AM José Expósito <[email protected]> wrote:
>
> Addresses-Coverity-ID: 1494000
> Signed-off-by: José Expósito <[email protected]>

Acked-by: Ian Rogers <irogers@google,com>

This can only happen in the ENOMEM case, but it is a good fix.

Fixes: b85a4d61d302 (perf metric: Allow modifiers on metrics)

Thanks,
Ian

> ---
> tools/perf/util/metricgroup.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/metricgroup.c b/tools/perf/util/metricgroup.c
> index fffe02aae3ed..4d2fed3aefd1 100644
> --- a/tools/perf/util/metricgroup.c
> +++ b/tools/perf/util/metricgroup.c
> @@ -209,8 +209,8 @@ static struct metric *metric__new(const struct pmu_event *pe,
> m->metric_name = pe->metric_name;
> m->modifier = modifier ? strdup(modifier) : NULL;
> if (modifier && !m->modifier) {
> - free(m);
> expr__ctx_free(m->pctx);
> + free(m);
> return NULL;
> }
> m->metric_expr = pe->metric_expr;
> --
> 2.25.1
>

2022-01-14 21:33:56

by Arnaldo Carvalho de Melo

[permalink] [raw]
Subject: Re: [PATCH] perf util: Fix use after free in metric__new

Em Wed, Dec 08, 2021 at 06:11:13PM +0100, Jos? Exp?sito escreveu:
> Addresses-Coverity-ID: 1494000
> Signed-off-by: Jos? Exp?sito <[email protected]>

Sorry, overlooked this one, now processing.

You forgot to add:

Fixes: b85a4d61d3022608 ("perf metric: Allow modifiers on metrics")

Ian, I'm taking this one, obvious fix.

- Arnaldo

> ---
> tools/perf/util/metricgroup.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/metricgroup.c b/tools/perf/util/metricgroup.c
> index fffe02aae3ed..4d2fed3aefd1 100644
> --- a/tools/perf/util/metricgroup.c
> +++ b/tools/perf/util/metricgroup.c
> @@ -209,8 +209,8 @@ static struct metric *metric__new(const struct pmu_event *pe,
> m->metric_name = pe->metric_name;
> m->modifier = modifier ? strdup(modifier) : NULL;
> if (modifier && !m->modifier) {
> - free(m);
> expr__ctx_free(m->pctx);
> + free(m);
> return NULL;
> }
> m->metric_expr = pe->metric_expr;
> --
> 2.25.1

--

- Arnaldo

2022-01-14 21:33:58

by Arnaldo Carvalho de Melo

[permalink] [raw]
Subject: Re: [PATCH] perf util: Fix use after free in metric__new

Em Wed, Dec 08, 2021 at 09:33:14AM -0800, Ian Rogers escreveu:
> On Wed, Dec 8, 2021 at 9:11 AM Jos? Exp?sito <[email protected]> wrote:
> >
> > Addresses-Coverity-ID: 1494000
> > Signed-off-by: Jos? Exp?sito <[email protected]>
>
> Acked-by: Ian Rogers <irogers@google,com>
>
> This can only happen in the ENOMEM case, but it is a good fix.
>
> Fixes: b85a4d61d302 (perf metric: Allow modifiers on metrics)

Sorry, I missed this one _as well_, sigh...

- Arnaldo

> Thanks,
> Ian
>
> > ---
> > tools/perf/util/metricgroup.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/tools/perf/util/metricgroup.c b/tools/perf/util/metricgroup.c
> > index fffe02aae3ed..4d2fed3aefd1 100644
> > --- a/tools/perf/util/metricgroup.c
> > +++ b/tools/perf/util/metricgroup.c
> > @@ -209,8 +209,8 @@ static struct metric *metric__new(const struct pmu_event *pe,
> > m->metric_name = pe->metric_name;
> > m->modifier = modifier ? strdup(modifier) : NULL;
> > if (modifier && !m->modifier) {
> > - free(m);
> > expr__ctx_free(m->pctx);
> > + free(m);
> > return NULL;
> > }
> > m->metric_expr = pe->metric_expr;
> > --
> > 2.25.1
> >

--

- Arnaldo

2022-01-14 21:34:38

by José Expósito

[permalink] [raw]
Subject: Re: [PATCH] perf util: Fix use after free in metric__new

On Fri, Jan 14, 2022 at 02:48:35PM +0000, John Garry wrote:
> On 14/01/2022 14:47, Arnaldo Carvalho de Melo wrote:
> > > > Addresses-Coverity-ID: 1494000
> > > > Signed-off-by: Jos? Exp?sito<[email protected]>
> > > Acked-by: Ian Rogers <irogers@google,com>
> > >
> > > This can only happen in the ENOMEM case, but it is a good fix.
> > >
> > > Fixes: b85a4d61d302 (perf metric: Allow modifiers on metrics)
> > Sorry, I missed this one_as well_, sigh...
> >
> > - Arnaldo
>
>
> Isn't there a v3 out there? Not sure if you noticed...
>
> Cheers

Yes, here is v3 including the Fixes, Acked-by and Reviewed-by tags:

https://lore.kernel.org/linux-perf-users/[email protected]/