Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752789AbdHNKS3 (ORCPT <rfc822;w@1wt.eu>);
        Mon, 14 Aug 2017 06:18:29 -0400
Received: from mx1.redhat.com ([209.132.183.28]:57841 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752666AbdHNKS0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Aug 2017 06:18:26 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 501CAB568C
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=chuhu@redhat.com
From: Chunyu Hu <chuhu@redhat.com>
To: rostedt@goodmis.org
Cc: mingo@kernel.org, linux-kernel@vger.kernel.org, chuhu@redhat.com
Subject: [PATCH 2/2] tracing: Fix kmemleak in set_trigger_filter
Date: Mon, 14 Aug 2017 18:18:18 +0800
Message-Id: <1502705898-27571-2-git-send-email-chuhu@redhat.com>
In-Reply-To: <1502705898-27571-1-git-send-email-chuhu@redhat.com>
References: <1502705898-27571-1-git-send-email-chuhu@redhat.com>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 14 Aug 2017 10:18:26 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 4250
Lines: 100

Found this kmemleak in error path when setting event trigger
filter. The steps is as below.

cd /sys/kernel/debug/tracing/events/irq/irq_handler_entry
echo 'enable_event:kmem:kmalloc:3 if nr_rq > 1' > trigger
echo 'enable_event:kmem:kmalloc:3 if irq > 31' > trigger
echo 'enable_event:kmem:kmalloc:3 if irq > ' > trigger

unreferenced object 0xffffa06e570186a0 (size 32):
  comm "bash", pid 2521, jiffies 4335796661 (age 43872.095s)
  hex dump (first 32 bytes):
    00 00 00 00 01 00 00 00 00 a6 86 69 6e a0 ff ff  ...........in...
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff9756c27a>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff97024e0a>] kmem_cache_alloc_trace+0xca/0x1d0
    [<ffffffff96f86552>] create_filter_start.constprop.28+0x42/0x730
    [<ffffffff96f87a0a>] create_filter+0x4a/0xc0
    [<ffffffff96f87bac>] create_event_filter+0xc/0x10
    [<ffffffff96f88b24>] set_trigger_filter+0x84/0x130
    [<ffffffff96f8934f>] event_enable_trigger_func+0x25f/0x340
    [<ffffffff96f8894d>] event_trigger_write+0xfd/0x1a0
    [<ffffffff9704e117>] __vfs_write+0x37/0x170
    [<ffffffff9704f6a2>] vfs_write+0xb2/0x1b0
    [<ffffffff97050cd5>] SyS_write+0x55/0xc0
    [<ffffffff96e03857>] do_syscall_64+0x67/0x150
    [<ffffffff97577ce7>] return_from_SYSCALL_64+0x0/0x6a
    [<ffffffffffffffff>] 0xffffffffffffffff
unreferenced object 0xffffa06e6986a600 (size 512):
  comm "bash", pid 2521, jiffies 4335796661 (age 43872.095s)
  hex dump (first 32 bytes):
    b0 59 f8 96 ff ff ff ff 00 00 00 00 00 00 00 00  .Y..............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff9756c27a>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff97025498>] __kmalloc+0xe8/0x220
    [<ffffffff96f87518>] replace_preds+0x4c8/0x970
    [<ffffffff96f87a51>] create_filter+0x91/0xc0
    [<ffffffff96f87bac>] create_event_filter+0xc/0x10
    [<ffffffff96f88b24>] set_trigger_filter+0x84/0x130
    [<ffffffff96f8934f>] event_enable_trigger_func+0x25f/0x340
    [<ffffffff96f8894d>] event_trigger_write+0xfd/0x1a0
    [<ffffffff9704e117>] __vfs_write+0x37/0x170
    [<ffffffff9704f6a2>] vfs_write+0xb2/0x1b0
    [<ffffffff97050cd5>] SyS_write+0x55/0xc0
    [<ffffffff96e03857>] do_syscall_64+0x67/0x150
    [<ffffffff97577ce7>] return_from_SYSCALL_64+0x0/0x6a
    [<ffffffffffffffff>] 0xffffffffffffffff
unreferenced object 0xffffa06e718a7560 (size 32):
  comm "bash", pid 2521, jiffies 4335807465 (age 43861.320s)
  hex dump (first 32 bytes):
    00 00 00 00 01 00 00 00 00 a2 76 5b 6e a0 ff ff  ..........v[n...
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff9756c27a>] kmemleak_alloc+0x4a/0xa0
    [<ffffffff97024e0a>] kmem_cache_alloc_trace+0xca/0x1d0
    [<ffffffff96f86552>] create_filter_start.constprop.28+0x42/0x730
    [<ffffffff96f87a0a>] create_filter+0x4a/0xc0
    [<ffffffff96f87bac>] create_event_filter+0xc/0x10
    [<ffffffff96f88b24>] set_trigger_filter+0x84/0x130
    [<ffffffff96f8934f>] event_enable_trigger_func+0x25f/0x340
    [<ffffffff96f8894d>] event_trigger_write+0xfd/0x1a0
    [<ffffffff9704e117>] __vfs_write+0x37/0x170
    [<ffffffff9704f6a2>] vfs_write+0xb2/0x1b0
    [<ffffffff97050cd5>] SyS_write+0x55/0xc0
    [<ffffffff96e03857>] do_syscall_64+0x67/0x150
    [<ffffffff97577ce7>] return_from_SYSCALL_64+0x0/0x6a
    [<ffffffffffffffff>] 0xffffffffffffffff

Signed-off-by: Chunyu Hu <chuhu@redhat.com>
---
 kernel/trace/trace_events_trigger.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c
index f2ac9d4..955c3eb 100644
--- a/kernel/trace/trace_events_trigger.c
+++ b/kernel/trace/trace_events_trigger.c
@@ -739,7 +739,7 @@ int set_trigger_filter(char *filter_str,
 	/* The filter is for the 'trigger' event, not the triggered event */
 	ret = create_event_filter(file->event_call, filter_str, false, &filter);
 	if (ret)
-		goto out;
+		goto out_free;
  assign:
 	tmp = rcu_access_pointer(data->filter);
 
@@ -764,6 +764,10 @@ int set_trigger_filter(char *filter_str,
 	}
  out:
 	return ret;
+
+ out_free:
+	free_event_filter(filter);
+	goto out;
 }
 
 static LIST_HEAD(named_triggers);
-- 
1.8.3.1