Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp163629imm; Tue, 24 Jul 2018 16:14:38 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdZSjnfSdJlF3TjQdSWYEeIcraDylGO6Yj9OURjfp7+Orr16IlkCaq5QQpnyDaNU+88peiJ X-Received: by 2002:a65:5c02:: with SMTP id u2-v6mr18112532pgr.304.1532474078127; Tue, 24 Jul 2018 16:14:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532474078; cv=none; d=google.com; s=arc-20160816; b=m8wAOdjX6cA/qMnTVhoSiEC57adXhbeuXwpPRBMTX6ng1nhQoiS3ZFkcD97EUanGsV i2PTWYnCstW2Z7wu7IH1rOnlQSvb9LDDsDYyg1eKh1lnI5feR6nVcdRlQ1HlyKeTLG8t scMJZXlu1HcSUs42z9Pc4awpPwyXG4rFhFU4L0AhqXYiOeyKFuMxIkzwKM5Lkj+tcvNk HL6Vn6aJqfCiFWx/V22uT97Kf4RXubQjevHV/SoX2X9JPqCcF0MC37FDJJI6uNhbSKMw 0nqb5US00BdGQB86CzF/oQ/eytaexreJhCulbTHCunBdEPwzsrbfU4faALOihfdIMxZ1 XAAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :arc-authentication-results; bh=UT8yTCAYUi7Sb27ZVvR3XXSLapjsIOO/5rhNH6O+u00=; b=jeNts/lqywHMt9BMSTFGWes3W3wtgknBTEQR6tnvphyaV6EhMoCWAaqw5qadWfTYVU knKhu4LlI8GIG2S/kdgYjM4ygNYr1DGvEASXRBcQ3BqndtAKxUVuGQgPUacF5JCd/9xs FEfj2EVK58uPImc3kyYhWU0XoyW3wanfgl1xEIU/ALdrQ1MrgpoSJH/CvZmNFM2wDyKs Kt+0j5jE5FHDyu3aNF4ke6gOZHkkvmNa9u9w4gntGgkofot0Q9m83IN9Ar2EK7rh+KDQ +OJjHSkfr1hebbwPBye4LtyWQ5pEhaHKmv90yEgTuo9/WUXfI/pUqFlr8Y9q4Q+wlgDH uSYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b11-v6si3683988pla.79.2018.07.24.16.14.22; Tue, 24 Jul 2018 16:14:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388870AbeGYAWU (ORCPT + 99 others); Tue, 24 Jul 2018 20:22:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:58362 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388614AbeGYAWT (ORCPT ); Tue, 24 Jul 2018 20:22:19 -0400 Received: from gandalf.local.home (cpe-66-24-56-78.stny.res.rr.com [66.24.56.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DC7A920874; Tue, 24 Jul 2018 23:13:32 +0000 (UTC) Date: Tue, 24 Jul 2018 19:13:31 -0400 From: Steven Rostedt To: Tom Zanussi Cc: Masami Hiramatsu , Ingo Molnar , Shuah Khan , Hiraku Toyooka , linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: Re: [PATCH 1/3] [BUGFIX] tracing: Fix double free of event_trigger_data Message-ID: <20180724191331.738eb819@gandalf.local.home> In-Reply-To: <20180724173008.454cdf10@gandalf.local.home> References: <153149923649.11274.14970833360963898112.stgit@devbox> <153149926702.11274.12489440326560729788.stgit@devbox> <20180723221006.60cc7aa9@vmware.local.home> <20180725000909.6c8b2f3881ee75c4f6bd466b@kernel.org> <20180724164959.3cbc1422@gandalf.local.home> <20180724173008.454cdf10@gandalf.local.home> X-Mailer: Claws Mail 3.16.0 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 24 Jul 2018 17:30:08 -0400 Steven Rostedt wrote: > I don't see where ->reg() would return anything but 1 on success. Maybe > I'm missing something. I'll look some more, but I'm thinking of changing > ->reg() to return zero on all success, and negative on all errors and > just check those results. Yeah, I'm going to make these changes. That is, all struct event_command .reg functions will return negative on error, and zero or positive on everything else. All the checks are going to be only for the negative value. But for the bug fix itself, I believe this should do it. Masami, what do you think? -- Steve diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c index d18249683682..8771a27ca60f 100644 --- a/kernel/trace/trace_events_trigger.c +++ b/kernel/trace/trace_events_trigger.c @@ -679,6 +679,8 @@ event_trigger_callback(struct event_command *cmd_ops, goto out_free; out_reg: + /* Up the trigger_data count to make sure reg doesn't free it on failure */ + event_trigger_init(trigger_ops, trigger_data); ret = cmd_ops->reg(glob, trigger_ops, trigger_data, file); /* * The above returns on success the # of functions enabled, @@ -687,10 +689,11 @@ event_trigger_callback(struct event_command *cmd_ops, */ if (!ret) { ret = -ENOENT; - goto out_free; - } else if (ret < 0) - goto out_free; - ret = 0; + } else if (ret > 0) + ret = 0; + + /* Down the counter of trigger_data or free it if not used anymore */ + event_trigger_free(trigger_ops, trigger_data); out: return ret;