Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4039263imu;
        Mon, 12 Nov 2018 04:57:32 -0800 (PST)
X-Google-Smtp-Source: AJdET5fUdP+8VYyftWlaEB3clq65ZlnZxzbZf9yD8QCgH5Giwyl5xB2hjelsqLaKvDlGrTkhxOd4
X-Received: by 2002:a63:1e5c:: with SMTP id p28mr737748pgm.376.1542027452069;
        Mon, 12 Nov 2018 04:57:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1542027452; cv=none;
        d=google.com; s=arc-20160816;
        b=0aSMOgvoJi0bz06RXBEWEeRXal02s1cPYxvK4mpVlZyimN37SibofbQlR4+URCE82A
         fxqD/hmBfcZmeIpUp6fBuQ7iLTht5URk+JbGirYAYBBHxTLMmmRVfo+cZHawyoWttMU+
         o/Ph3qFxBjdHHclw9nGRG/3h0n6vWDwMKiaFD3lnT6Jt24BIjKk/pgm209PL3p/0c3KL
         K0lClRRxs5UmR1tqxTPS0SP2rFGmKl+3UhVECYLxmmnS9Wdb00uj8IFUkH/IZr9m7+hc
         CC1B/9HKeihvRZdYh+U7MduTqgUQxB4srECX2+wm97jCUR0zqDbRtw6jbkcNFWoDSJm5
         4Osw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from;
        bh=jcvajilFJIn82hEAF2Eq0arVPysnQ+x0aHRkLl3ng9c=;
        b=GCm6z62S3vVdQ8FarSkv6XIU9nVQeNdDZWVprcNKEU9Ega/Da1iyimZB9RRjcy6TP8
         PGZsKeo9aLnV9aXlwM0R2uzn+zCKBGoPP25etlGXRtOOAhqy3/421nisYT78TWj1zFx1
         KLYeFFhdkPUirbxss7RpQB3ORzoLfNI7dkbQm0N8H3djydWoaXh5GK/8wGpNB93rPalF
         s732D7Xz0kGgy5p/neaYhL832PgIX4Yl8+4hsrtc1+7ZU9ob33dxvg45AzSWzswR6MVj
         GiTQdwX1LfdOGaXUAWudTLey+fQj5cHTc6jmRg1ppWCW+lkskEFfKpfLgIXblHAWuKhQ
         BIsA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d32-v6si18299816pld.238.2018.11.12.04.57.16;
        Mon, 12 Nov 2018 04:57:32 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729496AbeKLWsu (ORCPT <rfc822;peterpeng024@gmail.com>
        + 99 others); Mon, 12 Nov 2018 17:48:50 -0500
Received: from mx1.redhat.com ([209.132.183.28]:36638 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726693AbeKLWsu (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Nov 2018 17:48:50 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 8067189AD9;
        Mon, 12 Nov 2018 12:55:40 +0000 (UTC)
Received: from shodan.usersys.redhat.com (unknown [10.43.17.28])
        by smtp.corp.redhat.com (Postfix) with ESMTP id E3855608F8;
        Mon, 12 Nov 2018 12:55:38 +0000 (UTC)
Received: by shodan.usersys.redhat.com (Postfix, from userid 1000)
        id 473A52C0F96; Mon, 12 Nov 2018 13:55:38 +0100 (CET)
From:   Artem Savkov <asavkov@redhat.com>
To:     Josh Poimboeuf <jpoimboe@redhat.com>
Cc:     Peter Zijlstra <peterz@infradead.org>,
        linux-kernel@vger.kernel.org, Artem Savkov <asavkov@redhat.com>
Subject: [PATCH v3 1/2] objtool: fix failed cold symbol doublefree
Date:   Mon, 12 Nov 2018 13:55:18 +0100
Message-Id: <20181112125519.26855-2-asavkov@redhat.com>
In-Reply-To: <20181112125519.26855-1-asavkov@redhat.com>
References: <20181112033800.ujolxvkwzz72lxhm@treble>
 <20181112125519.26855-1-asavkov@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 12 Nov 2018 12:55:40 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

If read_symbols() fails during second list traversal (the one dealing
with ".cold" subfunctions) it frees the symbol, but never deletes it
from the list/hash_table resulting in symbol being freed again in
elf_close().

Fixes: 13810435b9a7 "objtool: Support GCC 8's cold subfunctions"
Signed-off-by: Artem Savkov <asavkov@redhat.com>
---
 tools/objtool/elf.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c
index 6dbb9fae0f9d..3decd43477df 100644
--- a/tools/objtool/elf.c
+++ b/tools/objtool/elf.c
@@ -312,7 +312,7 @@ static int read_symbols(struct elf *elf)
 			if (!pfunc) {
 				WARN("%s(): can't find parent function",
 				     sym->name);
-				goto err;
+				goto cold_err;
 			}
 
 			sym->pfunc = pfunc;
@@ -336,6 +336,9 @@ static int read_symbols(struct elf *elf)
 
 	return 0;
 
+cold_err:
+	list_del(&sym->list);
+	hash_del(&sym->hash);
 err:
 	free(sym);
 	return -1;
-- 
2.17.2