Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5050749ybi; Tue, 28 May 2019 06:48:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqxFURxFid/osRz4ulKn+sl/ZI2Guu0BOwhdg4s4aMybDq3WMhyAczwVC5K64AX/Q0DlnZzg X-Received: by 2002:aa7:87c3:: with SMTP id i3mr141495694pfo.85.1559051327214; Tue, 28 May 2019 06:48:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559051327; cv=none; d=google.com; s=arc-20160816; b=ba245QH4/DHUupEDxaDSEbPlhgjylMM+1gEz/IKLmDw0s/QFRkMnuoUQ626vRg8tnQ FvQR201pydKfK5V1Jnj7f46VcjVPdrDs7R+DYQWWGeofJ/FVhBL9oWc+1QZ26EEu7jk6 9Z3S0hfpP07i3maQ7jCZNRYpbYTNbJJPT6ZqWQc+xkY+rtuAsAWsCqbULbV57fIiwnj4 hjLXNbxh01ffMM1TGhRa1/gI8a8AMS9I8kJwn/vxK5xkhXYuuJlTRt+vm7fmsgiocKYj ukXwv0fQC2kzql+NOiCPyIbbzjLE4zbIKnY4dXZKMm1xJY4OSktYafArO4Fvr9HMQ1Js 0yiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=Q+SZZ5tAxQ4Vd5Xnbbh6RAt+ZJ/b62Vu/qDWIJpgIhE=; b=SQfZbWfyC6Qs5F/AY67lbAFaGASYdMYbY7RMg/CvFbaYFkz5RzvbtEt2leCcEMKw9W bUPeO9kL1jabfpmZ8MSJH0yM276tBPqBu0gIlEktti7wWG+I7O2jIIfkGNKlfLlBdUMQ D9CldYc0v+4Gi2ZVNBD7sci35T8poMEgEmM6xJP2aAjX/+jTIu1FQ6FCNhYPX2kOnKdB W6ViNmzfUXGF1lAZSnfeWPwlnIjmuY1fJpQfkI60VKWmTzTzQq8uV7SPAMVVZ6vOqfFj Ba/fEYuo2w/P+J1NJXTBNds6lAEVvH4F+aHv+Dqm85g+rzRihAU5lpiVc4L32xOcr42f /fVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=FWnGvhyE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a20si3586300pju.92.2019.05.28.06.48.30; Tue, 28 May 2019 06:48:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=FWnGvhyE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727648AbfE1NrD (ORCPT + 99 others); Tue, 28 May 2019 09:47:03 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:36428 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726925AbfE1NrC (ORCPT ); Tue, 28 May 2019 09:47:02 -0400 Received: by mail-lj1-f193.google.com with SMTP id w16so143490ljd.3 for ; Tue, 28 May 2019 06:47:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Q+SZZ5tAxQ4Vd5Xnbbh6RAt+ZJ/b62Vu/qDWIJpgIhE=; b=FWnGvhyEBNmhNxNSrgWwbzncb9k0YMERtYSVSG7lyintd5ILGxxXIhUiN2BSzD7sIq bHNuU9ONhfMvK7QKNx4V+hyTJOrrfSzt58rB8hM9ZNMz3HCnq/fwsOWlXt26qI2PnOhS +p7pAFzxilifE6ILwHAZPW11vvAYBQNtqbkNn2ev+5LgkYH1KZ4wp1TyM8t4uDe/c30q aD8MSvAMYrV2zI8FzzLI++s2UPj9oGhE4GE+5CGUjEJK9rPsxvH28iUtHZxoG0TRQmPW PAzSq2BDZuVWBajlbx0hvUEpcru6hXVtY+hC9VBBilxblaXm+nDZTT7jrdfh3YQUaHAi XaBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Q+SZZ5tAxQ4Vd5Xnbbh6RAt+ZJ/b62Vu/qDWIJpgIhE=; b=mAyCaM2ZRrEPj4MJ4kNgRLZj2Em2ovTlUIB7mdbOatRMaZ2RVsKUNCF6Y24AUe6pyM yvG7JBcksg5qsDeEbWf+O4N8uAF7FWITyns8gbL/gq1f+KMXowxtEYdXPpSZnOhQSaWA 4eeOkdIxc4sGBv6mr8LLuKV6V4FQJmkwzblinTNYb8iZtp3s5wXJkOmvjZTLb9hwkp+T 8wtWvdGfjzFCfxrpebV4xijim75S6sEu9LA20w8zsY9ME4kH2CxMrXzMF7NFSVbqnsi2 sdcrW0MfkIJZ3zNWE8snEKx+pABXN31a8YMK9k7tzlHGcwHBKpyE4CcxOhROPsOf8D6x 73pA== X-Gm-Message-State: APjAAAXGFctkS/lqZvoGFywouUJ9cumbCAVK8j4tGfrbl87PCG3YPpH2 xPo/n4/VGqB4mpe6w4QXnsSWBJrWG0Y= X-Received: by 2002:a2e:6a01:: with SMTP id f1mr64179834ljc.21.1559051221612; Tue, 28 May 2019 06:47:01 -0700 (PDT) Received: from debian-tom.home (2-111-15-75-dynamic.dk.customer.tdc.net. [2.111.15.75]) by smtp.gmail.com with ESMTPSA id b16sm1590109ljb.20.2019.05.28.06.47.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 May 2019 06:47:01 -0700 (PDT) From: Tomas Bortoli To: rostedt@goodmis.org, mingo@redhat.com Cc: linux-kernel@vger.kernel.org, Tomas Bortoli Subject: [PATCH] trace: Avoid memory leak in predicate_parse() Date: Tue, 28 May 2019 15:46:59 +0200 Message-Id: <20190528134659.4041-1-tomasbortoli@gmail.com> X-Mailer: git-send-email 2.11.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In case of errors, predicate_parse() goes to the out_free label to free memory and to return an error code. However, predicate_parse() does not free the predicates of the temporary prog_stack array, thence leaking them. Signed-off-by: Tomas Bortoli Reported-by: syzbot+6b8e0fb820e570c59e19@syzkaller.appspotmail.com --- kernel/trace/trace_events_filter.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c index d3e59312ef40..98eafad750d3 100644 --- a/kernel/trace/trace_events_filter.c +++ b/kernel/trace/trace_events_filter.c @@ -433,6 +433,8 @@ predicate_parse(const char *str, int nr_parens, int nr_preds, parse_error(pe, -ENOMEM, 0); goto out_free; } + memset(prog_stack, 0, nr_preds * sizeof(*prog_stack)); + inverts = kmalloc_array(nr_preds, sizeof(*inverts), GFP_KERNEL); if (!inverts) { parse_error(pe, -ENOMEM, 0); @@ -579,6 +581,8 @@ predicate_parse(const char *str, int nr_parens, int nr_preds, out_free: kfree(op_stack); kfree(inverts); + for (i = 0; prog_stack[i].pred; i++) + kfree(prog_stack[i].pred); kfree(prog_stack); return ERR_PTR(ret); } -- 2.11.0