Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3201719pxb; Mon, 9 Nov 2020 05:29:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJzmZ3fNYJHgHib71PGp6QS8GzbYwj/WklzfRf+BRZOHn4VjXXPHDckxQWwMLu65nXzRza5D X-Received: by 2002:a17:906:9414:: with SMTP id q20mr14696696ejx.384.1604928543804; Mon, 09 Nov 2020 05:29:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604928543; cv=none; d=google.com; s=arc-20160816; b=JZP13CgtoRO/yYcpIZhJ753WdzN+G1sPlqXIwzxBAxS03+8rgHz0l+ntINEhKbq3MB 8PbtvI8kpPLwMbzs2bNddvmL4+Oov8d9TCkDiD0mnAAj7ZbbUJC/H7WgRIrtA7a5zQMA 54v8GAKo5dy2xpsZG4SWX3trtYqTfF9H9zfJTRub1nxACLzdtMvL4KMEBE8n84BYsz+9 ejyOSjwHXgLDVfflBOg2sWk7+eRalHcYJhfYVguCJ6WvSUqWdnUIfZi77uPWAWp3Rdla wVg8bc1zERBA/urTAByU3AOKJrhU7+SfoP80aBZJxxLi8OkqL4GynqlDG1rFNsfjt8DA nyxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=w3WSRiP5QRrh94H/Xrx4F+by1TetE0ccDHiSHN47upM=; b=Cl7tAHbqSKZ6f2/6pBmD0buhCENs1/+fPyL0uk7oDON5qHhffJz94+g0q1JcAmeK48 8ZwMRVIJ5wrZ565iRVdXokl+Yc5g66Ai4eQ0pykDFwCl6VAKiTFPlag2vMxrLqDYMapj NuU6U/F+lDjIsBQTizVX9e5Mtora93V+Btj9jGkBApzwg4kBvGZKFU0i8st1KQr7qpBy jXlt9QP5SrBcTyYngVItkQgB6WbQTiz3iIyrGe1kXs5d8l/JWjIE32QIkyoKOHElmRCi Vswb/5h51tGoT1L4IdqSq+MmMRtwF5xJgEmAycBJcxe1HCLjBFMuhVLNOs4ZpGSBabWR Gb2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=iWhxamJD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d22si6738295ejz.82.2020.11.09.05.28.40; Mon, 09 Nov 2020 05:29:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=iWhxamJD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733248AbgKIN05 (ORCPT + 99 others); Mon, 9 Nov 2020 08:26:57 -0500 Received: from mail.kernel.org ([198.145.29.99]:42128 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731083AbgKINPV (ORCPT ); Mon, 9 Nov 2020 08:15:21 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A7EF8216C4; Mon, 9 Nov 2020 13:15:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604927720; bh=YslYDa45oHKEau1PImBbICMtQ4p9PWkBeRpGnX9QEH0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iWhxamJDPTJrecJHfErlnfw2t9CsfyJL3x0QGpmODJ2Mx+4CdBROVAihQczbIwjU/ tnWx6JEpRU4D7YyJJbA9aDO7rOAX+FhTSv1dUCd80C+lvOk6n/4ax3MeXSoNY6wjKh xUD/pi3inL2lZd8tuHhL2+fVZeZptjmETTNYTelI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?kiyin ?= , Dan Carpenter , Ingo Molnar , "Srivatsa S. Bhat" , Anthony Liguori Subject: [PATCH 5.4 84/85] perf/core: Fix a memory leak in perf_event_parse_addr_filter() Date: Mon, 9 Nov 2020 13:56:21 +0100 Message-Id: <20201109125026.622601267@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201109125022.614792961@linuxfoundation.org> References: <20201109125022.614792961@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: kiyin(尹亮) commit 7bdb157cdebbf95a1cd94ed2e01b338714075d00 upstream. As shown through runtime testing, the "filename" allocation is not always freed in perf_event_parse_addr_filter(). There are three possible ways that this could happen: - It could be allocated twice on subsequent iterations through the loop, - or leaked on the success path, - or on the failure path. Clean up the code flow to make it obvious that 'filename' is always freed in the reallocation path and in the two return paths as well. We rely on the fact that kfree(NULL) is NOP and filename is initialized with NULL. This fixes the leak. No other side effects expected. [ Dan Carpenter: cleaned up the code flow & added a changelog. ] [ Ingo Molnar: updated the changelog some more. ] Fixes: 375637bc5249 ("perf/core: Introduce address range filtering") Signed-off-by: "kiyin(尹亮)" Signed-off-by: Dan Carpenter Signed-off-by: Ingo Molnar Cc: "Srivatsa S. Bhat" Cc: Anthony Liguori -- kernel/events/core.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) Signed-off-by: Greg Kroah-Hartman --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -9415,6 +9415,7 @@ perf_event_parse_addr_filter(struct perf if (token == IF_SRC_FILE || token == IF_SRC_FILEADDR) { int fpos = token == IF_SRC_FILE ? 2 : 1; + kfree(filename); filename = match_strdup(&args[fpos]); if (!filename) { ret = -ENOMEM; @@ -9461,16 +9462,13 @@ perf_event_parse_addr_filter(struct perf */ ret = -EOPNOTSUPP; if (!event->ctx->task) - goto fail_free_name; + goto fail; /* look up the path and grab its inode */ ret = kern_path(filename, LOOKUP_FOLLOW, &filter->path); if (ret) - goto fail_free_name; - - kfree(filename); - filename = NULL; + goto fail; ret = -EINVAL; if (!filter->path.dentry || @@ -9490,13 +9488,13 @@ perf_event_parse_addr_filter(struct perf if (state != IF_STATE_ACTION) goto fail; + kfree(filename); kfree(orig); return 0; -fail_free_name: - kfree(filename); fail: + kfree(filename); free_filters_list(filters); kfree(orig);