Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp3881728pxb; Tue, 17 Nov 2020 06:07:29 -0800 (PST) X-Google-Smtp-Source: ABdhPJx7jx9QNyOVwYMso20xbYM83ggeMkLnQDEQ3qxNuUhJ3Q5MctR+VbopN27iMnaf+SfCWylV X-Received: by 2002:aa7:cd41:: with SMTP id v1mr4448201edw.147.1605622049197; Tue, 17 Nov 2020 06:07:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605622049; cv=none; d=google.com; s=arc-20160816; b=WsyA+3Vcxjj+mfseXbHG0wHeC6YRaIc5us1gtsQYXt2bLi7Bi2VG2E2RUdZ6nDi8Eu m5QRt3AzWT1olX4BUQ6AvJClV6D1OD0lQcb6ZpFC3r2fbYy/r/nIbMzrwrae8ec+2/Hb WYS11k3n3pqiQhKnhiylW1MGuBGf9w5e+8RTbVr5Y59jQmyDsdHwDLNv7dFdrGMc1NiO IKo2eFUp9WpMlKyxqn7NwYec5nZXEdFpJUIXI0AOx3AxOchMeXJJr2Guuw0KGCTD2ycs ihdHTEP9sgezI4eYqAibUidsmTQ/Nc+pTuXETVF40SO5F1LufTA/zG7AxPDERew+mK64 KYPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+JQ8kKeEtCSM9zh+V0XdIxY+Zh0pHapL7JcY+V+jFOA=; b=VRgJw9ivMnbuwfoW9dl+kA7nprwq2KaoOwmVSkPjSUNlMDXXrJfqn7yn37KWewTshP FeTuOSvPrnDBBL1NKydZ6SkJOfRwiftsNSoFLyTXaLgLXAtUH7OWJlcS1d9J7eGGMICg 2HpcPgxE2JbXjEd6XYhx8G585nd2TABmGu8/er43pmY/3G9JrB7lvvHLNmN1X4N0VKko JJeLT1n57hqvZG6ROxGQRgdueQzWFE1N7arOMfKBDpNDJ98RNHk7UWsRxpfmvjjnyeiZ I4MbA/3MwctzvV9fPtH3Tlm+ocbOpcTIWi2QzzzHEcBoHzwB1U19y01/brNC6lADbY7o CBQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TqNjNFkS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cw2si14532269edb.467.2020.11.17.06.07.05; Tue, 17 Nov 2020 06:07:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=TqNjNFkS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729808AbgKQODd (ORCPT + 99 others); Tue, 17 Nov 2020 09:03:33 -0500 Received: from mail.kernel.org ([198.145.29.99]:41854 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729750AbgKQNL4 (ORCPT ); Tue, 17 Nov 2020 08:11:56 -0500 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 06FFD221EB; Tue, 17 Nov 2020 13:11:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605618714; bh=SB3DuEP7PdcLkx/S+q44Z17xDP1AcMGKha/fpi548io=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TqNjNFkSMbb8cOMqGq8fmxmsUYPadjM5EvKV8Z+2HKoOTG9ln/r+jezNKtu4o4I9t ZEEs6pwVobirFoHQJCnpeQ4xebEttc63XLah+fcsbv3Y5hKKNxKwMrLjXyuFW4HSGQ QG5E34Zow7HytzYILkNB/kvf2DhNXeflIv/jqqi0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?UTF-8?q?kiyin ?= , Dan Carpenter , Ingo Molnar , "Srivatsa S. Bhat" , Anthony Liguori , Sudip Mukherjee Subject: [PATCH 4.9 61/78] perf/core: Fix a memory leak in perf_event_parse_addr_filter() Date: Tue, 17 Nov 2020 14:05:27 +0100 Message-Id: <20201117122112.089828466@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201117122109.116890262@linuxfoundation.org> References: <20201117122109.116890262@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "kiyin(尹亮)" commit 7bdb157cdebbf95a1cd94ed2e01b338714075d00 upstream As shown through runtime testing, the "filename" allocation is not always freed in perf_event_parse_addr_filter(). There are three possible ways that this could happen: - It could be allocated twice on subsequent iterations through the loop, - or leaked on the success path, - or on the failure path. Clean up the code flow to make it obvious that 'filename' is always freed in the reallocation path and in the two return paths as well. We rely on the fact that kfree(NULL) is NOP and filename is initialized with NULL. This fixes the leak. No other side effects expected. [ Dan Carpenter: cleaned up the code flow & added a changelog. ] [ Ingo Molnar: updated the changelog some more. ] Fixes: 375637bc5249 ("perf/core: Introduce address range filtering") Signed-off-by: "kiyin(尹亮)" Signed-off-by: Dan Carpenter Signed-off-by: Ingo Molnar Cc: "Srivatsa S. Bhat" Cc: Anthony Liguori [sudip: Backported to 4.9: adjust context] Signed-off-by: Sudip Mukherjee Signed-off-by: Greg Kroah-Hartman --- kernel/events/core.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -8261,6 +8261,7 @@ perf_event_parse_addr_filter(struct perf if (token == IF_SRC_FILE || token == IF_SRC_FILEADDR) { int fpos = filter->range ? 2 : 1; + kfree(filename); filename = match_strdup(&args[fpos]); if (!filename) { ret = -ENOMEM; @@ -8292,10 +8293,7 @@ perf_event_parse_addr_filter(struct perf ret = kern_path(filename, LOOKUP_FOLLOW, &filter->path); if (ret) - goto fail_free_name; - - kfree(filename); - filename = NULL; + goto fail; ret = -EINVAL; if (!filter->path.dentry || @@ -8313,13 +8311,13 @@ perf_event_parse_addr_filter(struct perf if (state != IF_STATE_ACTION) goto fail; + kfree(filename); kfree(orig); return 0; -fail_free_name: - kfree(filename); fail: + kfree(filename); free_filters_list(filters); kfree(orig);