From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>,
"Steven Rostedt (VMware)" <rostedt@goodmis.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.6 33/49] tracing: Fix memory leaks in trace_events_hist.c
Date: Fri, 8 May 2020 14:35:50 +0200 [thread overview]
Message-ID: <20200508123047.600641190@linuxfoundation.org> (raw)
In-Reply-To: <20200508123042.775047422@linuxfoundation.org>
From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
[ Upstream commit 9da73974eb9c965dd9989befb593b8c8da9e4bdc ]
kmemleak report 1:
[<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
[<05a2c9ed>] create_field_var+0xcf/0x180
[<528a2d68>] action_create+0xe2/0xc80
[<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
[<28ea5d3d>] trigger_process_regex+0x7b/0xc0
[<3138e86f>] event_trigger_write+0x4d/0xb0
[<ffd66c19>] __vfs_write+0x30/0x200
[<4f424a0d>] vfs_write+0x96/0x1b0
[<da59a290>] ksys_write+0x53/0xc0
[<3717101a>] __ia32_sys_write+0x15/0x20
[<c5f23497>] do_fast_syscall_32+0x70/0x250
[<46e2629c>] entry_SYSENTER_32+0xaf/0x102
This is because save_vars[] of struct hist_trigger_data are
not destroyed
kmemleak report 2:
[<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
[<6e5e97c5>] create_var+0x3c/0x110
[<de82f1b9>] create_field_var+0xaf/0x180
[<528a2d68>] action_create+0xe2/0xc80
[<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
[<28ea5d3d>] trigger_process_regex+0x7b/0xc0
[<3138e86f>] event_trigger_write+0x4d/0xb0
[<ffd66c19>] __vfs_write+0x30/0x200
[<4f424a0d>] vfs_write+0x96/0x1b0
[<da59a290>] ksys_write+0x53/0xc0
[<3717101a>] __ia32_sys_write+0x15/0x20
[<c5f23497>] do_fast_syscall_32+0x70/0x250
[<46e2629c>] entry_SYSENTER_32+0xaf/0x102
struct hist_field allocated through create_var() do not initialize
"ref" field to 1. The code in __destroy_hist_field() does not destroy
object if "ref" is initialized to zero, the condition
if (--hist_field->ref > 1) always passes since unsigned int wraps.
kmemleak report 3:
[<f8666fcc>] __kmalloc_track_caller+0x139/0x2b0
[<bb7f80a5>] kstrdup+0x27/0x50
[<39d70006>] init_var_ref+0x58/0xd0
[<8ca76370>] create_var_ref+0x89/0xe0
[<f045fc39>] action_create+0x38f/0xc80
[<7c146821>] event_hist_trigger_func+0x15b5/0x1920
[<07de3f61>] trigger_process_regex+0x7b/0xc0
[<e87daf8f>] event_trigger_write+0x4d/0xb0
[<19bf1512>] __vfs_write+0x30/0x200
[<64ce4d27>] vfs_write+0x96/0x1b0
[<a6f34170>] ksys_write+0x53/0xc0
[<7d4230cd>] __ia32_sys_write+0x15/0x20
[<8eadca00>] do_fast_syscall_32+0x70/0x250
[<235cf985>] entry_SYSENTER_32+0xaf/0x102
hist_fields (system & event_name) are not freed
Link: http://lkml.kernel.org/r/20200422061503.GA5151@cosmos
Signed-off-by: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_events_hist.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 5f6834a2bf411..fcab11cc6833b 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -3320,6 +3320,9 @@ static void __destroy_hist_field(struct hist_field *hist_field)
kfree(hist_field->name);
kfree(hist_field->type);
+ kfree(hist_field->system);
+ kfree(hist_field->event_name);
+
kfree(hist_field);
}
@@ -4382,6 +4385,7 @@ static struct hist_field *create_var(struct hist_trigger_data *hist_data,
goto out;
}
+ var->ref = 1;
var->flags = HIST_FIELD_FL_VAR;
var->var.idx = idx;
var->var.hist_data = var->hist_data = hist_data;
@@ -5011,6 +5015,9 @@ static void destroy_field_vars(struct hist_trigger_data *hist_data)
for (i = 0; i < hist_data->n_field_vars; i++)
destroy_field_var(hist_data->field_vars[i]);
+
+ for (i = 0; i < hist_data->n_save_vars; i++)
+ destroy_field_var(hist_data->save_vars[i]);
}
static void save_field_var(struct hist_trigger_data *hist_data,
--
2.20.1
next prev parent reply other threads:[~2020-05-08 12:57 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-08 12:35 [PATCH 5.6 00/49] 5.6.12-rc1 review Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 01/49] vhost: vsock: kick send_pkt worker once device is started Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 02/49] drm/bridge: analogix_dp: Split bind() into probe() and real bind() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 03/49] ASoC: topology: Add missing memory checks Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 04/49] ASoC: topology: Check return value of soc_tplg_create_tlv Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 05/49] ASoC: topology: Check return value of soc_tplg_*_create Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 06/49] ASoC: topology: Check soc_tplg_add_route return value Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 07/49] ASoC: topology: Check return value of pcm_new_ver Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 08/49] ASoC: topology: Check return value of soc_tplg_dai_config Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 09/49] SUNRPC/cache: Fix unsafe traverse caused double-free in cache_purge Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 10/49] selftests: vm: Do not override definition of ARCH Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 11/49] selftests: vm: Fix 64-bit test builds for powerpc64le Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 12/49] Revert "Kernel selftests: tpm2: check for tpm support" Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 13/49] selftests/ipc: Fix test failure seen after initial test run Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 14/49] drm/bridge: anx6345: set correct BPC for display_info of connector Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 15/49] scsi: sg: add sg_remove_request in sg_write Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 16/49] ASoC: sgtl5000: Fix VAG power-on handling Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 17/49] ASoC: topology: Fix endianness issue Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 18/49] usb: dwc3: gadget: Properly set maxpacket limit Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 19/49] ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 20/49] ASoC: rsnd: Fix HDMI channel mapping for " Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 21/49] ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 22/49] remoteproc: qcom_q6v5_mss: fix a bug in q6v5_probe() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 23/49] drm/amd/powerplay: fix resume failed as smu table initialize early exit Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 24/49] drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 25/49] wimax/i2400m: Fix potential urb refcnt leak Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 26/49] net: stmmac: fix enabling socfpgas ptp_ref_clock Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 27/49] net: stmmac: Fix sub-second increment Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 28/49] ASoC: rsnd: Dont treat master SSI in multi SSI setup as parent Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 29/49] ASoC: rsnd: Fix "status check failed" spam for multi-SSI Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 30/49] cifs: protect updating server->dstaddr with a spinlock Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 31/49] scripts/config: allow colons in option strings for sed Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 32/49] cifs: do not share tcons with DFS Greg Kroah-Hartman
2020-05-08 12:35 ` Greg Kroah-Hartman [this message]
2020-05-08 12:35 ` [PATCH 5.6 34/49] ftrace: Fix memory leak caused by not freeing entry in unregister_ftrace_direct() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 35/49] net: phy: bcm84881: clear settings on link down Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 36/49] lib/mpi: Fix building for powerpc with clang Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 37/49] mac80211: sta_info: Add lockdep condition for RCU list usage Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 38/49] net: bcmgenet: suppress warnings on failed Rx SKB allocations Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 39/49] net: systemport: " Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 40/49] tools/runqslower: Ensure own vmlinux.h is picked up first Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 41/49] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.6 42/49] drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event Greg Kroah-Hartman
2020-05-08 12:36 ` [PATCH 5.6 43/49] ALSA: hda: Match both PCI ID and SSID for driver blacklist Greg Kroah-Hartman
2020-05-08 12:36 ` [PATCH 5.6 44/49] x86/kvm: fix a missing-prototypes "vmread_error" Greg Kroah-Hartman
2020-05-08 12:36 ` [PATCH 5.6 45/49] platform/x86: GPD pocket fan: Fix error message when temp-limits are out of range Greg Kroah-Hartman
2020-05-08 12:36 ` [PATCH 5.6 46/49] ACPI: PM: s2idle: Fix comment in acpi_s2idle_prepare_late() Greg Kroah-Hartman
2020-05-08 12:36 ` [PATCH 5.6 47/49] mac80211: add ieee80211_is_any_nullfunc() Greg Kroah-Hartman
2020-05-08 12:36 ` [PATCH 5.6 48/49] cgroup, netclassid: remove double cond_resched Greg Kroah-Hartman
2020-05-08 12:36 ` [PATCH 5.6 49/49] mm/mremap: Add comment explaining the untagging behaviour of mremap() Greg Kroah-Hartman
2020-05-08 21:07 ` [PATCH 5.6 00/49] 5.6.12-rc1 review Guenter Roeck
2020-05-08 23:22 ` shuah
2020-05-09 7:45 ` Naresh Kamboju
2020-05-10 7:34 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200508123047.600641190@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=vamshi.k.sthambamkadi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.