From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 5.6 64/79] tracing: Fix memory leaks in trace_events_hist.c
Date: Thu, 30 Apr 2020 09:50:28 -0400 [thread overview]
Message-ID: <20200430135043.19851-64-sashal@kernel.org> (raw)
In-Reply-To: <20200430135043.19851-1-sashal@kernel.org>
From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
[ Upstream commit 9da73974eb9c965dd9989befb593b8c8da9e4bdc ]
kmemleak report 1:
[<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
[<05a2c9ed>] create_field_var+0xcf/0x180
[<528a2d68>] action_create+0xe2/0xc80
[<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
[<28ea5d3d>] trigger_process_regex+0x7b/0xc0
[<3138e86f>] event_trigger_write+0x4d/0xb0
[<ffd66c19>] __vfs_write+0x30/0x200
[<4f424a0d>] vfs_write+0x96/0x1b0
[<da59a290>] ksys_write+0x53/0xc0
[<3717101a>] __ia32_sys_write+0x15/0x20
[<c5f23497>] do_fast_syscall_32+0x70/0x250
[<46e2629c>] entry_SYSENTER_32+0xaf/0x102
This is because save_vars[] of struct hist_trigger_data are
not destroyed
kmemleak report 2:
[<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
[<6e5e97c5>] create_var+0x3c/0x110
[<de82f1b9>] create_field_var+0xaf/0x180
[<528a2d68>] action_create+0xe2/0xc80
[<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
[<28ea5d3d>] trigger_process_regex+0x7b/0xc0
[<3138e86f>] event_trigger_write+0x4d/0xb0
[<ffd66c19>] __vfs_write+0x30/0x200
[<4f424a0d>] vfs_write+0x96/0x1b0
[<da59a290>] ksys_write+0x53/0xc0
[<3717101a>] __ia32_sys_write+0x15/0x20
[<c5f23497>] do_fast_syscall_32+0x70/0x250
[<46e2629c>] entry_SYSENTER_32+0xaf/0x102
struct hist_field allocated through create_var() do not initialize
"ref" field to 1. The code in __destroy_hist_field() does not destroy
object if "ref" is initialized to zero, the condition
if (--hist_field->ref > 1) always passes since unsigned int wraps.
kmemleak report 3:
[<f8666fcc>] __kmalloc_track_caller+0x139/0x2b0
[<bb7f80a5>] kstrdup+0x27/0x50
[<39d70006>] init_var_ref+0x58/0xd0
[<8ca76370>] create_var_ref+0x89/0xe0
[<f045fc39>] action_create+0x38f/0xc80
[<7c146821>] event_hist_trigger_func+0x15b5/0x1920
[<07de3f61>] trigger_process_regex+0x7b/0xc0
[<e87daf8f>] event_trigger_write+0x4d/0xb0
[<19bf1512>] __vfs_write+0x30/0x200
[<64ce4d27>] vfs_write+0x96/0x1b0
[<a6f34170>] ksys_write+0x53/0xc0
[<7d4230cd>] __ia32_sys_write+0x15/0x20
[<8eadca00>] do_fast_syscall_32+0x70/0x250
[<235cf985>] entry_SYSENTER_32+0xaf/0x102
hist_fields (system & event_name) are not freed
Link: http://lkml.kernel.org/r/20200422061503.GA5151@cosmos
Signed-off-by: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_events_hist.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 5f6834a2bf411..fcab11cc6833b 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -3320,6 +3320,9 @@ static void __destroy_hist_field(struct hist_field *hist_field)
kfree(hist_field->name);
kfree(hist_field->type);
+ kfree(hist_field->system);
+ kfree(hist_field->event_name);
+
kfree(hist_field);
}
@@ -4382,6 +4385,7 @@ static struct hist_field *create_var(struct hist_trigger_data *hist_data,
goto out;
}
+ var->ref = 1;
var->flags = HIST_FIELD_FL_VAR;
var->var.idx = idx;
var->var.hist_data = var->hist_data = hist_data;
@@ -5011,6 +5015,9 @@ static void destroy_field_vars(struct hist_trigger_data *hist_data)
for (i = 0; i < hist_data->n_field_vars; i++)
destroy_field_var(hist_data->field_vars[i]);
+
+ for (i = 0; i < hist_data->n_save_vars; i++)
+ destroy_field_var(hist_data->save_vars[i]);
}
static void save_field_var(struct hist_trigger_data *hist_data,
--
2.20.1
next prev parent reply other threads:[~2020-04-30 14:08 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 13:49 [PATCH AUTOSEL 5.6 01/79] ARM: dts: OMAP3: disable RNG on N950/N9 Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 02/79] drm/bridge: analogix_dp: Split bind() into probe() and real bind() Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 03/79] ARM: dts: bcm283x: Add cells encoding format to firmware bus Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 04/79] iio:ad7797: Use correct attribute_group Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 05/79] iio: imu: st_lsm6dsx: fix read misalignment on untagged FIFO Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 06/79] iio: imu: st_lsm6dsx: specify slave odr in slv_odr Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 07/79] ASoC: topology: Add missing memory checks Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 08/79] ASoC: topology: Check return value of soc_tplg_create_tlv Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 09/79] ASoC: topology: Check return value of soc_tplg_*_create Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 10/79] ASoC: topology: Check soc_tplg_add_route return value Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 11/79] ASoC: topology: Check return value of pcm_new_ver Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 12/79] ASoC: topology: Check return value of soc_tplg_dai_config Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 13/79] nfsd: memory corruption in nfsd4_lock() Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 14/79] SUNRPC/cache: Fix unsafe traverse caused double-free in cache_purge Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 15/79] selftests: vm: Do not override definition of ARCH Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 16/79] selftests: vm: Fix 64-bit test builds for powerpc64le Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 17/79] ASoC: samsung: s3c24xx-i2s: Fix build after removal of DAI suspend/resume Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 18/79] Revert "Kernel selftests: tpm2: check for tpm support" Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 19/79] selftests/ipc: Fix test failure seen after initial test run Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 20/79] drm/bridge: anx6345: set correct BPC for display_info of connector Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 21/79] scsi: sg: add sg_remove_request in sg_write Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 22/79] drivers: soc: xilinx: fix firmware driver Kconfig dependency Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 23/79] drm/scheduler: fix drm_sched_get_cleanup_job Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 24/79] ASoC: sgtl5000: Fix VAG power-on handling Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 25/79] ASoC: q6dsp6: q6afe-dai: add missing channels to MI2S DAIs Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 26/79] ASoC: topology: Fix endianness issue Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 27/79] usb: dwc3: gadget: Properly set maxpacket limit Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 28/79] usb: dwc3: gadget: Do link recovery for SS and SSP Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 29/79] ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 30/79] ASoC: rsnd: Fix HDMI channel mapping for " Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 31/79] ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 32/79] ARM: dts: bcm283x: Disable dsi0 node Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 33/79] remoteproc: qcom_q6v5_mss: fix a bug in q6v5_probe() Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 34/79] usb: gadget: udc: atmel: Fix vbus disconnect handling Sasha Levin
2020-04-30 13:49 ` [PATCH AUTOSEL 5.6 35/79] svcrdma: Fix trace point use-after-free race Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 36/79] ASoC: stm32: sai: fix sai probe Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 37/79] ASoC: SOF: Intel: add min/max channels for SSP on Baytrail/Broadwell Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 38/79] drm/amd/powerplay: fix resume failed as smu table initialize early exit Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 39/79] drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 40/79] wimax/i2400m: Fix potential urb refcnt leak Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 41/79] net: stmmac: fix enabling socfpga's ptp_ref_clock Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 42/79] net: stmmac: Fix sub-second increment Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 43/79] netfilter: nat: fix error handling upon registering inet hook Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 44/79] counter: 104-quad-8: Add lock guards - generic interface Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 45/79] ASoC: meson: axg-card: fix codec-to-codec link setup Sasha Levin
2020-04-30 13:56 ` Mark Brown
2020-05-02 13:46 ` Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 46/79] ASoC: rsnd: Don't treat master SSI in multi SSI setup as parent Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 47/79] ASoC: rsnd: Fix "status check failed" spam for multi-SSI Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 48/79] net/mlx5: Fix failing fw tracer allocation on s390 Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 49/79] net/mlx5e: Don't trigger IRQ multiple times on XSK wakeup to avoid WQ overruns Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 50/79] net/mlx5e: Get the latest values from counters in switchdev mode Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 51/79] cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 52/79] bpf: Forbid XADD on spilled pointers for unprivileged users Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 53/79] bpf: Fix handling of XADD on BTF memory Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 54/79] bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 55/79] iwlwifi: actually check allocated conf_tlv pointer Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 56/79] ASoC: wm8960: Fix wrong clock after suspend & resume Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 57/79] cifs: protect updating server->dstaddr with a spinlock Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 58/79] blk-iocost: Fix error on iocost_ioc_vrate_adj Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 59/79] s390/ftrace: fix potential crashes when switching tracers Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 60/79] scripts/config: allow colons in option strings for sed Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 61/79] sched/core: Fix reset-on-fork from RT with uclamp Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 62/79] perf/core: fix parent pid/tid in task exit events Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 63/79] cifs: do not share tcons with DFS Sasha Levin
2020-04-30 13:50 ` Sasha Levin [this message]
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 65/79] um: ensure `make ARCH=um mrproper` removes arch/$(SUBARCH)/include/generated/ Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 66/79] ftrace: Fix memory leak caused by not freeing entry in unregister_ftrace_direct() Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 67/79] net: phy: bcm84881: clear settings on link down Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 68/79] lib/mpi: Fix building for powerpc with clang Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 69/79] mac80211: sta_info: Add lockdep condition for RCU list usage Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 70/79] afs: Fix to actually set AFS_SERVER_FL_HAVE_EPOCH Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 71/79] afs: Make record checking use TASK_UNINTERRUPTIBLE when appropriate Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 72/79] net: bcmgenet: suppress warnings on failed Rx SKB allocations Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 73/79] net: systemport: " Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 74/79] bpf, x86_32: Fix incorrect encoding in BPF_LDX zero-extension Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 75/79] bpf, x86_32: Fix clobbering of dst for BPF_JSET Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 76/79] bpf, x86_32: Fix logic error in BPF_LDX zero-extension Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 77/79] bpf: Propagate expected_attach_type when verifying freplace programs Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 78/79] tools/runqslower: Ensure own vmlinux.h is picked up first Sasha Levin
2020-04-30 13:50 ` [PATCH AUTOSEL 5.6 79/79] selftests/bpf: Fix a couple of broken test_btf cases Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200430135043.19851-64-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
--cc=vamshi.k.sthambamkadi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox