From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH AUTOSEL 5.4 47/57] tracing: Fix memory leaks in trace_events_hist.c
Date: Thu, 30 Apr 2020 09:52:08 -0400 [thread overview]
Message-ID: <20200430135218.20372-47-sashal@kernel.org> (raw)
In-Reply-To: <20200430135218.20372-1-sashal@kernel.org>
From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
[ Upstream commit 9da73974eb9c965dd9989befb593b8c8da9e4bdc ]
kmemleak report 1:
[<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
[<05a2c9ed>] create_field_var+0xcf/0x180
[<528a2d68>] action_create+0xe2/0xc80
[<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
[<28ea5d3d>] trigger_process_regex+0x7b/0xc0
[<3138e86f>] event_trigger_write+0x4d/0xb0
[<ffd66c19>] __vfs_write+0x30/0x200
[<4f424a0d>] vfs_write+0x96/0x1b0
[<da59a290>] ksys_write+0x53/0xc0
[<3717101a>] __ia32_sys_write+0x15/0x20
[<c5f23497>] do_fast_syscall_32+0x70/0x250
[<46e2629c>] entry_SYSENTER_32+0xaf/0x102
This is because save_vars[] of struct hist_trigger_data are
not destroyed
kmemleak report 2:
[<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
[<6e5e97c5>] create_var+0x3c/0x110
[<de82f1b9>] create_field_var+0xaf/0x180
[<528a2d68>] action_create+0xe2/0xc80
[<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
[<28ea5d3d>] trigger_process_regex+0x7b/0xc0
[<3138e86f>] event_trigger_write+0x4d/0xb0
[<ffd66c19>] __vfs_write+0x30/0x200
[<4f424a0d>] vfs_write+0x96/0x1b0
[<da59a290>] ksys_write+0x53/0xc0
[<3717101a>] __ia32_sys_write+0x15/0x20
[<c5f23497>] do_fast_syscall_32+0x70/0x250
[<46e2629c>] entry_SYSENTER_32+0xaf/0x102
struct hist_field allocated through create_var() do not initialize
"ref" field to 1. The code in __destroy_hist_field() does not destroy
object if "ref" is initialized to zero, the condition
if (--hist_field->ref > 1) always passes since unsigned int wraps.
kmemleak report 3:
[<f8666fcc>] __kmalloc_track_caller+0x139/0x2b0
[<bb7f80a5>] kstrdup+0x27/0x50
[<39d70006>] init_var_ref+0x58/0xd0
[<8ca76370>] create_var_ref+0x89/0xe0
[<f045fc39>] action_create+0x38f/0xc80
[<7c146821>] event_hist_trigger_func+0x15b5/0x1920
[<07de3f61>] trigger_process_regex+0x7b/0xc0
[<e87daf8f>] event_trigger_write+0x4d/0xb0
[<19bf1512>] __vfs_write+0x30/0x200
[<64ce4d27>] vfs_write+0x96/0x1b0
[<a6f34170>] ksys_write+0x53/0xc0
[<7d4230cd>] __ia32_sys_write+0x15/0x20
[<8eadca00>] do_fast_syscall_32+0x70/0x250
[<235cf985>] entry_SYSENTER_32+0xaf/0x102
hist_fields (system & event_name) are not freed
Link: http://lkml.kernel.org/r/20200422061503.GA5151@cosmos
Signed-off-by: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/trace_events_hist.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 6495800fb92a1..8107574e8af9d 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -2466,6 +2466,9 @@ static void __destroy_hist_field(struct hist_field *hist_field)
kfree(hist_field->name);
kfree(hist_field->type);
+ kfree(hist_field->system);
+ kfree(hist_field->event_name);
+
kfree(hist_field);
}
@@ -3528,6 +3531,7 @@ static struct hist_field *create_var(struct hist_trigger_data *hist_data,
goto out;
}
+ var->ref = 1;
var->flags = HIST_FIELD_FL_VAR;
var->var.idx = idx;
var->var.hist_data = var->hist_data = hist_data;
@@ -4157,6 +4161,9 @@ static void destroy_field_vars(struct hist_trigger_data *hist_data)
for (i = 0; i < hist_data->n_field_vars; i++)
destroy_field_var(hist_data->field_vars[i]);
+
+ for (i = 0; i < hist_data->n_save_vars; i++)
+ destroy_field_var(hist_data->save_vars[i]);
}
static void save_field_var(struct hist_trigger_data *hist_data,
--
2.20.1
next prev parent reply other threads:[~2020-04-30 13:53 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-30 13:51 [PATCH AUTOSEL 5.4 01/57] drm/bridge: analogix_dp: Split bind() into probe() and real bind() Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 02/57] iio:ad7797: Use correct attribute_group Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 03/57] ASoC: topology: Check return value of soc_tplg_create_tlv Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 04/57] ASoC: topology: Check return value of soc_tplg_*_create Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 05/57] ASoC: topology: Check soc_tplg_add_route return value Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 06/57] ASoC: topology: Check return value of pcm_new_ver Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 07/57] ASoC: topology: Check return value of soc_tplg_dai_config Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 08/57] nfsd: memory corruption in nfsd4_lock() Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 09/57] selftests/ipc: Fix test failure seen after initial test run Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 10/57] drivers: soc: xilinx: fix firmware driver Kconfig dependency Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 11/57] ASoC: sgtl5000: Fix VAG power-on handling Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 12/57] ASoC: q6dsp6: q6afe-dai: add missing channels to MI2S DAIs Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 13/57] ASoC: topology: Fix endianness issue Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 14/57] usb: dwc3: gadget: Properly set maxpacket limit Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 15/57] usb: dwc3: gadget: Do link recovery for SS and SSP Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 16/57] ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 17/57] ASoC: rsnd: Fix HDMI channel mapping for " Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 18/57] ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 19/57] ARM: dts: bcm283x: Disable dsi0 node Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 20/57] remoteproc: qcom_q6v5_mss: fix a bug in q6v5_probe() Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 21/57] usb: gadget: udc: atmel: Fix vbus disconnect handling Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 22/57] svcrdma: Fix trace point use-after-free race Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 23/57] ASoC: stm32: sai: fix sai probe Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 24/57] ASoC: SOF: Intel: add min/max channels for SSP on Baytrail/Broadwell Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 25/57] drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 26/57] wimax/i2400m: Fix potential urb refcnt leak Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 27/57] net: stmmac: fix enabling socfpga's ptp_ref_clock Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 28/57] net: stmmac: Fix sub-second increment Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 29/57] netfilter: nat: fix error handling upon registering inet hook Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 30/57] counter: 104-quad-8: Add lock guards - generic interface Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 31/57] ASoC: meson: axg-card: fix codec-to-codec link setup Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 32/57] ASoC: rsnd: Don't treat master SSI in multi SSI setup as parent Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 33/57] ASoC: rsnd: Fix "status check failed" spam for multi-SSI Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 34/57] net/mlx5: Fix failing fw tracer allocation on s390 Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 35/57] net/mlx5e: Don't trigger IRQ multiple times on XSK wakeup to avoid WQ overruns Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 36/57] net/mlx5e: Get the latest values from counters in switchdev mode Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 37/57] cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled Sasha Levin
2020-04-30 13:51 ` [PATCH AUTOSEL 5.4 38/57] bpf: Forbid XADD on spilled pointers for unprivileged users Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 39/57] ASoC: wm8960: Fix wrong clock after suspend & resume Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 40/57] cifs: protect updating server->dstaddr with a spinlock Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 41/57] blk-iocost: Fix error on iocost_ioc_vrate_adj Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 42/57] s390/ftrace: fix potential crashes when switching tracers Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 43/57] scripts/config: allow colons in option strings for sed Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 44/57] sched/core: Fix reset-on-fork from RT with uclamp Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 45/57] perf/core: fix parent pid/tid in task exit events Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 46/57] cifs: do not share tcons with DFS Sasha Levin
2020-04-30 13:52 ` Sasha Levin [this message]
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 48/57] um: ensure `make ARCH=um mrproper` removes arch/$(SUBARCH)/include/generated/ Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 49/57] lib/mpi: Fix building for powerpc with clang Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 50/57] mac80211: sta_info: Add lockdep condition for RCU list usage Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 51/57] afs: Fix to actually set AFS_SERVER_FL_HAVE_EPOCH Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 52/57] afs: Make record checking use TASK_UNINTERRUPTIBLE when appropriate Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 53/57] net: bcmgenet: suppress warnings on failed Rx SKB allocations Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 54/57] net: systemport: " Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 55/57] bpf, x86_32: Fix incorrect encoding in BPF_LDX zero-extension Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 56/57] bpf, x86_32: Fix clobbering of dst for BPF_JSET Sasha Levin
2020-04-30 13:52 ` [PATCH AUTOSEL 5.4 57/57] bpf, x86_32: Fix logic error in BPF_LDX zero-extension Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200430135218.20372-47-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=stable@vger.kernel.org \
--cc=vamshi.k.sthambamkadi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox