[PATCH 5.4 25/50] tracing: Fix memory leaks in trace_events_hist.c

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>,
	"Steven Rostedt (VMware)" <rostedt@goodmis.org>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 25/50] tracing: Fix memory leaks in trace_events_hist.c
Date: Fri,  8 May 2020 14:35:31 +0200	[thread overview]
Message-ID: <20200508123046.898308901@linuxfoundation.org> (raw)
In-Reply-To: <20200508123043.085296641@linuxfoundation.org>

From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>

[ Upstream commit 9da73974eb9c965dd9989befb593b8c8da9e4bdc ]

kmemleak report 1:
    [<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
    [<05a2c9ed>] create_field_var+0xcf/0x180
    [<528a2d68>] action_create+0xe2/0xc80
    [<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
    [<28ea5d3d>] trigger_process_regex+0x7b/0xc0
    [<3138e86f>] event_trigger_write+0x4d/0xb0
    [<ffd66c19>] __vfs_write+0x30/0x200
    [<4f424a0d>] vfs_write+0x96/0x1b0
    [<da59a290>] ksys_write+0x53/0xc0
    [<3717101a>] __ia32_sys_write+0x15/0x20
    [<c5f23497>] do_fast_syscall_32+0x70/0x250
    [<46e2629c>] entry_SYSENTER_32+0xaf/0x102

This is because save_vars[] of struct hist_trigger_data are
not destroyed

kmemleak report 2:
    [<9092c50b>] kmem_cache_alloc_trace+0x138/0x270
    [<6e5e97c5>] create_var+0x3c/0x110
    [<de82f1b9>] create_field_var+0xaf/0x180
    [<528a2d68>] action_create+0xe2/0xc80
    [<63f50b61>] event_hist_trigger_func+0x15b5/0x1920
    [<28ea5d3d>] trigger_process_regex+0x7b/0xc0
    [<3138e86f>] event_trigger_write+0x4d/0xb0
    [<ffd66c19>] __vfs_write+0x30/0x200
    [<4f424a0d>] vfs_write+0x96/0x1b0
    [<da59a290>] ksys_write+0x53/0xc0
    [<3717101a>] __ia32_sys_write+0x15/0x20
    [<c5f23497>] do_fast_syscall_32+0x70/0x250
    [<46e2629c>] entry_SYSENTER_32+0xaf/0x102

struct hist_field allocated through create_var() do not initialize
"ref" field to 1. The code in __destroy_hist_field() does not destroy
object if "ref" is initialized to zero, the condition
if (--hist_field->ref > 1) always passes since unsigned int wraps.

kmemleak report 3:
    [<f8666fcc>] __kmalloc_track_caller+0x139/0x2b0
    [<bb7f80a5>] kstrdup+0x27/0x50
    [<39d70006>] init_var_ref+0x58/0xd0
    [<8ca76370>] create_var_ref+0x89/0xe0
    [<f045fc39>] action_create+0x38f/0xc80
    [<7c146821>] event_hist_trigger_func+0x15b5/0x1920
    [<07de3f61>] trigger_process_regex+0x7b/0xc0
    [<e87daf8f>] event_trigger_write+0x4d/0xb0
    [<19bf1512>] __vfs_write+0x30/0x200
    [<64ce4d27>] vfs_write+0x96/0x1b0
    [<a6f34170>] ksys_write+0x53/0xc0
    [<7d4230cd>] __ia32_sys_write+0x15/0x20
    [<8eadca00>] do_fast_syscall_32+0x70/0x250
    [<235cf985>] entry_SYSENTER_32+0xaf/0x102

hist_fields (system & event_name) are not freed

Link: http://lkml.kernel.org/r/20200422061503.GA5151@cosmos

Signed-off-by: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/trace/trace_events_hist.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 6495800fb92a1..8107574e8af9d 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -2466,6 +2466,9 @@ static void __destroy_hist_field(struct hist_field *hist_field)
 	kfree(hist_field->name);
 	kfree(hist_field->type);
 
+	kfree(hist_field->system);
+	kfree(hist_field->event_name);
+
 	kfree(hist_field);
 }
 
@@ -3528,6 +3531,7 @@ static struct hist_field *create_var(struct hist_trigger_data *hist_data,
 		goto out;
 	}
 
+	var->ref = 1;
 	var->flags = HIST_FIELD_FL_VAR;
 	var->var.idx = idx;
 	var->var.hist_data = var->hist_data = hist_data;
@@ -4157,6 +4161,9 @@ static void destroy_field_vars(struct hist_trigger_data *hist_data)
 
 	for (i = 0; i < hist_data->n_field_vars; i++)
 		destroy_field_var(hist_data->field_vars[i]);
+
+	for (i = 0; i < hist_data->n_save_vars; i++)
+		destroy_field_var(hist_data->save_vars[i]);
 }
 
 static void save_field_var(struct hist_trigger_data *hist_data,
-- 
2.20.1

next prev parent reply	other threads:[~2020-05-08 12:58 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-08 12:35 [PATCH 5.4 00/50] 5.4.40-rc1 review Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 01/50] vhost: vsock: kick send_pkt worker once device is started Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 02/50] drm/bridge: analogix_dp: Split bind() into probe() and real bind() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 03/50] ASoC: topology: Check return value of soc_tplg_create_tlv Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 04/50] ASoC: topology: Check return value of soc_tplg_*_create Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 05/50] ASoC: topology: Check soc_tplg_add_route return value Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 06/50] ASoC: topology: Check return value of pcm_new_ver Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 07/50] ASoC: topology: Check return value of soc_tplg_dai_config Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 08/50] selftests/ipc: Fix test failure seen after initial test run Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 09/50] ASoC: sgtl5000: Fix VAG power-on handling Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 10/50] ASoC: topology: Fix endianness issue Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 11/50] usb: dwc3: gadget: Properly set maxpacket limit Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 12/50] ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 13/50] ASoC: rsnd: Fix HDMI channel mapping for " Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 14/50] ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 15/50] remoteproc: qcom_q6v5_mss: fix a bug in q6v5_probe() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 16/50] drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 17/50] wimax/i2400m: Fix potential urb refcnt leak Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 18/50] net: stmmac: fix enabling socfpgas ptp_ref_clock Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 19/50] net: stmmac: Fix sub-second increment Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 20/50] ASoC: rsnd: Dont treat master SSI in multi SSI setup as parent Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 21/50] ASoC: rsnd: Fix "status check failed" spam for multi-SSI Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 22/50] cifs: protect updating server->dstaddr with a spinlock Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 23/50] scripts/config: allow colons in option strings for sed Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 24/50] cifs: do not share tcons with DFS Greg Kroah-Hartman
2020-05-08 12:35 ` Greg Kroah-Hartman [this message]
2020-05-08 12:35 ` [PATCH 5.4 26/50] lib/mpi: Fix building for powerpc with clang Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 27/50] mac80211: sta_info: Add lockdep condition for RCU list usage Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 28/50] net: bcmgenet: suppress warnings on failed Rx SKB allocations Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 29/50] net: systemport: " Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 30/50] drm/i915: Extend WaDisableDARBFClkGating to icl,ehl,tgl Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 31/50] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 32/50] drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 33/50] Revert "software node: Simplify software_node_release() function" Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 34/50] lib: devres: add a helper function for ioremap_uc Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 35/50] mfd: intel-lpss: Use devm_ioremap_uc for MMIO Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 36/50] hexagon: clean up ioremap Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 37/50] hexagon: define ioremap_uc Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 38/50] ALSA: hda: Match both PCI ID and SSID for driver blacklist Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 39/50] x86/kvm: fix a missing-prototypes "vmread_error" Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 40/50] dma-direct: exclude dma_direct_map_resource from the min_low_pfn check Greg Kroah-Hartman
2020-05-08 13:20   ` Naresh Kamboju
2020-05-08 13:27     ` Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 41/50] platform/x86: GPD pocket fan: Fix error message when temp-limits are out of range Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 42/50] ACPI: PM: s2idle: Fix comment in acpi_s2idle_prepare_late() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 43/50] mac80211: add ieee80211_is_any_nullfunc() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 44/50] cgroup, netclassid: remove double cond_resched Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 45/50] libbpf: Fix readelf output parsing for Fedora Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 46/50] mm/mremap: Add comment explaining the untagging behaviour of mremap() Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 47/50] Revert "drm/amd/display: setting the DIG_MODE to the correct value." Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 48/50] tools headers UAPI: Sync copy of arm64s asm/unistd.h with the kernel sources Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 49/50] udp: document udp_rcv_segment special case for looped packets Greg Kroah-Hartman
2020-05-08 12:35 ` [PATCH 5.4 50/50] PM / devfreq: Add missing locking while setting suspend_freq Greg Kroah-Hartman
2020-05-08 13:22 ` [PATCH 5.4 00/50] 5.4.40-rc1 review Naresh Kamboju
2020-05-11 16:35 ` shuah
2020-05-11 17:21   ` Ben Hutchings
2020-05-11 17:49     ` shuah
2020-05-11 17:51     ` Guenter Roeck

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6495800fb92a dfblob:8107574e8af9 )
 OR (
bs:"[PATCH 5.4 25/50] tracing: Fix memory leaks in trace_events_hist.c" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200508123046.898308901@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=vamshi.k.sthambamkadi@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).