--- /dev/null
+From 7bdb157cdebbf95a1cd94ed2e01b338714075d00 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?kiyin=28=E5=B0=B9=E4=BA=AE=29?= <kiyin@tencent.com>
+Date: Wed, 4 Nov 2020 08:23:22 +0300
+Subject: perf/core: Fix a memory leak in perf_event_parse_addr_filter()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: kiyin(尹亮) <kiyin@tencent.com>
+
+commit 7bdb157cdebbf95a1cd94ed2e01b338714075d00 upstream.
+
+As shown through runtime testing, the "filename" allocation is not
+always freed in perf_event_parse_addr_filter().
+
+There are three possible ways that this could happen:
+
+ - It could be allocated twice on subsequent iterations through the loop,
+ - or leaked on the success path,
+ - or on the failure path.
+
+Clean up the code flow to make it obvious that 'filename' is always
+freed in the reallocation path and in the two return paths as well.
+
+We rely on the fact that kfree(NULL) is NOP and filename is initialized
+with NULL.
+
+This fixes the leak. No other side effects expected.
+
+[ Dan Carpenter: cleaned up the code flow & added a changelog. ]
+[ Ingo Molnar: updated the changelog some more. ]
+
+Fixes: 375637bc5249 ("perf/core: Introduce address range filtering")
+Signed-off-by: "kiyin(尹亮)" <kiyin@tencent.com>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: "Srivatsa S. Bhat" <srivatsa@csail.mit.edu>
+Cc: Anthony Liguori <aliguori@amazon.com>
+--
+ kernel/events/core.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -9415,6 +9415,7 @@ perf_event_parse_addr_filter(struct perf
+ if (token == IF_SRC_FILE || token == IF_SRC_FILEADDR) {
+ int fpos = token == IF_SRC_FILE ? 2 : 1;
+
++ kfree(filename);
+ filename = match_strdup(&args[fpos]);
+ if (!filename) {
+ ret = -ENOMEM;
+@@ -9461,16 +9462,13 @@ perf_event_parse_addr_filter(struct perf
+ */
+ ret = -EOPNOTSUPP;
+ if (!event->ctx->task)
+- goto fail_free_name;
++ goto fail;
+
+ /* look up the path and grab its inode */
+ ret = kern_path(filename, LOOKUP_FOLLOW,
+ &filter->path);
+ if (ret)
+- goto fail_free_name;
+-
+- kfree(filename);
+- filename = NULL;
++ goto fail;
+
+ ret = -EINVAL;
+ if (!filter->path.dentry ||
+@@ -9490,13 +9488,13 @@ perf_event_parse_addr_filter(struct perf
+ if (state != IF_STATE_ACTION)
+ goto fail;
+
++ kfree(filename);
+ kfree(orig);
+
+ return 0;
+
+-fail_free_name:
+- kfree(filename);
+ fail:
++ kfree(filename);
+ free_filters_list(filters);
+ kfree(orig);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
