tracing: Fix memory leaks in create_field_var()

[ Upstream commit 80f0d631dcc76ee1b7755bfca1d8417d91d71414 ]

The function create_field_var() allocates memory for 'val' through
create_hist_field() inside parse_atom(), and for 'var' through
create_var(), which in turn allocates var->type and var->var.name
internally. Simply calling kfree() to release these structures will
result in memory leaks.

Use destroy_hist_field() to properly free 'val', and explicitly release
the memory of var->type and var->var.name before freeing 'var' itself.

Link: https://patch.msgid.link/20251106120132.3639920-1-zilin@seu.edu.cn
Fixes: 02205a6752f22 ("tracing: Add support for 'field variables'")
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 3379e14d38e9b45809975d44ea7c4e606746cacb..84954b8918156102e911bf21d74989dec372a1ac 100644 (file)
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -3251,14 +3251,16 @@ static struct field_var *create_field_var(struct hist_trigger_data *hist_data,
        var = create_var(hist_data, file, field_name, val->size, val->type);
        if (IS_ERR(var)) {
                hist_err(tr, HIST_ERR_VAR_CREATE_FIND_FAIL, errpos(field_name));
-               kfree(val);
+               destroy_hist_field(val, 0);
                ret = PTR_ERR(var);
                goto err;
        }
 
        field_var = kzalloc(sizeof(struct field_var), GFP_KERNEL);
        if (!field_var) {
-               kfree(val);
+               destroy_hist_field(val, 0);
+               kfree_const(var->type);
+               kfree(var->var.name);
                kfree(var);
                ret =  -ENOMEM;
                goto err;