--- /dev/null
+From 7bdb157cdebbf95a1cd94ed2e01b338714075d00 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?kiyin=28=E5=B0=B9=E4=BA=AE=29?= <kiyin@tencent.com>
+Date: Wed, 4 Nov 2020 08:23:22 +0300
+Subject: perf/core: Fix a memory leak in perf_event_parse_addr_filter()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: kiyin(尹亮) <kiyin@tencent.com>
+
+commit 7bdb157cdebbf95a1cd94ed2e01b338714075d00 upstream.
+
+As shown through runtime testing, the "filename" allocation is not
+always freed in perf_event_parse_addr_filter().
+
+There are three possible ways that this could happen:
+
+ - It could be allocated twice on subsequent iterations through the loop,
+ - or leaked on the success path,
+ - or on the failure path.
+
+Clean up the code flow to make it obvious that 'filename' is always
+freed in the reallocation path and in the two return paths as well.
+
+We rely on the fact that kfree(NULL) is NOP and filename is initialized
+with NULL.
+
+This fixes the leak. No other side effects expected.
+
+[ Dan Carpenter: cleaned up the code flow & added a changelog. ]
+[ Ingo Molnar: updated the changelog some more. ]
+
+Fixes: 375637bc5249 ("perf/core: Introduce address range filtering")
+Signed-off-by: "kiyin(尹亮)" <kiyin@tencent.com>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: "Srivatsa S. Bhat" <srivatsa@csail.mit.edu>
+Cc: Anthony Liguori <aliguori@amazon.com>
+--
+ kernel/events/core.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -9047,6 +9047,7 @@ perf_event_parse_addr_filter(struct perf
+ if (token == IF_SRC_FILE || token == IF_SRC_FILEADDR) {
+ int fpos = token == IF_SRC_FILE ? 2 : 1;
+
++ kfree(filename);
+ filename = match_strdup(&args[fpos]);
+ if (!filename) {
+ ret = -ENOMEM;
+@@ -9093,16 +9094,13 @@ perf_event_parse_addr_filter(struct perf
+ */
+ ret = -EOPNOTSUPP;
+ if (!event->ctx->task)
+- goto fail_free_name;
++ goto fail;
+
+ /* look up the path and grab its inode */
+ ret = kern_path(filename, LOOKUP_FOLLOW,
+ &filter->path);
+ if (ret)
+- goto fail_free_name;
+-
+- kfree(filename);
+- filename = NULL;
++ goto fail;
+
+ ret = -EINVAL;
+ if (!filter->path.dentry ||
+@@ -9122,13 +9120,13 @@ perf_event_parse_addr_filter(struct perf
+ if (state != IF_STATE_ACTION)
+ goto fail;
+
++ kfree(filename);
+ kfree(orig);
+
+ return 0;
+
+-fail_free_name:
+- kfree(filename);
+ fail:
++ kfree(filename);
+ free_filters_list(filters);
+ kfree(orig);
+
--- /dev/null
+From linux@roeck-us.net Mon Nov 9 12:43:51 2020
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Sat, 7 Nov 2020 16:31:24 -0800
+Subject: tools: perf: Fix build error in v4.19.y
+To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org, Arnaldo Carvalho de Melo <acme@redhat.com>, Guenter Roeck <linux@roeck-us.net>
+Message-ID: <20201108003124.100732-1-linux@roeck-us.net>
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+perf may fail to build in v4.19.y with the following error.
+
+util/evsel.c: In function ‘perf_evsel__exit’:
+util/util.h:25:28: error:
+ passing argument 1 of ‘free’ discards ‘const’ qualifier from pointer target type
+
+This is observed (at least) with gcc v6.5.0. The underlying problem is
+the following statement.
+ zfree(&evsel->pmu_name);
+evsel->pmu_name is decared 'const *'. zfree in turn is defined as
+ #define zfree(ptr) ({ free(*ptr); *ptr = NULL; })
+and thus passes the const * to free(). The problem is not seen
+in the upstream kernel since zfree() has been rewritten there.
+
+The problem has been introduced into v4.19.y with the backport of upstream
+commit d4953f7ef1a2 (perf parse-events: Fix 3 use after frees found with
+clang ASAN).
+
+One possible fix of this problem would be to not declare pmu_name
+as const. This patch chooses to typecast the parameter of zfree()
+to void *, following the guidance from the upstream kernel which
+does the same since commit 7f7c536f23e6a ("tools lib: Adopt
+zalloc()/zfree() from tools/perf")
+
+Fixes: a0100a363098 ("perf parse-events: Fix 3 use after frees found with clang ASAN")
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+This patch only applies to v4.19.y and has no upstream equivalent.
+
+ tools/perf/util/util.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/perf/util/util.h
++++ b/tools/perf/util/util.h
+@@ -22,7 +22,7 @@ static inline void *zalloc(size_t size)
+ return calloc(1, size);
+ }
+
+-#define zfree(ptr) ({ free(*ptr); *ptr = NULL; })
++#define zfree(ptr) ({ free((void *)*ptr); *ptr = NULL; })
+
+ struct dirent;
+ struct nsinfo;
projects / thirdparty / kernel / stable-queue.git / commitdiff
