From: Greg Kroah-Hartman Date: Mon, 9 Nov 2020 11:45:09 +0000 (+0100) Subject: 5.9-stable patches X-Git-Tag: v4.4.242~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=541f41d38648d2493a1e8d5e8170c6fc756fb704;p=thirdparty%2Fkernel%2Fstable-queue.git 5.9-stable patches added patches: perf-core-fix-a-memory-leak-in-perf_event_parse_addr_filter.patch --- diff --git a/queue-5.9/perf-core-fix-a-memory-leak-in-perf_event_parse_addr_filter.patch b/queue-5.9/perf-core-fix-a-memory-leak-in-perf_event_parse_addr_filter.patch new file mode 100644 index 00000000000..03f89ad11e9 --- /dev/null +++ b/queue-5.9/perf-core-fix-a-memory-leak-in-perf_event_parse_addr_filter.patch @@ -0,0 +1,88 @@ +From 7bdb157cdebbf95a1cd94ed2e01b338714075d00 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?kiyin=28=E5=B0=B9=E4=BA=AE=29?= +Date: Wed, 4 Nov 2020 08:23:22 +0300 +Subject: perf/core: Fix a memory leak in perf_event_parse_addr_filter() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: kiyin(尹亮) + +commit 7bdb157cdebbf95a1cd94ed2e01b338714075d00 upstream. + +As shown through runtime testing, the "filename" allocation is not +always freed in perf_event_parse_addr_filter(). + +There are three possible ways that this could happen: + + - It could be allocated twice on subsequent iterations through the loop, + - or leaked on the success path, + - or on the failure path. + +Clean up the code flow to make it obvious that 'filename' is always +freed in the reallocation path and in the two return paths as well. + +We rely on the fact that kfree(NULL) is NOP and filename is initialized +with NULL. + +This fixes the leak. No other side effects expected. + +[ Dan Carpenter: cleaned up the code flow & added a changelog. ] +[ Ingo Molnar: updated the changelog some more. ] + +Fixes: 375637bc5249 ("perf/core: Introduce address range filtering") +Signed-off-by: "kiyin(尹亮)" +Signed-off-by: Dan Carpenter +Signed-off-by: Ingo Molnar +Cc: "Srivatsa S. Bhat" +Cc: Anthony Liguori +-- + kernel/events/core.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) +Signed-off-by: Greg Kroah-Hartman + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -10058,6 +10058,7 @@ perf_event_parse_addr_filter(struct perf + if (token == IF_SRC_FILE || token == IF_SRC_FILEADDR) { + int fpos = token == IF_SRC_FILE ? 2 : 1; + ++ kfree(filename); + filename = match_strdup(&args[fpos]); + if (!filename) { + ret = -ENOMEM; +@@ -10104,16 +10105,13 @@ perf_event_parse_addr_filter(struct perf + */ + ret = -EOPNOTSUPP; + if (!event->ctx->task) +- goto fail_free_name; ++ goto fail; + + /* look up the path and grab its inode */ + ret = kern_path(filename, LOOKUP_FOLLOW, + &filter->path); + if (ret) +- goto fail_free_name; +- +- kfree(filename); +- filename = NULL; ++ goto fail; + + ret = -EINVAL; + if (!filter->path.dentry || +@@ -10133,13 +10131,13 @@ perf_event_parse_addr_filter(struct perf + if (state != IF_STATE_ACTION) + goto fail; + ++ kfree(filename); + kfree(orig); + + return 0; + +-fail_free_name: +- kfree(filename); + fail: ++ kfree(filename); + free_filters_list(filters); + kfree(orig); + diff --git a/queue-5.9/series b/queue-5.9/series index bb3ed10fe03..d70f0f511fb 100644 --- a/queue-5.9/series +++ b/queue-5.9/series @@ -130,3 +130,4 @@ pm-runtime-drop-pm_runtime_clean_up_links.patch pm-runtime-resume-the-device-earlier-in-__device_release_driver.patch drm-i915-fix-encoder-lookup-during-psr-atomic-check.patch drm-i915-gt-use-the-local-hwsp-offset-during-submission.patch +perf-core-fix-a-memory-leak-in-perf_event_parse_addr_filter.patch