diff options
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rw-r--r-- | debian/patches/bugfix/all/perf-core-Fix-a-memory-leak-in-perf_event_parse_addr.patch | 91 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 93 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 6de580cbab27..7d6e9e40af62 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1075,6 +1075,7 @@ linux (5.9.6-1) UNRELEASED; urgency=medium switching race" * [x86] pinctrl: Enable PINCTRL_TIGERLAKE (Closes: #973372) * [x86] sound/soc: Enable SND_SOC_SOF_TIGERLAKE_SUPPORT (Closes: #973879) + * perf/core: Fix a memory leak in perf_event_parse_addr_filter() [ Ben Hutchings ] * [rt] Rebase seqlock patches on top of 5.9.6 diff --git a/debian/patches/bugfix/all/perf-core-Fix-a-memory-leak-in-perf_event_parse_addr.patch b/debian/patches/bugfix/all/perf-core-Fix-a-memory-leak-in-perf_event_parse_addr.patch new file mode 100644 index 000000000000..89e079e0f012 --- /dev/null +++ b/debian/patches/bugfix/all/perf-core-Fix-a-memory-leak-in-perf_event_parse_addr.patch @@ -0,0 +1,91 @@ +From: =?UTF-8?q?kiyin=28=E5=B0=B9=E4=BA=AE=29?= <kiyin@tencent.com> +Date: Wed, 4 Nov 2020 08:23:22 +0300 +Subject: perf/core: Fix a memory leak in perf_event_parse_addr_filter() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Origin: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00 + +As shown through runtime testing, the "filename" allocation is not +always freed in perf_event_parse_addr_filter(). + +There are three possible ways that this could happen: + + - It could be allocated twice on subsequent iterations through the loop, + - or leaked on the success path, + - or on the failure path. + +Clean up the code flow to make it obvious that 'filename' is always +freed in the reallocation path and in the two return paths as well. + +We rely on the fact that kfree(NULL) is NOP and filename is initialized +with NULL. + +This fixes the leak. No other side effects expected. + +[ Dan Carpenter: cleaned up the code flow & added a changelog. ] +[ Ingo Molnar: updated the changelog some more. ] + +Fixes: 375637bc5249 ("perf/core: Introduce address range filtering") +Signed-off-by: "kiyin(尹亮)" <kiyin@tencent.com> +Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> +Signed-off-by: Ingo Molnar <mingo@kernel.org> +Cc: "Srivatsa S. Bhat" <srivatsa@csail.mit.edu> +Cc: Anthony Liguori <aliguori@amazon.com> +-- + kernel/events/core.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) +--- + kernel/events/core.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index da467e1dd49a..5a29ab09e72d 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -10085,6 +10085,7 @@ perf_event_parse_addr_filter(struct perf_event *event, char *fstr, + if (token == IF_SRC_FILE || token == IF_SRC_FILEADDR) { + int fpos = token == IF_SRC_FILE ? 2 : 1; + ++ kfree(filename); + filename = match_strdup(&args[fpos]); + if (!filename) { + ret = -ENOMEM; +@@ -10131,16 +10132,13 @@ perf_event_parse_addr_filter(struct perf_event *event, char *fstr, + */ + ret = -EOPNOTSUPP; + if (!event->ctx->task) +- goto fail_free_name; ++ goto fail; + + /* look up the path and grab its inode */ + ret = kern_path(filename, LOOKUP_FOLLOW, + &filter->path); + if (ret) +- goto fail_free_name; +- +- kfree(filename); +- filename = NULL; ++ goto fail; + + ret = -EINVAL; + if (!filter->path.dentry || +@@ -10160,13 +10158,13 @@ perf_event_parse_addr_filter(struct perf_event *event, char *fstr, + if (state != IF_STATE_ACTION) + goto fail; + ++ kfree(filename); + kfree(orig); + + return 0; + +-fail_free_name: +- kfree(filename); + fail: ++ kfree(filename); + free_filters_list(filters); + kfree(orig); + +-- +2.29.2 + diff --git a/debian/patches/series b/debian/patches/series index 6ce0889aeabf..3f8a2a35abfc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -106,6 +106,7 @@ features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signatu # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch debian/ntfs-mark-it-as-broken.patch +bugfix/all/perf-core-Fix-a-memory-leak-in-perf_event_parse_addr.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch |