LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] tracing: Fix possible memory leak in __create_synth_event
@ 2021-11-26 10:47 Miaoqian Lin
  2021-12-08 20:44 ` Steven Rostedt
  0 siblings, 1 reply; 4+ messages in thread
From: Miaoqian Lin @ 2021-11-26 10:47 UTC (permalink / raw)
  Cc: linmq006, Steven Rostedt, Ingo Molnar, linux-kernel

Before goto err, call argv_free to handle argv in order to prevent
memory leak.

Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
---
 kernel/trace/trace_events_synth.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
index 22db3ce95e74..fe2e37564c9b 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -1261,6 +1261,7 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 			 */
 			if (cmd_version > 1 && n_fields_this_loop >= 1) {
 				synth_err(SYNTH_ERR_INVALID_CMD, errpos(field_str));
+				argv_free(argv);
 				ret = -EINVAL;
 				goto err;
 			}
@@ -1268,6 +1269,7 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 			fields[n_fields++] = field;
 			if (n_fields == SYNTH_FIELDS_MAX) {
 				synth_err(SYNTH_ERR_TOO_MANY_FIELDS, 0);
+				argv_free(argv);
 				ret = -EINVAL;
 				goto err;
 			}
@@ -1277,6 +1279,7 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 
 		if (consumed < argc) {
 			synth_err(SYNTH_ERR_INVALID_CMD, 0);
+			argv_free(argv);
 			ret = -EINVAL;
 			goto err;
 		}
-- 
2.17.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] tracing: Fix possible memory leak in __create_synth_event
  2021-11-26 10:47 [PATCH] tracing: Fix possible memory leak in __create_synth_event Miaoqian Lin
@ 2021-12-08 20:44 ` Steven Rostedt
  2021-12-09  2:43   ` [PATCH v2] " Miaoqian Lin
  0 siblings, 1 reply; 4+ messages in thread
From: Steven Rostedt @ 2021-12-08 20:44 UTC (permalink / raw)
  To: Miaoqian Lin; +Cc: Ingo Molnar, linux-kernel

On Fri, 26 Nov 2021 10:47:08 +0000
Miaoqian Lin <linmq006@gmail.com> wrote:

> Before goto err, call argv_free to handle argv in order to prevent
> memory leak.
> 
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> ---
>  kernel/trace/trace_events_synth.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
> index 22db3ce95e74..fe2e37564c9b 100644
> --- a/kernel/trace/trace_events_synth.c
> +++ b/kernel/trace/trace_events_synth.c
> @@ -1261,6 +1261,7 @@ static int __create_synth_event(const char *name, const char *raw_fields)
>  			 */
>  			if (cmd_version > 1 && n_fields_this_loop >= 1) {
>  				synth_err(SYNTH_ERR_INVALID_CMD, errpos(field_str));
> +				argv_free(argv);
>  				ret = -EINVAL;
>  				goto err;
>  			}
> @@ -1268,6 +1269,7 @@ static int __create_synth_event(const char *name, const char *raw_fields)
>  			fields[n_fields++] = field;
>  			if (n_fields == SYNTH_FIELDS_MAX) {
>  				synth_err(SYNTH_ERR_TOO_MANY_FIELDS, 0);
> +				argv_free(argv);
>  				ret = -EINVAL;
>  				goto err;
>  			}
> @@ -1277,6 +1279,7 @@ static int __create_synth_event(const char *name, const char *raw_fields)
>  
>  		if (consumed < argc) {
>  			synth_err(SYNTH_ERR_INVALID_CMD, 0);
> +			argv_free(argv);
>  			ret = -EINVAL;
>  			goto err;
>  		}

A cleaner way is to have:

diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
index 98e002648994..a88f1f9046a6 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -1237,9 +1237,8 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 						  argv + consumed, &consumed,
 						  &field_version);
 			if (IS_ERR(field)) {
-				argv_free(argv);
 				ret = PTR_ERR(field);
-				goto err;
+				goto err_free_arg;
 			}
 
 			/*
@@ -1262,26 +1261,25 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 			if (cmd_version > 1 && n_fields_this_loop >= 1) {
 				synth_err(SYNTH_ERR_INVALID_CMD, errpos(field_str));
 				ret = -EINVAL;
-				goto err;
+				goto err_free_arg;
 			}
 
 			fields[n_fields++] = field;
 			if (n_fields == SYNTH_FIELDS_MAX) {
 				synth_err(SYNTH_ERR_TOO_MANY_FIELDS, 0);
 				ret = -EINVAL;
-				goto err;
+				goto err_free_arg;
 			}
 
 			n_fields_this_loop++;
 		}
+		argv_free(argv);
 
 		if (consumed < argc) {
 			synth_err(SYNTH_ERR_INVALID_CMD, 0);
 			ret = -EINVAL;
 			goto err;
 		}
-
-		argv_free(argv);
 	}
 
 	if (n_fields == 0) {
@@ -1307,6 +1305,8 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 	kfree(saved_fields);
 
 	return ret;
+ err_free_arg:
+	argv_free(argv);
  err:
 	for (i = 0; i < n_fields; i++)
 		free_synth_field(fields[i]);


Feel free to send v2 and add:

Suggested-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

-- Steve

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2] tracing: Fix possible memory leak in __create_synth_event
  2021-12-08 20:44 ` Steven Rostedt
@ 2021-12-09  2:43   ` Miaoqian Lin
  2021-12-09 15:42     ` Steven Rostedt
  0 siblings, 1 reply; 4+ messages in thread
From: Miaoqian Lin @ 2021-12-09  2:43 UTC (permalink / raw)
  To: rostedt; +Cc: linmq006, linux-kernel, mingo

Before goto err, call argv_free to handle argv in order to prevent
memory leak.

Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
Suggested-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
---
Changes in v2:
use a cleaner way to handle cleanup operations
---
---
 kernel/trace/trace_events_synth.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
index 22db3ce95e74..c4a490ec7a38 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -1262,26 +1262,26 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 			if (cmd_version > 1 && n_fields_this_loop >= 1) {
 				synth_err(SYNTH_ERR_INVALID_CMD, errpos(field_str));
 				ret = -EINVAL;
-				goto err;
+				goto err_free_arg;
 			}
 
 			fields[n_fields++] = field;
 			if (n_fields == SYNTH_FIELDS_MAX) {
 				synth_err(SYNTH_ERR_TOO_MANY_FIELDS, 0);
 				ret = -EINVAL;
-				goto err;
+				goto err_free_arg;
 			}
 
 			n_fields_this_loop++;
 		}
 
+		argv_free(argv);
 		if (consumed < argc) {
 			synth_err(SYNTH_ERR_INVALID_CMD, 0);
 			ret = -EINVAL;
 			goto err;
 		}
 
-		argv_free(argv);
 	}
 
 	if (n_fields == 0) {
@@ -1307,6 +1307,8 @@ static int __create_synth_event(const char *name, const char *raw_fields)
 	kfree(saved_fields);
 
 	return ret;
+ err_free_arg:
+	argv_free(argv);
  err:
 	for (i = 0; i < n_fields; i++)
 		free_synth_field(fields[i]);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2] tracing: Fix possible memory leak in __create_synth_event
  2021-12-09  2:43   ` [PATCH v2] " Miaoqian Lin
@ 2021-12-09 15:42     ` Steven Rostedt
  0 siblings, 0 replies; 4+ messages in thread
From: Steven Rostedt @ 2021-12-09 15:42 UTC (permalink / raw)
  To: Miaoqian Lin; +Cc: linux-kernel, mingo

On Thu,  9 Dec 2021 02:43:17 +0000
Miaoqian Lin <linmq006@gmail.com> wrote:

> Before goto err, call argv_free to handle argv in order to prevent
> memory leak.

No. That's what you did previously. This patch does:

  There's error paths in __create_synth_event() after the argv is allocated
  that fail to free it. Add a jump to free it when necessary.

> 
> Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
> Suggested-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> ---
> Changes in v2:
> use a cleaner way to handle cleanup operations
> ---
> ---
>  kernel/trace/trace_events_synth.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
> index 22db3ce95e74..c4a490ec7a38 100644
> --- a/kernel/trace/trace_events_synth.c
> +++ b/kernel/trace/trace_events_synth.c
> @@ -1262,26 +1262,26 @@ static int __create_synth_event(const char *name, const char *raw_fields)

You failed to add:

                        if (IS_ERR(field)) {
-                               argv_free(argv);
                                ret = PTR_ERR(field);
-                               goto err;
+                               goto err_free_arg;
                        }


>  			if (cmd_version > 1 && n_fields_this_loop >= 1) {
>  				synth_err(SYNTH_ERR_INVALID_CMD, errpos(field_str));
>  				ret = -EINVAL;
> -				goto err;
> +				goto err_free_arg;
>  			}
>  
>  			fields[n_fields++] = field;
>  			if (n_fields == SYNTH_FIELDS_MAX) {
>  				synth_err(SYNTH_ERR_TOO_MANY_FIELDS, 0);
>  				ret = -EINVAL;
> -				goto err;
> +				goto err_free_arg;
>  			}
>  
>  			n_fields_this_loop++;
>  		}
>  

No space here.

> +		argv_free(argv);

And a space here.

If you had just applied the patch I gave you, you would not have had these
mistakes.

Anyway, I'll update your patch and start testing it. No need to send
another patch.

-- Steve

>  		if (consumed < argc) {
>  			synth_err(SYNTH_ERR_INVALID_CMD, 0);
>  			ret = -EINVAL;
>  			goto err;
>  		}
>  
> -		argv_free(argv);
>  	}
>  
>  	if (n_fields == 0) {
> @@ -1307,6 +1307,8 @@ static int __create_synth_event(const char *name, const char *raw_fields)
>  	kfree(saved_fields);
>  
>  	return ret;
> + err_free_arg:
> +	argv_free(argv);
>   err:
>  	for (i = 0; i < n_fields; i++)
>  		free_synth_field(fields[i]);


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-12-09 15:42 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-26 10:47 [PATCH] tracing: Fix possible memory leak in __create_synth_event Miaoqian Lin
2021-12-08 20:44 ` Steven Rostedt
2021-12-09  2:43   ` [PATCH v2] " Miaoqian Lin
2021-12-09 15:42     ` Steven Rostedt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).