Patch "perf trace: Use zfree() to reduce chances of use after free" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Wed, 13 Sep 2023 21:27:08 -0400

This is a note to let you know that I've just added the patch titled

    perf trace: Use zfree() to reduce chances of use after free

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     perf-trace-use-zfree-to-reduce-chances-of-use-after-.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 9e81db32ca8c7424b3867cac878913a09f5541b9
Author: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Date:   Wed Apr 12 09:50:08 2023 -0300

    perf trace: Use zfree() to reduce chances of use after free
    
    [ Upstream commit 9997d5dd177c52017fa0541bf236a4232c8148e6 ]
    
    Do defensive programming by using zfree() to initialize freed pointers
    to NULL, so that eventual use after free result in a NULL pointer deref
    instead of more subtle behaviour.
    
    Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
    Stable-dep-of: 7962ef13651a ("perf trace: Really free the evsel->priv area")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c
index d9ea546850cd6..d912dc878a6e9 100644
--- a/tools/perf/builtin-trace.c
+++ b/tools/perf/builtin-trace.c
@@ -2287,7 +2287,7 @@ static void syscall__exit(struct syscall *sc)
 	if (!sc)
 		return;
 
-	free(sc->arg_fmt);
+	zfree(&sc->arg_fmt);
 }
 
 static int trace__sys_enter(struct trace *trace, struct evsel *evsel,
@@ -3129,7 +3129,7 @@ static void evlist__free_syscall_tp_fields(struct evlist *evlist)
 		if (!et || !evsel->tp_format || strcmp(evsel->tp_format->system, "syscalls"))
 			continue;
 
-		free(et->fmt);
+		zfree(&et->fmt);
 		free(et);
 	}
 }
@@ -4748,11 +4748,11 @@ static void trace__exit(struct trace *trace)
 	int i;
 
 	strlist__delete(trace->ev_qualifier);
-	free(trace->ev_qualifier_ids.entries);
+	zfree(&trace->ev_qualifier_ids.entries);
 	if (trace->syscalls.table) {
 		for (i = 0; i <= trace->sctbl->syscalls.max_id; i++)
 			syscall__exit(&trace->syscalls.table[i]);
-		free(trace->syscalls.table);
+		zfree(&trace->syscalls.table);
 	}
 	syscalltbl__delete(trace->sctbl);
 	zfree(&trace->perfconfig_events);






