Leon Yu <chianglungyu@xxxxxxxxx> writes: > If something went wrong in anon_inode_getfile, event_file will be set to > non-zero error number and able to bypass the NULL test afterward. > > Consolidate the error path by testing event_file with handly > IS_ERR_OR_NULL() helper since we do want to free event in both cases. > > Signed-off-by: Leon Yu <chianglungyu@xxxxxxxxx> > Fixes: 130056275ade ("perf: Do not double free") > Cc: <stable@xxxxxxxxxxxxxxx> # v4.5 > --- > kernel/events/core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/events/core.c b/kernel/events/core.c > index 6146148..5f2e19f 100644 > --- a/kernel/events/core.c > +++ b/kernel/events/core.c > @@ -8617,7 +8617,7 @@ err_alloc: > * If event_file is set, the fput() above will have called ->release() > * and that will take care of freeing the event. > */ > - if (!event_file) > + if (IS_ERR_OR_NULL(event_file)) > free_event(event); By this time, we have already checked for IS_ERR(event_file) once, why not just fix it up there like so: --- From: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx> Date: Mon, 21 Mar 2016 09:55:09 +0200 Subject: perf: Don't leak event in the syscall error path In the error path, event_file not being NULL is used to determine whether the event itself still needs to be free'd, so fix it up to avoid leaking. Reported-by: Leon Yu <chianglungyu@xxxxxxxxx> Fixes: 130056275ade ("perf: Do not double free") Signed-off-by: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx> --- kernel/events/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/events/core.c b/kernel/events/core.c index ab83640a50..cc34d55f1e 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -9414,6 +9414,7 @@ SYSCALL_DEFINE5(perf_event_open, f_flags); if (IS_ERR(event_file)) { err = PTR_ERR(event_file); + event_file = NULL; goto err_context; } -- 2.7.0 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html