Re: [PATCH] perf: fix event leak when perf_event_open() failed to create event_file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Leon Yu <chianglungyu@xxxxxxxxx> writes:

> If something went wrong in anon_inode_getfile, event_file will be set to
> non-zero error number and able to bypass the NULL test afterward.
>
> Consolidate the error path by testing event_file with handly
> IS_ERR_OR_NULL() helper since we do want to free event in both cases.
>
> Signed-off-by: Leon Yu <chianglungyu@xxxxxxxxx>
> Fixes: 130056275ade ("perf: Do not double free")
> Cc: <stable@xxxxxxxxxxxxxxx> # v4.5
> ---
>  kernel/events/core.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/events/core.c b/kernel/events/core.c
> index 6146148..5f2e19f 100644
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -8617,7 +8617,7 @@ err_alloc:
>  	 * If event_file is set, the fput() above will have called ->release()
>  	 * and that will take care of freeing the event.
>  	 */
> -	if (!event_file)
> +	if (IS_ERR_OR_NULL(event_file))
>  		free_event(event);

By this time, we have already checked for IS_ERR(event_file) once, why
not just fix it up there like so:

---
From: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>
Date: Mon, 21 Mar 2016 09:55:09 +0200
Subject: perf: Don't leak event in the syscall error path

In the error path, event_file not being NULL is used to determine
whether the event itself still needs to be free'd, so fix it up to avoid
leaking.

Reported-by: Leon Yu <chianglungyu@xxxxxxxxx>
Fixes: 130056275ade ("perf: Do not double free")
Signed-off-by: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>
---
 kernel/events/core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index ab83640a50..cc34d55f1e 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -9414,6 +9414,7 @@ SYSCALL_DEFINE5(perf_event_open,
 					f_flags);
 	if (IS_ERR(event_file)) {
 		err = PTR_ERR(event_file);
+		event_file = NULL;
 		goto err_context;
 	}
 
-- 
2.7.0

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]