| From 4397f04575c44e1440ec2e49b6302785c95fd2f8 Mon Sep 17 00:00:00 2001 |
| From: "Steven Rostedt (VMware)" <rostedt@goodmis.org> |
| Date: Tue, 26 Dec 2017 20:07:34 -0500 |
| Subject: tracing: Fix possible double free on failure of allocating trace buffer |
| |
| From: Steven Rostedt (VMware) <rostedt@goodmis.org> |
| |
| commit 4397f04575c44e1440ec2e49b6302785c95fd2f8 upstream. |
| |
| Jing Xia and Chunyan Zhang reported that on failing to allocate part of the |
| tracing buffer, memory is freed, but the pointers that point to them are not |
| initialized back to NULL, and later paths may try to free the freed memory |
| again. Jing and Chunyan fixed one of the locations that does this, but |
| missed a spot. |
| |
| Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com |
| |
| Fixes: 737223fbca3b1 ("tracing: Consolidate buffer allocation code") |
| Reported-by: Jing Xia <jing.xia@spreadtrum.com> |
| Reported-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com> |
| Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| kernel/trace/trace.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/kernel/trace/trace.c |
| +++ b/kernel/trace/trace.c |
| @@ -6955,6 +6955,7 @@ allocate_trace_buffer(struct trace_array |
| buf->data = alloc_percpu(struct trace_array_cpu); |
| if (!buf->data) { |
| ring_buffer_free(buf->buffer); |
| + buf->buffer = NULL; |
| return -ENOMEM; |
| } |
| |
