Re: [PATCH] tracing: Fix double free of event_trigger_data
From: Masami Hiramatsu
Date: Wed Jul 25 2018 - 18:51:37 EST
On Wed, 25 Jul 2018 15:53:21 -0400
Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> On Wed, 25 Jul 2018 15:29:04 -0400
> Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
>
> > Nope, this doesn't work. It's a little more complex than the other one.
> > I'll just leave it, and fix the reg code for 4.19.
>
> I take this back. Looks like it just needs to be handled slightly
> differently. Thoughts?
Ah, I see, the filter should be cleared :)
OK, this should work.
Reivewed-by: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Thanks,
>
> -- Steve
>
> diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c
> index d18ec0e58be2..5dea177cef53 100644
> --- a/kernel/trace/trace_events_trigger.c
> +++ b/kernel/trace/trace_events_trigger.c
> @@ -1420,6 +1420,9 @@ int event_enable_trigger_func(struct event_command *cmd_ops,
> goto out;
> }
>
> + /* Up the trigger_data count to make sure nothing frees it on failure */
> + event_trigger_init(trigger_ops, trigger_data);
> +
> if (trigger) {
> number = strsep(&trigger, ":");
>
> @@ -1470,6 +1473,7 @@ int event_enable_trigger_func(struct event_command *cmd_ops,
> goto out_disable;
> /* Just return zero, not the number of enabled functions */
> ret = 0;
> + event_trigger_free(trigger_ops, trigger_data);
> out:
> return ret;
>
> @@ -1480,7 +1484,7 @@ int event_enable_trigger_func(struct event_command *cmd_ops,
> out_free:
> if (cmd_ops->set_filter)
> cmd_ops->set_filter(NULL, trigger_data, NULL);
> - kfree(trigger_data);
> + event_trigger_free(trigger_ops, trigger_data);
> kfree(enable_data);
> goto out;
> }
--
Masami Hiramatsu <mhiramat@xxxxxxxxxx>