[PATCH v2] profiling: don't free prof_cpu_mask on init failure

Next message: Google: "Re: [PATCH v6 1/8] tracing/probes: Support dumping fetcharg program for debugging dynamic events"
Previous message: Deepanshu Kartikey: "[PATCH] nbd: don't warn when reclassifying a busy socket lock"
In reply to: Tristan Madani: " Re: [PATCH] profiling: prevent stale prof_cpu_mask access on init failure"
Next in thread: Tetsuo Handa: "Re: [PATCH v2] profiling: don't free prof_cpu_mask on init failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tristan Madani

Date: Sun Jun 21 2026 - 20:00:39 EST

From: Tristan Madani <tristan@xxxxxxxxxxxxxxxxxxx>

When profiling is enabled at runtime via /sys/kernel/profiling,
profile_setup() sets prof_on and profile_init() allocates prof_cpu_mask
then attempts to allocate prof_buffer. If all prof_buffer allocations
fail, the error path frees prof_cpu_mask but leaves prof_on set.

Since profile_tick() runs from timer interrupt context and checks
cpumask_available(prof_cpu_mask), it can access the freed cpumask
between the free and the next reboot.

Remove the free_cpumask_var() call from the error path. The cpumask
allocation already succeeded and is small; keeping it on this rare
failure path is harmless.

Fixes: 22b8ce94708f ("profiling: dynamically enable readprofile at runtime")
Cc: stable@xxxxxxxxxxxxxxx
Suggested-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Tristan Madani <tristan@xxxxxxxxxxxxxxxxxxx>
---
Changes in v2:
- Remove the free_cpumask_var() call instead of adding a prof_on
guard in profile_tick(), which still raced with the free (Tetsuo Handa)
kernel/profile.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/kernel/profile.c b/kernel/profile.c
index 984f819b701c9..93180f9d21467 100644
--- a/kernel/profile.c
+++ b/kernel/profile.c
@@ -123,7 +123,6 @@ int __ref profile_init(void)
if (prof_buffer)
return 0;

- free_cpumask_var(prof_cpu_mask);
return -ENOMEM;
}

--
2.47.3