On Tue, 19 Feb 2019 20:45:02 +0900 Masami Hiramatsu <[email protected]> wrote:
> On Mon, 18 Feb 2019 23:07:23 +0100 > Jann Horn <[email protected]> wrote: > > > The first version of this method was missing the check for > > `ret == PATH_MAX`; then such a check was added, but it didn't call kfree() > > on error, so there was still a small memory leak in the error case. > > Fix it by using strndup_user() instead of open-coding it. > > > > This looks good to me. > > Reviewed-by: Masami Hiramatsu <[email protected]> BTW, I think it should note that if the string is longer than PATH_MAX. caller will receive -EINVAL instead of -E2BIG with this fix. Thank you, > > Thank you! > > > Fixes: 0eadcc7a7bc0 ("perf/core: Fix perf_uprobe_init()") > > Signed-off-by: Jann Horn <[email protected]> > > --- > > compile-tested only > > > > kernel/trace/trace_event_perf.c | 14 +++++--------- > > 1 file changed, 5 insertions(+), 9 deletions(-) > > > > diff --git a/kernel/trace/trace_event_perf.c > > b/kernel/trace/trace_event_perf.c > > index 76217bbef815..c744b02081c3 100644 > > --- a/kernel/trace/trace_event_perf.c > > +++ b/kernel/trace/trace_event_perf.c > > @@ -299,15 +299,11 @@ int perf_uprobe_init(struct perf_event *p_event, > > > > if (!p_event->attr.uprobe_path) > > return -EINVAL; > > - path = kzalloc(PATH_MAX, GFP_KERNEL); > > - if (!path) > > - return -ENOMEM; > > - ret = strncpy_from_user( > > - path, u64_to_user_ptr(p_event->attr.uprobe_path), PATH_MAX); > > - if (ret == PATH_MAX) > > - return -E2BIG; > > - if (ret < 0) > > - goto out; > > + > > + path = strndup_user(u64_to_user_ptr(p_event->attr.uprobe_path), > > + PATH_MAX); > > + if (IS_ERR(path)) > > + return PTR_ERR(path); > > if (path[0] == '\0') { > > ret = -EINVAL; > > goto out; > > -- > > 2.21.0.rc0.258.g878e2cd30e-goog > > > > > -- > Masami Hiramatsu <[email protected]> -- Masami Hiramatsu <[email protected]>
