expr_str() already has failure cases for invalid recursion depth and allocation failure, but it currently reports them as a bare NULL. Teach it to return ERR_PTR()-encoded errors and update parse_unary() and parse_expr() to propagate those errors.
This keeps the error conversion separate from the string-building change so the follow-up seq_buf patch can stay focused on the overflow fix itself. Signed-off-by: Pengpeng Hou <[email protected]> --- Changes since v3: https://lore.kernel.org/all/[email protected]/ - split the ERR_PTR() conversion into a separate patch as requested by Steven - use __free(kfree) and return_ptr() in expr_str() - propagate ERR_PTR() errors from parse_unary() and parse_expr() kernel/trace/trace_events_hist.c | 37 +++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 0dbbf6cca9bc..0b33bb8ef6f7 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1769,18 +1769,18 @@ static void expr_field_str(struct hist_field *field, char *expr) static char *expr_str(struct hist_field *field, unsigned int level) { - char *expr; + char *expr __free(kfree) = NULL; if (level > 1) - return NULL; + return ERR_PTR(-EINVAL); expr = kzalloc(MAX_FILTER_STR_VAL, GFP_KERNEL); if (!expr) - return NULL; + return ERR_PTR(-ENOMEM); if (!field->operands[0]) { expr_field_str(field, expr); - return expr; + return_ptr(expr); } if (field->operator == FIELD_OP_UNARY_MINUS) { @@ -1788,16 +1788,15 @@ static char *expr_str(struct hist_field *field, unsigned int level) strcat(expr, "-("); subexpr = expr_str(field->operands[0], ++level); - if (!subexpr) { - kfree(expr); - return NULL; - } + if (IS_ERR(subexpr)) + return subexpr; + strcat(expr, subexpr); strcat(expr, ")"); kfree(subexpr); - return expr; + return_ptr(expr); } expr_field_str(field->operands[0], expr); @@ -1816,13 +1815,12 @@ static char *expr_str(struct hist_field *field, unsigned int level) strcat(expr, "*"); break; default: - kfree(expr); - return NULL; + return ERR_PTR(-EINVAL); } expr_field_str(field->operands[1], expr); - return expr; + return_ptr(expr); } /* @@ -2636,6 +2634,11 @@ static struct hist_field *parse_unary(struct hist_trigger_data *hist_data, expr->is_signed = operand1->is_signed; expr->operator = FIELD_OP_UNARY_MINUS; expr->name = expr_str(expr, 0); + if (IS_ERR(expr->name)) { + ret = PTR_ERR(expr->name); + expr->name = NULL; + goto free; + } expr->type = kstrdup_const(operand1->type, GFP_KERNEL); if (!expr->type) { ret = -ENOMEM; @@ -2848,6 +2851,11 @@ static struct hist_field *parse_expr(struct hist_trigger_data *hist_data, destroy_hist_field(operand1, 0); expr->name = expr_str(expr, 0); + if (IS_ERR(expr->name)) { + ret = PTR_ERR(expr->name); + expr->name = NULL; + goto free_expr; + } } else { /* The operand sizes should be the same, so just pick one */ expr->size = operand1->size; @@ -2861,6 +2869,11 @@ static struct hist_field *parse_expr(struct hist_trigger_data *hist_data, } expr->name = expr_str(expr, 0); + if (IS_ERR(expr->name)) { + ret = PTR_ERR(expr->name); + expr->name = NULL; + goto free_expr; + } } return expr; -- 2.50.1 (Apple Git-155)
