Re: [PATCH] tracing: fix memory leaks in __create_synth_event()
On Thu, Mar 04, 2021 at 09:40:49AM -0500, Steven Rostedt wrote: > On Thu, 4 Mar 2021 15:15:24 +0530 > Vamshi K Sthambamkadi wrote: > > Not anything to do with you. I have a set of fixes that I have queued that > requires a ~13 hour test to run before I push off to Linus. When it was > almost done, I discovered another bug. Fixed it. Killed the almost completed > running test, and restarted it for another 13 hour run. I woke up this > morning happy to see that it passed, but then found your patch. > > Wash, rinse, repeat! :-p Sorry for wrong timing of sending this patch :) Thanks for looking into it, and applying it. Regards, Vamshi
Re: [PATCH] tracing: fix memory leaks in __create_synth_event()
On Thu, 4 Mar 2021 15:15:24 +0530 Vamshi K Sthambamkadi wrote: > To fix call argv_free() even when argc=0. I want to cry :'-( Not anything to do with you. I have a set of fixes that I have queued that requires a ~13 hour test to run before I push off to Linus. When it was almost done, I discovered another bug. Fixed it. Killed the almost completed running test, and restarted it for another 13 hour run. I woke up this morning happy to see that it passed, but then found your patch. Wash, rinse, repeat! :-p Thanks, looks good and I'll apply it. (and start up my 13 hour test again!) -- Steve
[PATCH] tracing: fix memory leaks in __create_synth_event()
kmemleak report: unreferenced object 0xc5a6f708 (size 8): comm "ftracetest", pid 1209, jiffies 4294911500 (age 6.816s) hex dump (first 8 bytes): 00 c1 3d 60 14 83 1f 8a ..=` backtrace: [] __kmalloc_track_caller+0x2a6/0x460 [<7d3d60a6>] kstrndup+0x37/0x70 [<45a0e739>] argv_split+0x1c/0x120 [] __create_synth_event+0x192/0xb00 [<0708b8a3>] create_synth_event+0xbb/0x150 [<3d1941e1>] create_dyn_event+0x5c/0xb0 [<5cf8b9e3>] trace_parse_run_command+0xa7/0x140 [<04deb2ef>] dyn_event_write+0x10/0x20 [<8779ac95>] vfs_write+0xa9/0x3c0 [] ksys_write+0x89/0xc0 [] __ia32_sys_write+0x15/0x20 [<7ce02d85>] __do_fast_syscall_32+0x45/0x80 [] do_fast_syscall_32+0x29/0x60 [<2467454a>] do_SYSENTER_32+0x15/0x20 [<9beaa61d>] entry_SYSENTER_32+0xa9/0xfc unreferenced object 0xc5a6f078 (size 8): comm "ftracetest", pid 1209, jiffies 4294911500 (age 6.816s) hex dump (first 8 bytes): 08 f7 a6 c5 00 00 00 00 backtrace: [] __kmalloc+0x2b6/0x470 [] argv_split+0x82/0x120 [] __create_synth_event+0x192/0xb00 [<0708b8a3>] create_synth_event+0xbb/0x150 [<3d1941e1>] create_dyn_event+0x5c/0xb0 [<5cf8b9e3>] trace_parse_run_command+0xa7/0x140 [<04deb2ef>] dyn_event_write+0x10/0x20 [<8779ac95>] vfs_write+0xa9/0x3c0 [] ksys_write+0x89/0xc0 [] __ia32_sys_write+0x15/0x20 [<7ce02d85>] __do_fast_syscall_32+0x45/0x80 [] do_fast_syscall_32+0x29/0x60 [<2467454a>] do_SYSENTER_32+0x15/0x20 [<9beaa61d>] entry_SYSENTER_32+0xa9/0xfc In __create_synth_event(),while iterating field/type arguments, the argv_split() will return array of atleast 2 elements even when zero arguments(argc=0) are passed. for e.g. when there is double delimiter or string ends with delimiter To fix call argv_free() even when argc=0. Signed-off-by: Vamshi K Sthambamkadi --- kernel/trace/trace_events_synth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c index 2979a96595b4..8d71e6c83f10 100644 --- a/kernel/trace/trace_events_synth.c +++ b/kernel/trace/trace_events_synth.c @@ -1225,8 +1225,10 @@ static int __create_synth_event(const char *name, const char *raw_fields) goto err; } - if (!argc) + if (!argc) { + argv_free(argv); continue; + } n_fields_this_loop = 0; consumed = 0; -- 2.17.1