AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
058cb6d86b
kernel_optimize_test/kernel
History
Keita Suzuki 058cb6d86b tracing: Fix potential double free in create_var_ref() 
commit 99696a2592bca641eb88cc9a80c90e591afebd0f upstream.

In create_var_ref(), init_var_ref() is called to initialize the fields
of variable ref_field, which is allocated in the previous function call
to create_hist_field(). Function init_var_ref() allocates the
corresponding fields such as ref_field->system, but frees these fields
when the function encounters an error. The caller later calls
destroy_hist_field() to conduct error handling, which frees the fields
and the variable itself. This results in double free of the fields which
are already freed in the previous function.

Fix this by storing NULL to the corresponding fields when they are freed
in init_var_ref().

Link: https://lkml.kernel.org/r/20220425063739.3859998-1-keitasuzuki.park@sslab.ics.keio.ac.jp

Fixes: 067fe038e7 ("tracing: Add variable reference handling to hist triggers")
CC: stable@vger.kernel.org
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: Tom Zanussi <zanussi@kernel.org>
Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-06-09 10:21:23 +02:00
..
bpf bpf: Fix excessive memory allocation in stack_map_alloc() 2022-06-09 10:21:00 +02:00
cgroup cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() 2022-05-18 10:23:47 +02:00
configs
debug lockdown: also lock down previous kgdb use 2022-05-30 09:33:22 +02:00
dma dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC 2022-06-09 10:20:54 +02:00
entry KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest 2021-10-06 15:55:49 +02:00
events perf: Fix sys_perf_event_open() race against self 2022-05-25 09:17:55 +02:00
gcov
irq random: remove unused irq_flags argument from add_interrupt_randomness() 2022-05-30 09:33:27 +02:00
kcsan
livepatch livepatch: Fix build failure on 32 bits processors 2022-04-08 14:40:15 +02:00
locking locking/lockdep: Iterate lock_classes directly when reading lockdep files 2022-04-08 14:40:32 +02:00
power PM: suspend: fix return value of __setup handler 2022-04-08 14:40:01 +02:00
printk printk: fix return value of printk.devkmsg __setup handler 2022-04-08 14:40:08 +02:00
rcu rcu: Make TASKS_RUDE_RCU select IRQ_WORK 2022-06-09 10:20:51 +02:00
sched sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq 2022-06-09 10:21:02 +02:00
time timekeeping: Add raw clock fallback for random_get_entropy() 2022-05-30 09:33:41 +02:00
trace tracing: Fix potential double free in create_var_ref() 2022-06-09 10:21:23 +02:00
.gitignore
acct.c
async.c Revert "module, async: async_synchronize_full() on module init iff async is used" 2022-02-23 12:01:00 +01:00
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit.c audit: improve audit queue handling when "audit=1" on cmdline 2022-02-08 18:30:34 +01:00
audit.h audit: log AUDIT_TIME_* records only from rules 2022-04-08 14:40:00 +02:00
auditfilter.c
auditsc.c audit: log AUDIT_TIME_* records only from rules 2022-04-08 14:40:00 +02:00
backtracetest.c
bounds.c
capability.c
compat.c
configs.c
context_tracking.c
cpu_pm.c PM: cpu: Make notifier chain use a raw_spinlock_t 2021-09-15 09:50:40 +02:00
cpu.c random: clear fast pool, crng, and batches in cpuhp bring up 2022-05-30 09:33:36 +02:00
crash_core.c
crash_dump.c
cred.c
delayacct.c
dma.c
exec_domain.c
exit.c
extable.c
fail_function.c
fork.c copy_process(): Move fd_install() out of sighand->siglock critical section 2022-02-23 12:01:08 +01:00
freezer.c
futex.c
gen_kheaders.sh
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kexec_core.c
kexec_elf.c
kexec_file.c
kexec_internal.h
kexec.c
kheaders.c
kmod.c
kprobes.c kprobes: Limit max data_size of the kretprobe instances 2021-12-08 09:03:20 +01:00
ksysfs.c
kthread.c
latencytop.c
Makefile
module_signature.c
module_signing.c
module-internal.h
module.c module: check for exit sections in layout_sections() instead of module_init_section() 2022-05-25 09:18:02 +02:00
notifier.c
nsproxy.c
padata.c
panic.c
params.c
pid_namespace.c memcg: enable accounting for pids in nested pid namespaces 2021-09-18 13:40:36 +02:00
pid.c
profile.c profiling: fix shift-out-of-bounds bugs 2021-09-26 14:08:58 +02:00
ptrace.c ptrace: Reimplement PTRACE_KILL by always sending SIGKILL 2022-06-09 10:20:49 +02:00
range.c
reboot.c
regset.c
relay.c
resource.c
rseq.c rseq: Remove broken uapi field layout on 32-bit little endian 2022-04-08 14:40:03 +02:00
scftorture.c scftorture: Fix distribution of short handler delays 2022-06-09 10:21:01 +02:00
scs.c
seccomp.c
signal.c signal: Remove the bogus sigkill_pending in ptrace_stop 2021-11-18 14:03:47 +01:00
smp.c smp: Fix offline cpu check in flush_smp_call_function_queue() 2022-04-20 09:23:29 +02:00
smpboot.c
smpboot.h
softirq.c
stackleak.c gcc-plugins/stackleak: Use noinstr in favor of notrace 2022-02-23 12:01:00 +01:00
stacktrace.c
static_call.c
stop_machine.c
sys_ni.c
sys.c prctl: allow to setup brk for et_dyn executables 2021-09-26 14:08:57 +02:00
sysctl-test.c
sysctl.c x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting 2022-03-11 12:11:49 +01:00
task_work.c
taskstats.c
test_kprobes.c
torture.c
tracepoint.c
tsacct.c taskstats: Cleanup the use of task->exit_code 2022-01-27 10:54:33 +01:00
ucount.c
uid16.c
uid16.h
umh.c
up.c
user_namespace.c
user-return-notifier.c
user.c
usermode_driver.c
utsname_sysctl.c
utsname.c
watch_queue.c watch_queue: Free the page array when watch_queue is dismantled 2022-04-08 14:40:41 +02:00
watchdog_hld.c
watchdog.c
workqueue_internal.h
workqueue.c workqueue: Fix unbind_workers() VS wq_worker_running() race 2022-01-16 09:14:22 +01:00