Skip to content
This repository has been archived by the owner on Dec 14, 2022. It is now read-only.

Commit

Permalink
tracing: Fix possible double free on failure of allocating trace buffer
Browse files Browse the repository at this point in the history 
commit 4397f04 upstream.

Jing Xia and Chunyan Zhang reported that on failing to allocate part of the
tracing buffer, memory is freed, but the pointers that point to them are not
initialized back to NULL, and later paths may try to free the freed memory
again. Jing and Chunyan fixed one of the locations that does this, but
missed a spot.

Link: http://lkml.kernel.org/r/[email protected]

Fixes: 737223f ("tracing: Consolidate buffer allocation code")
Reported-by: Jing Xia <[email protected]>
Reported-by: Chunyan Zhang <[email protected]>
Signed-off-by: Steven Rostedt (VMware) <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
  • Loading branch information
@rostedt @gregkh
rostedt authored and gregkh committed Jan 2, 2018
1 parent 6edea15 commit 5dc4cd2
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions kernel/trace/trace.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6955,6 +6955,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size
buf->data = alloc_percpu(struct trace_array_cpu);
if (!buf->data) {
ring_buffer_free(buf->buffer);
buf->buffer = NULL;
return -ENOMEM;
}

Expand Down

0 comments on commit 5dc4cd2

Please sign in to comment.