lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 19 Apr 2019 22:37:18 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Wenwen Wang <wang6495@....edu>
Cc:     Ingo Molnar <mingo@...hat.com>,
        linux-kernel@...r.kernel.org (open list)
Subject: Re: [PATCH] tracing: Fix a memory leak bug

On Fri, 19 Apr 2019 21:22:59 -0500
Wenwen Wang <wang6495@....edu> wrote:

> In trace_pid_write(), the buffer for trace parser is allocated through
> kmalloc() in trace_parser_get_init(). Later on, after the buffer is used,
> it is then freed through kfree() in trace_parser_put(). However, it is
> possible that trace_pid_write() is terminated due to unexpected errors,
> e.g., ENOMEM. In that case, the allocated buffer will not be freed, which
> is a memory leak bug.
> 
> To fix this issue, free the allocated buffer when an error is encountered.

Thanks for the patch. Did you find this through manual inspection,
running KASAN or via one of the static analyzers?

-- Steve

> 
> Signed-off-by: Wenwen Wang <wang6495@....edu>
> ---
>  kernel/trace/trace.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
> index 6c24755..fd12c9c 100644
> --- a/kernel/trace/trace.c
> +++ b/kernel/trace/trace.c
> @@ -496,8 +496,10 @@ int trace_pid_write(struct trace_pid_list
> *filtered_pids,
>  	 * not modified.
>  	 */
>  	pid_list = kmalloc(sizeof(*pid_list), GFP_KERNEL);
> -	if (!pid_list)
> +	if (!pid_list) {
> +		trace_parser_put(&parser);
>  		return -ENOMEM;
> +	}
>  
>  	pid_list->pid_max = READ_ONCE(pid_max);
>  
> @@ -507,6 +509,7 @@ int trace_pid_write(struct trace_pid_list
> *filtered_pids, 
>  	pid_list->pids = vzalloc((pid_list->pid_max + 7) >> 3);
>  	if (!pid_list->pids) {
> +		trace_parser_put(&parser);
>  		kfree(pid_list);
>  		return -ENOMEM;
>  	}

Powered by blists - more mailing lists