tracing/filters: Fix double-free of struct filter_pred.mask

valschneider · rostedt · commit 1caf7adb9e00 · 2023-09-01T21:27:22.000-04:00
When a cpulist filter is found to contain a single CPU, that CPU is saved as a scalar and the backing cpumask storage is freed. Also NULL the mask to avoid a double-free once we get down to free_predicate(). Link: https://lkml.kernel.org/r/20230901151039.125186-3-vschneid@redhat.com Cc: Masami Hiramatsu <mhiramat@kernel.org> Reported-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Valentin Schneider <vschneid@redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
@@ -1773,6 +1773,7 @@ static int parse_pred(const char *str, void *data,
 		if (single) {
 			pred->val = cpumask_first(pred->mask);
 			kfree(pred->mask);
+			pred->mask = NULL;
 		}
 
 		if (field->filter_type == FILTER_CPUMASK) {

Original file line number	Diff line number	Diff line change
`@@ -1773,6 +1773,7 @@ static int parse_pred(const char str, void data,`
`1773`	`1773`	`if (single) {`
`1774`	`1774`	`pred->val = cpumask_first(pred->mask);`
`1775`	`1775`	`kfree(pred->mask);`
	`1776`	`+ pred->mask = NULL;`
`1776`	`1777`	`}`
`1777`	`1778`
`1778`	`1779`	`if (field->filter_type == FILTER_CPUMASK) {`