Skip to content

Commit 9af4058

Browse files
valschneiderrostedt
authored andcommitted
tracing/filters: Fix error-handling of cpulist parsing buffer
parse_pred() allocates a string buffer to parse the user-provided cpulist, but doesn't check the allocation result nor does it free the buffer once it is no longer needed. Add an allocation check, and free the buffer as soon as it is no longer needed. Link: https://lkml.kernel.org/r/20230901151039.125186-2-vschneid@redhat.com Cc: Masami Hiramatsu <mhiramat@kernel.org> Reported-by: Steven Rostedt <rostedt@goodmis.org> Reported-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Valentin Schneider <vschneid@redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
1 parent 3d07fa1 commit 9af4058

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

kernel/trace/trace_events_filter.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1744,17 +1744,23 @@ static int parse_pred(const char *str, void *data,
17441744

17451745
/* Copy the cpulist between { and } */
17461746
tmp = kmalloc((i - maskstart) + 1, GFP_KERNEL);
1747-
strscpy(tmp, str + maskstart, (i - maskstart) + 1);
1747+
if (!tmp)
1748+
goto err_mem;
17481749

1750+
strscpy(tmp, str + maskstart, (i - maskstart) + 1);
17491751
pred->mask = kzalloc(cpumask_size(), GFP_KERNEL);
1750-
if (!pred->mask)
1752+
if (!pred->mask) {
1753+
kfree(tmp);
17511754
goto err_mem;
1755+
}
17521756

17531757
/* Now parse it */
17541758
if (cpulist_parse(tmp, pred->mask)) {
1759+
kfree(tmp);
17551760
parse_error(pe, FILT_ERR_INVALID_CPULIST, pos + i);
17561761
goto err_free;
17571762
}
1763+
kfree(tmp);
17581764

17591765
/* Move along */
17601766
i++;

0 commit comments

Comments
 (0)