tracing: Fix possible double free on failure of allocating trace buffer
authorSteven Rostedt (VMware) <rostedt@goodmis.org>
Wed, 27 Dec 2017 01:07:34 +0000 (20:07 -0500)
committerSteven Rostedt (VMware) <rostedt@goodmis.org>
Wed, 27 Dec 2017 19:21:27 +0000 (14:21 -0500)
Jing Xia and Chunyan Zhang reported that on failing to allocate part of the
tracing buffer, memory is freed, but the pointers that point to them are not
initialized back to NULL, and later paths may try to free the freed memory
again. Jing and Chunyan fixed one of the locations that does this, but
missed a spot.

Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com
Cc: stable@vger.kernel.org
Fixes: 737223fbca3b1 ("tracing: Consolidate buffer allocation code")
Reported-by: Jing Xia <jing.xia@spreadtrum.com>
Reported-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
kernel/trace/trace.c

index 0e53d46544b829b06eaff3c6325559741a80b1ce..2a8d8a294345a258baca50b8a6b272c1ac0fc658 100644 (file)
@@ -7580,6 +7580,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size
        buf->data = alloc_percpu(struct trace_array_cpu);
        if (!buf->data) {
                ring_buffer_free(buf->buffer);
+               buf->buffer = NULL;
                return -ENOMEM;
        }