Commit aab6e9f0 authored by Steven Rostedt (VMware)'s avatar Steven Rostedt (VMware) Committed by Kleber Sacilotto de Souza

tracing: Fix possible double free on failure of allocating trace buffer

BugLink: http://bugs.launchpad.net/bugs/1745069

commit 4397f045 upstream.

Jing Xia and Chunyan Zhang reported that on failing to allocate part of the
tracing buffer, memory is freed, but the pointers that point to them are not
initialized back to NULL, and later paths may try to free the freed memory
again. Jing and Chunyan fixed one of the locations that does this, but
missed a spot.

Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com

Fixes: 737223fb ("tracing: Consolidate buffer allocation code")
Reported-by: default avatarJing Xia <jing.xia@spreadtrum.com>
Reported-by: default avatarChunyan Zhang <chunyan.zhang@spreadtrum.com>
Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 5511003f
...@@ -6531,6 +6531,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size ...@@ -6531,6 +6531,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size
buf->data = alloc_percpu(struct trace_array_cpu); buf->data = alloc_percpu(struct trace_array_cpu);
if (!buf->data) { if (!buf->data) {
ring_buffer_free(buf->buffer); ring_buffer_free(buf->buffer);
buf->buffer = NULL;
return -ENOMEM; return -ENOMEM;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment