Re: [PATCH] perf/x86/uncore: fix a potential double-free in uncore_type_init

From: Adrian Hunter
Date: Mon Dec 11 2023 - 05:40:43 EST

Next message: Alexandra Winter: "Re: [PATCH net-next v5 2/9] net/smc: introduce sub-functions for smc_clc_send_confirm_accept()"
Previous message: Ilya Leoshkevich: "Re: [PATCH v2 32/33] s390: Implement the architecture-specific kmsan functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/12/23 05:27, Dinghao Liu wrote:
> When kzalloc for pmus[i].boxes fails, we should clean up pmus
> to prevent memleak. However, when kzalloc for attr_group fails,
> pmus has been assigned to type->pmus, and freeing will be done
> later on by the callers. The chain is: uncore_type_init ->
> uncore_types_init -> uncore_pci_init -> uncore_types_exit ->
> uncore_type_exit. Therefore, freeing pmus in uncore_type_init
> may cause a double-free. Fix this by setting type->pmus to
> NULL after kfree.
>
> Fixes: 629eb703d3e4 ("perf/x86/intel/uncore: Fix memory leaks on allocation failures")
> Signed-off-by: Dinghao Liu <dinghao.liu@xxxxxxxxxx>

Reviewed-by: Adrian Hunter <adrian.hunter@xxxxxxxxx>

> ---
> arch/x86/events/intel/uncore.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c
> index 01023aa5125b..d80445a24011 100644
> --- a/arch/x86/events/intel/uncore.c
> +++ b/arch/x86/events/intel/uncore.c
> @@ -1041,6 +1041,7 @@ static int __init uncore_type_init(struct intel_uncore_type *type, bool setid)
> for (i = 0; i < type->num_boxes; i++)
> kfree(pmus[i].boxes);
> kfree(pmus);
> + type->pmus = NULL;
>
> return -ENOMEM;
> }

Next message: Alexandra Winter: "Re: [PATCH net-next v5 2/9] net/smc: introduce sub-functions for smc_clc_send_confirm_accept()"
Previous message: Ilya Leoshkevich: "Re: [PATCH v2 32/33] s390: Implement the architecture-specific kmsan functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]