[v2] tracing/probes: Fix memory leak in traceprobe_parse_probe_arg_body

Commit Message

lumingyindetect@126.com April 27, 2024, 2:57 a.m. UTC

From: LuMingYin <lumingyindetect@126.com>

If traceprobe_parse_probe_arg_body() fails to allocate 'parg->fmt', it
jumps to 'out' instead of 'fail' by mistake. In the result, in this
case the 'tmp' buffer is not freed and leaks its memory.

Fix it by jumping to 'fail' in that case.

Fixes: 032330abd08b ("tracing/probes: Cleanup probe argument parser")
Signed-off-by: LuMingYin <lumingyindetect@126.com>
---
 kernel/trace/trace_probe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Markus Elfring April 27, 2024, 6:36 a.m. UTC | #1

I suggest to append parentheses to the function name in the summary phrase.


> If traceprobe_parse_probe_arg_body() fails to allocate 'parg->fmt', it
> jumps to 'out' instead of 'fail' by mistake. In the result, in this
> case the 'tmp' buffer is not freed and leaks its memory.
>
> Fix it by jumping to 'fail' in that case.

I propose to improve such a change description another bit like the following.

   If traceprobe_parse_probe_arg_body() failed to allocate the object “parg->fmt”,
   it jumps to the label “out” instead of “fail” by mistake.
   In the result, the buffer “tmp” is not freed in this case and leaks its memory.

   Thus jump to the label “fail” in that error case.


Regards,
Markus

Patch

diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
index dfe3ee6035ec..42bc0f362226 100644
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -1466,7 +1466,7 @@  static int traceprobe_parse_probe_arg_body(const char *argv, ssize_t *size,
 		parg->fmt = kmalloc(len, GFP_KERNEL);
 		if (!parg->fmt) {
 			ret = -ENOMEM;
-			goto out;
+			goto fail;
 		}
 		snprintf(parg->fmt, len, "%s[%d]", parg->type->fmttype,
 			 parg->count);