Commit 09833521 authored by Steven Rostedt's avatar Steven Rostedt
Browse files

tracing: fix memory leak in trace_stat 



If the function profiler does not have any items recorded and one were
to cat the function stat file, the kernel would take a BUG with a NULL
pointer dereference.

Looking further into this, I found that returning NULL from stat_start
did not stop the stat logic, and would later call stat_next. This breaks
from the way seq_file works, so I looked into fixing the stat code.

This is where I noticed that the last next_entry is never freed.
It is allocated, and if the stat_next returns NULL, the code breaks out
of the loop, unlocks the mutex and exits. We never link the next_entry
nor do we free it. Thus it is a real memory leak.

This patch rearranges the code a bit to not only fix the memory leak,
but also to act more like seq_file where nothing is printed if there
is nothing to print. That is, stat_start returns NULL.

Signed-off-by: default avatarSteven Rostedt <srostedt@redhat.com>
parent 45b95608

kernel/trace/trace_stat.c

+13 −10
Original line number Diff line number Diff line
@@ -75,7 +75,7 @@ static int stat_seq_init(struct tracer_stat_session *session) 
{

	struct trace_stat_list *iter_entry, *new_entry;

	struct tracer_stat *ts = session->ts;

	void *prev_stat;

	void *stat;

	int ret = 0;

	int i;
@@ -85,6 +85,10 @@ static int stat_seq_init(struct tracer_stat_session *session) 
	if (!ts->stat_cmp)

		ts->stat_cmp = dummy_cmp;



	stat = ts->stat_start();

	if (!stat)

		goto exit;



	/*

	 * The first entry. Actually this is the second, but the first

	 * one (the stat_list head) is pointless.
@@ -99,14 +103,19 @@ static int stat_seq_init(struct tracer_stat_session *session) 


	list_add(&new_entry->list, &session->stat_list);



	new_entry->stat = ts->stat_start();

	prev_stat = new_entry->stat;

	new_entry->stat = stat;



	/*

	 * Iterate over the tracer stat entries and store them in a sorted

	 * list.

	 */

	for (i = 1; ; i++) {

		stat = ts->stat_next(stat, i);



		/* End of insertion */

		if (!stat)

			break;



		new_entry = kmalloc(sizeof(struct trace_stat_list), GFP_KERNEL);

		if (!new_entry) {

			ret = -ENOMEM;
@@ -114,11 +123,7 @@ static int stat_seq_init(struct tracer_stat_session *session) 
		}



		INIT_LIST_HEAD(&new_entry->list);

		new_entry->stat = ts->stat_next(prev_stat, i);



		/* End of insertion */

		if (!new_entry->stat)

			break;

		new_entry->stat = stat;



		list_for_each_entry(iter_entry, &session->stat_list, list) {
@@ -137,8 +142,6 @@ static int stat_seq_init(struct tracer_stat_session *session) 
				break;

			}

		}



		prev_stat = new_entry->stat;

	}

exit:

	mutex_unlock(&session->stat_mutex);

CRA Git | Maintained and supported by SUSTech CRA and CCSE