diff options
| author | Geyslan G. Bem <geyslan@gmail.com> | 2013-11-06 14:02:51 -0500 |
|---|---|---|
| committer | Steven Rostedt <rostedt@goodmis.org> | 2013-11-06 15:26:54 -0500 |
| commit | d6d3523caab75196560c85aae80cb8f4a8e380ea (patch) | |
| tree | c051e62d5e1579a530ed2966d1ee38f5c7a8dce8 /kernel | |
| parent | 2e86421debc2cf4d1513c9b73fcd34c5ce431ae3 (diff) | |
tracing: Do not assign filp->private_data to freed memory
In system_tr_open(), the filp->private_data can be assigned the 'dir'
variable even if it was freed. This is on the error path, and is
harmless because the error return code will prevent filp->private_data
from being used. But for correctness, we should not assign it to
a recently freed variable, as that can cause static tools to give
false warnings.
Also have both subsystem_open() and system_tr_open() return -ENODEV
if tracing has been disabled.
Link: http://lkml.kernel.org/r/1383764571-7318-1-git-send-email-geyslan@gmail.com
Signed-off-by: Geyslan G. Bem <geyslan@gmail.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/trace/trace_events.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 043f833246a0..f919a2e21bf3 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c | |||
| @@ -1062,6 +1062,9 @@ static int subsystem_open(struct inode *inode, struct file *filp) | |||
| 1062 | struct trace_array *tr; | 1062 | struct trace_array *tr; |
| 1063 | int ret; | 1063 | int ret; |
| 1064 | 1064 | ||
| 1065 | if (tracing_is_disabled()) | ||
| 1066 | return -ENODEV; | ||
| 1067 | |||
| 1065 | /* Make sure the system still exists */ | 1068 | /* Make sure the system still exists */ |
| 1066 | mutex_lock(&trace_types_lock); | 1069 | mutex_lock(&trace_types_lock); |
| 1067 | mutex_lock(&event_mutex); | 1070 | mutex_lock(&event_mutex); |
| @@ -1108,6 +1111,9 @@ static int system_tr_open(struct inode *inode, struct file *filp) | |||
| 1108 | struct trace_array *tr = inode->i_private; | 1111 | struct trace_array *tr = inode->i_private; |
| 1109 | int ret; | 1112 | int ret; |
| 1110 | 1113 | ||
| 1114 | if (tracing_is_disabled()) | ||
| 1115 | return -ENODEV; | ||
| 1116 | |||
| 1111 | if (trace_array_get(tr) < 0) | 1117 | if (trace_array_get(tr) < 0) |
| 1112 | return -ENODEV; | 1118 | return -ENODEV; |
| 1113 | 1119 | ||
| @@ -1124,11 +1130,12 @@ static int system_tr_open(struct inode *inode, struct file *filp) | |||
| 1124 | if (ret < 0) { | 1130 | if (ret < 0) { |
| 1125 | trace_array_put(tr); | 1131 | trace_array_put(tr); |
| 1126 | kfree(dir); | 1132 | kfree(dir); |
| 1133 | return ret; | ||
| 1127 | } | 1134 | } |
| 1128 | 1135 | ||
| 1129 | filp->private_data = dir; | 1136 | filp->private_data = dir; |
| 1130 | 1137 | ||
| 1131 | return ret; | 1138 | return 0; |
| 1132 | } | 1139 | } |
| 1133 | 1140 | ||
| 1134 | static int subsystem_release(struct inode *inode, struct file *file) | 1141 | static int subsystem_release(struct inode *inode, struct file *file) |