提交 ba8665d7 编写于 作者: M Masami Hiramatsu 提交者: Ingo Molnar

trace_kprobes: Fix a memory leak bug and check kstrdup() return value

Fix a memory leak case in create_trace_probe(). When an argument
is too long (> MAX_ARGSTR_LEN), it just jumps to error path. In
that case tp->args[i].name is not released.
This also fixes a bug to check kstrdup()'s return value.
Signed-off-by: NMasami Hiramatsu <mhiramat@redhat.com>
Cc: systemtap <systemtap@sources.redhat.com>
Cc: DLE <dle-develop@lists.sourceforge.net>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Jim Keniston <jkenisto@us.ibm.com>
Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Frank Ch. Eigler <fche@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Jason Baron <jbaron@redhat.com>
Cc: K.Prasad <prasad@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
LKML-Reference: <20091201001919.10235.56455.stgit@harusame>
Signed-off-by: NIngo Molnar <mingo@elte.hu>
上级 5cbd0805
......@@ -483,7 +483,8 @@ static int parse_probe_vars(char *arg, struct fetch_func *ff, int is_return)
return ret;
}
static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
/* Recursive argument parser */
static int __parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
{
int ret = 0;
unsigned long param;
......@@ -543,7 +544,7 @@ static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
if (!id)
return -ENOMEM;
id->offset = offset;
ret = parse_probe_arg(arg, &id->orig, is_return);
ret = __parse_probe_arg(arg, &id->orig, is_return);
if (ret)
kfree(id);
else {
......@@ -560,6 +561,16 @@ static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
return ret;
}
/* String length checking wrapper */
static int parse_probe_arg(char *arg, struct fetch_func *ff, int is_return)
{
if (strlen(arg) > MAX_ARGSTR_LEN) {
pr_info("Argument is too long.: %s\n", arg);
return -ENOSPC;
}
return __parse_probe_arg(arg, ff, is_return);
}
/* Return 1 if name is reserved or already used by another argument */
static int conflict_field_name(const char *name,
struct probe_arg *args, int narg)
......@@ -698,13 +709,14 @@ static int create_trace_probe(int argc, char **argv)
}
tp->args[i].name = kstrdup(argv[i], GFP_KERNEL);
/* Parse fetch argument */
if (strlen(arg) > MAX_ARGSTR_LEN) {
pr_info("Argument%d(%s) is too long.\n", i, arg);
ret = -ENOSPC;
if (!tp->args[i].name) {
pr_info("Failed to allocate argument%d name '%s'.\n",
i, argv[i]);
ret = -ENOMEM;
goto error;
}
/* Parse fetch argument */
ret = parse_probe_arg(arg, &tp->args[i].fetch, is_return);
if (ret) {
pr_info("Parse error at argument%d. (%d)\n", i, ret);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册