tracing: Fix possible double free on failure of allocating trace buffer

commit 4397f04575c44e1440ec2e49b6302785c95fd2f8 upstream. Jing Xia and Chunyan Zhang reported that on failing to allocate part of the tracing buffer, memory is freed, but the pointers that point to them are not initialized back to NULL, and later paths may try to free the freed memory again. Jing and Chunyan fixed one of the locations that does this, but missed a spot. Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com Fixes: 737223fbca3b1 ("tracing: Consolidate buffer allocation code") Reported-by: Jing Xia <jing.xia@spreadtrum.com> Reported-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Steven Rostedt (VMware) <rostedt@goodmis.org> 2017-12-26 20:07:34 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-01-02 20:04:57 +0100
commit: f9e16c238bd6da1d858d50c1ab81c8431578877a (patch)
tree: 4073a97c9f729c425abe9eb55511ee3f69187f03 /kernel
parent: 973b645673b626beed3b20aedddf2ff51b8fcab8 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 10286ffd9112..34fb8fc15f59 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6244,6 +6244,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size
 	buf->data = alloc_percpu(struct trace_array_cpu);
 	if (!buf->data) {
 		ring_buffer_free(buf->buffer);
+		buf->buffer = NULL;
 		return -ENOMEM;
 	}
author	Steven Rostedt (VMware) <rostedt@goodmis.org>	2017-12-26 20:07:34 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-01-02 20:04:57 +0100
commit	f9e16c238bd6da1d858d50c1ab81c8431578877a (patch)
tree	4073a97c9f729c425abe9eb55511ee3f69187f03 /kernel
parent	973b645673b626beed3b20aedddf2ff51b8fcab8 (diff)