tracing: Fix possible double free on failure of allocating trace buffer

[ Upstream commit 4397f04575c44e1440ec2e49b6302785c95fd2f8 ] Jing Xia and Chunyan Zhang reported that on failing to allocate part of the tracing buffer, memory is freed, but the pointers that point to them are not initialized back to NULL, and later paths may try to free the freed memory again. Jing and Chunyan fixed one of the locations that does this, but missed a spot. Link: http://lkml.kernel.org/r/20171226071253.8968-1-chunyan.zhang@spreadtrum.com Cc: stable@vger.kernel.org Fixes: 737223fbca3b1 ("tracing: Consolidate buffer allocation code") Reported-by: Jing Xia <jing.xia@spreadtrum.com> Reported-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
author: Steven Rostedt (VMware) <rostedt@goodmis.org> 2017-12-26 20:07:34 -0500
committer: Sasha Levin <alexander.levin@microsoft.com> 2018-02-28 19:32:17 -0500
commit: ca8476b2170d7500609f1fc6945a03e80eb58f6c (patch)
tree: 17d32907f9d1b90b7f6b7be1ab1ea79517e551b0 /kernel
parent: 6cca8cd145ecb720a113aad7fc17786d89c00de1 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 915fffdc5329..8437927928bc 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6440,6 +6440,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size
 	buf->data = alloc_percpu(struct trace_array_cpu);
 	if (!buf->data) {
 		ring_buffer_free(buf->buffer);
+		buf->buffer = NULL;
 		return -ENOMEM;
 	}
author	Steven Rostedt (VMware) <rostedt@goodmis.org>	2017-12-26 20:07:34 -0500
committer	Sasha Levin <alexander.levin@microsoft.com>	2018-02-28 19:32:17 -0500
commit	ca8476b2170d7500609f1fc6945a03e80eb58f6c (patch)
tree	17d32907f9d1b90b7f6b7be1ab1ea79517e551b0 /kernel
parent	6cca8cd145ecb720a113aad7fc17786d89c00de1 (diff)