From patchwork Wed Dec 27 12:38:25 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
X-Patchwork-Id: 183468
Return-Path: <linux-kernel+bounces-12018-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:6f82:b0:100:9c79:88ff with SMTP id
 tb2csp1404936dyb;
        Wed, 27 Dec 2023 04:39:00 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IECRdFd14QLfRaEz4fvGC2qx8RrsSWpLAn9YZW2oXxwvewKySyHYd7jOwUzkdfuOM7pAebR
X-Received: by 2002:a05:6214:62a:b0:67f:2ed5:536f with SMTP id
 a10-20020a056214062a00b0067f2ed5536fmr12730468qvx.44.1703680740090;
        Wed, 27 Dec 2023 04:39:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1703680740; cv=none;
        d=google.com; s=arc-20160816;
        b=oQudBD3ldEar2/JjHLuiPWFPErO8YiL+tGSDetw+yrqcJ1jPH8mWfOCfn1AhiUtDiL
         T+itBzj3PzBPdsmFC/enaOQxM3TVT1R1AG2q/0G6VqYGQriaG+Zccxy1ECn5GBUqwmLl
         /H8j3PAbpcyAqYjKohoustKydJvOavB3a+VMdGH4JwsgZfsaUckVE2zV6UTU4Qiuj6mo
         9/AuNDw7XFfl/WbrGptTGSTs1VIM7jq9PAE64DcCxb8YGViSlpzgrRWhnRh/WtHyxmnw
         6cbAYqd5oL+/KGf/bW7Sxy0sm+GMZ3yIJa9vmh5IK7snUu1dWOAFzBaSxkYXw/sIHpRl
         9h+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:user-agent:message-id:date
         :subject:cc:to:from:dkim-signature;
        bh=8fBm6q/MrVC9WqtzAYJ5nJOQT4ahAOA2PNJkmXK/vSY=;
        fh=oLMnAbBOBMi4ywoyT86IkHc+5J8/709vlU/dGQxnDr0=;
        b=PNJjI5oOUrQ2S15CwVf5T+uK/YLkPH/5kgpjGe7bMeQf2WZg++ccJNEZYJF2wtE0rR
         9aZZL8KtL3yslEZ0ojupqtjapeSNzCZia8N2O01DOPvJmonLFttrHe8RpsqqqByVsrsi
         uFtDYM+8Snq/E8nhwd4PywUQlTmpJclAyKdK5Xr2mNSYuVqFswNH8s7MmXpdLUFgnKWB
         SWiAi1h4I3TumTa2wwD4I8Egihuq7LxAMHjYHr4E+pQYmqy06ZIzAPgZRmbXKPc1gzal
         7ZdagjTvfG05GaXmfRZz4Uj+x7BVTThEzhFct7i6L9CAlOkSqTJ6cuKXQl4NwzwQS8OT
         gAwA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=s3xdYdjN;
       spf=pass (google.com: domain of
 linux-kernel+bounces-12018-ouuuleilei=gmail.com@vger.kernel.org designates
 147.75.199.223 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-12018-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id
 k10-20020a0cf28a000000b0067f9f264aa4si10514839qvl.155.2023.12.27.04.38.59
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 27 Dec 2023 04:39:00 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-kernel+bounces-12018-ouuuleilei=gmail.com@vger.kernel.org designates
 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=s3xdYdjN;
       spf=pass (google.com: domain of
 linux-kernel+bounces-12018-ouuuleilei=gmail.com@vger.kernel.org designates
 147.75.199.223 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-12018-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id DB1B81C2264C
	for <ouuuleilei@gmail.com>; Wed, 27 Dec 2023 12:38:59 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 654AF4502C;
	Wed, 27 Dec 2023 12:38:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
 header.b="s3xdYdjN"
X-Original-To: linux-kernel@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
 [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA63444C79;
	Wed, 27 Dec 2023 12:38:29 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 13075C433C9;
	Wed, 27 Dec 2023 12:38:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1703680709;
	bh=X7R6F9hT6XYOO3BGfeWVV1thc/132FVHa6UnzJbO8Fg=;
	h=From:To:Cc:Subject:Date:From;
	b=s3xdYdjN0JOula1WTh6A2iY780fPuc5IgTrHuxBP2YtCgzASY8pVu5cCIY7V7869q
	 TE0fEUoZX+CYtqtqwXCsY8OYqXoe843PQhGtjEdymRcJLFja1/UF0z70P+ObGRMhcy
	 q5mHqo9TWriOWFO8r/kE4PTdfsTl5/UVNn9H+iJe8JO4oJipqon4Kv1/oyimY/7o8v
	 0TzD2/pQGXH+KeQR/7JBNOzi9SHvR2xPoYCM7SvufLJ2jw0s74kX+eqxEsTqPiypj3
	 zZySoByBOlV7buyytNoiODdK6mDu0ZQbrUqD0ZaH5FVMY98tGXBo8VMIUahi8uB1fA
	 uCC4SF5HSoqYg==
From: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>
To: Steven Rostedt <rostedt@goodmis.org>,
	Jiri Olsa <jolsa@kernel.org>
Cc: linux-trace-kernel@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH] tracing: Fix possible memory leak in ftrace_regsiter_direct()
Date: Wed, 27 Dec 2023 21:38:25 +0900
Message-Id: <170368070504.42064.8960569647118388081.stgit@devnote2>
X-Mailer: git-send-email 2.34.1
User-Agent: StGit/0.19
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1786438735852463053
X-GMAIL-MSGID: 1786438735852463053

From: Masami Hiramatsu (Google) <mhiramat@kernel.org>

If ftrace_register_direct() called with a large number of target
functions (e.g. 65), the free_hash can be updated twice or more
in the ftrace_add_rec_direct() without freeing the previous hash
memory. Thus this can cause a memory leak.

Fix this issue by expanding the direct_hash at once before
adding the new entries.

Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Fixes: f64dd4627ec6 ("ftrace: Add multi direct register/unregister interface")
Cc: stable@vger.kernel.org
---
 kernel/trace/ftrace.c |   49 +++++++++++++++++++++++++++++++------------------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index 8de8bec5f366..9269c2c3e595 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -2555,28 +2555,33 @@ unsigned long ftrace_find_rec_direct(unsigned long ip)
 	return entry->direct;
 }
 
-static struct ftrace_func_entry*
-ftrace_add_rec_direct(unsigned long ip, unsigned long addr,
-		      struct ftrace_hash **free_hash)
+static struct ftrace_hash *ftrace_expand_direct(int inc_count)
 {
-	struct ftrace_func_entry *entry;
+	struct ftrace_hash *new_hash, *free_hash;
+	int size = ftrace_hash_empty(direct_functions) ? 0 :
+		direct_functions->count + inc_count;
 
-	if (ftrace_hash_empty(direct_functions) ||
-	    direct_functions->count > 2 * (1 << direct_functions->size_bits)) {
-		struct ftrace_hash *new_hash;
-		int size = ftrace_hash_empty(direct_functions) ? 0 :
-			direct_functions->count + 1;
+	if (!ftrace_hash_empty(direct_functions) &&
+	    size <= 2 * (1 << direct_functions->size_bits))
+		return NULL;
 
-		if (size < 32)
-			size = 32;
+	if (size < 32)
+		size = 32;
 
-		new_hash = dup_hash(direct_functions, size);
-		if (!new_hash)
-			return NULL;
+	new_hash = dup_hash(direct_functions, size);
+	if (!new_hash)
+		return ERR_PTR(-ENOMEM);
 
-		*free_hash = direct_functions;
-		direct_functions = new_hash;
-	}
+	free_hash = direct_functions;
+	direct_functions = new_hash;
+
+	return free_hash;
+}
+
+static struct ftrace_func_entry*
+ftrace_add_rec_direct(unsigned long ip, unsigned long addr)
+{
+	struct ftrace_func_entry *entry;
 
 	entry = kmalloc(sizeof(*entry), GFP_KERNEL);
 	if (!entry)
@@ -5436,11 +5441,19 @@ int register_ftrace_direct(struct ftrace_ops *ops, unsigned long addr)
 		}
 	}
 
+	/* ... and prepare the insertion */
+	free_hash = ftrace_expand_direct(hash->count);
+	if (IS_ERR(free_hash)) {
+		err = PTR_ERR(free_hash);
+		free_hash = NULL;
+		goto out_unlock;
+	}
+
 	/* ... and insert them to direct_functions hash. */
 	err = -ENOMEM;
 	for (i = 0; i < size; i++) {
 		hlist_for_each_entry(entry, &hash->buckets[i], hlist) {
-			new = ftrace_add_rec_direct(entry->ip, addr, &free_hash);
+			new = ftrace_add_rec_direct(entry->ip, addr);
 			if (!new)
 				goto out_remove;
 			entry->direct = addr;