From: Ian Rogers irogers@google.com
mainline inclusion from mainline-v5.16-rc2 commit d9fc706108c15f8bc2d4ccccf8e50f74830fabd9 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9S202 CVE: CVE-2021-47543
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
perf_tip() may allocate memory or use a literal, this means memory wasn't freed if allocated. Change the API so that literals aren't used.
At the same time add missing frees for system_path. These issues were spotted using leak sanitizer.
Signed-off-by: Ian Rogers irogers@google.com Cc: Alexander Shishkin alexander.shishkin@linux.intel.com Cc: Jiri Olsa jolsa@redhat.com Cc: Mark Rutland mark.rutland@arm.com Cc: Namhyung Kim namhyung@kernel.org Cc: Peter Zijlstra peterz@infradead.org Cc: Stephane Eranian eranian@google.com Link: http://lore.kernel.org/lkml/20211118073804.2149974-1-irogers@google.com Signed-off-by: Arnaldo Carvalho de Melo acme@redhat.com
Conflicts: tools/perf/builtin-report.c [fix context conflicts] Signed-off-by: Luo Gengkun luogengkun2@huawei.com --- tools/perf/builtin-report.c | 15 +++++++++------ tools/perf/util/util.c | 14 +++++++------- tools/perf/util/util.h | 2 +- 3 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c index ae377916bdce..2c87b4d1d117 100644 --- a/tools/perf/builtin-report.c +++ b/tools/perf/builtin-report.c @@ -554,14 +554,17 @@ static int report__browse_hists(struct report *rep) int ret; struct perf_session *session = rep->session; struct perf_evlist *evlist = session->evlist; - const char *help = perf_tip(system_path(TIPDIR)); + char *help = NULL, *path = NULL;
- if (help == NULL) { + path = system_path(TIPDIR); + if (perf_tip(&help, path) || help == NULL) { /* fallback for people who don't install perf ;-) */ - help = perf_tip(DOCDIR); - if (help == NULL) - help = "Cannot load tips.txt file, please install perf!"; + free(path); + path = system_path(DOCDIR); + if (perf_tip(&help, path) || help == NULL) + help = strdup("Cannot load tips.txt file, please install perf!"); } + free(path);
switch (use_browser) { case 1: @@ -583,7 +586,7 @@ static int report__browse_hists(struct report *rep) ret = perf_evlist__tty_browse_hists(evlist, rep, help); break; } - + free(help); return ret; }
diff --git a/tools/perf/util/util.c b/tools/perf/util/util.c index eac5b858a371..7b64d36e9e18 100644 --- a/tools/perf/util/util.c +++ b/tools/perf/util/util.c @@ -479,30 +479,30 @@ fetch_kernel_version(unsigned int *puint, char *str, return 0; }
-const char *perf_tip(const char *dirpath) +int perf_tip(char **strp, const char *dirpath) { struct strlist *tips; struct str_node *node; - char *tip = NULL; struct strlist_config conf = { .dirname = dirpath, .file_only = true, }; + int ret = 0;
+ *strp = NULL; tips = strlist__new("tips.txt", &conf); if (tips == NULL) - return errno == ENOENT ? NULL : - "Tip: check path of tips.txt or get more memory! ;-p"; + return -errno;
if (strlist__nr_entries(tips) == 0) goto out;
node = strlist__entry(tips, random() % strlist__nr_entries(tips)); - if (asprintf(&tip, "Tip: %s", node->s) < 0) - tip = (char *)"Tip: get more memory! ;-)"; + if (asprintf(strp, "Tip: %s", node->s) < 0) + ret = -ENOMEM;
out: strlist__delete(tips);
- return tip; + return ret; } diff --git a/tools/perf/util/util.h b/tools/perf/util/util.h index 2efec9e77753..c71fb0592e58 100644 --- a/tools/perf/util/util.h +++ b/tools/perf/util/util.h @@ -55,7 +55,7 @@ int fetch_kernel_version(unsigned int *puint, #define KVER_FMT "%d.%d.%d" #define KVER_PARAM(x) KVER_VERSION(x), KVER_PATCHLEVEL(x), KVER_SUBLEVEL(x)
-const char *perf_tip(const char *dirpath); +int perf_tip(char **strp, const char *dirpath);
#ifndef HAVE_GET_CURRENT_DIR_NAME char *get_current_dir_name(void);