tracing: Fix use-after-free in hist_register_trigger()
authorTom Zanussi <tom.zanussi@linux.intel.com>
Thu, 30 Jun 2016 00:56:00 +0000 (19:56 -0500)
committerSteven Rostedt <rostedt@goodmis.org>
Tue, 2 Aug 2016 19:16:30 +0000 (15:16 -0400)
This fixes a use-after-free case flagged by KASAN; make sure the test
happens before the potential free in this case.

Link: http://lkml.kernel.org/r/48fd74ab61bebd7dca9714386bb47d7c5ccd6a7b.1467247517.git.tom.zanussi@linux.intel.com
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
kernel/trace/trace_events_hist.c

index 19ae135120a3d1c7ac3f264bd158d78c95aecc79..f3a960ed75a197ffd0e519501b74bade3f227ce3 100644 (file)
@@ -1441,6 +1441,9 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops,
                goto out;
        }
 
+       if (hist_data->attrs->pause)
+               data->paused = true;
+
        if (named_data) {
                destroy_hist_data(data->private_data);
                data->private_data = named_data->private_data;
@@ -1448,9 +1451,6 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops,
                data->ops = &event_hist_trigger_named_ops;
        }
 
-       if (hist_data->attrs->pause)
-               data->paused = true;
-
        if (data->ops->init) {
                ret = data->ops->init(data->ops, data);
                if (ret < 0)