perf bpf-event: Fix use-after-free in synthesis - linux/linux-stable.git

diff options

author	Ian Rogers <irogers@google.com>	2025-09-02 11:17:11 -0700
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-09-09 18:58:25 +0200
commit	25eac390c4af3111d16921a80963933ceded5a24 (patch)
tree	45223c91732b5f3ceac5987fb6b7a79132ff3fb2 /tools/perf/util/bpf-utils.c
parent	beec8f807ecc288fe4dbeee4decdf7f4609418dc (diff)

perf bpf-event: Fix use-after-free in synthesis

[ Upstream commit d7b67dd6f9db7bd2c49b415e901849b182ff0735 ] Calls to perf_env__insert_bpf_prog_info may fail as a sideband thread may already have inserted the bpf_prog_info. Such failures may yield info_linear being freed which then causes use-after-free issues with the internal bpf_prog_info info struct. Make it so that perf_env__insert_bpf_prog_info trigger early non-error paths and fix the use-after-free in perf_event__synthesize_one_bpf_prog. Add proper return error handling to perf_env__add_bpf_info (that calls perf_env__insert_bpf_prog_info) and propagate the return value in its callers. Closes: https://lore.kernel.org/lkml/CAP-5=fWJQcmUOP7MuCA2ihKnDAHUCOBLkQFEkQES-1ZZTrgf8Q@mail.gmail.com/ Fixes: 03edb7020bb9 ("perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()") Reviewed-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Ian Rogers <irogers@google.com> Link: https://lore.kernel.org/r/20250902181713.309797-2-irogers@google.com Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'tools/perf/util/bpf-utils.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: