Commit b01a706f authored Sep 02, 2025 by Ian Rogers Committed by Greg Kroah-Hartman Sep 09, 2025

perf bpf-event: Fix use-after-free in synthesis

[ Upstream commit d7b67dd6 ]

Calls to perf_env__insert_bpf_prog_info may fail as a sideband thread
may already have inserted the bpf_prog_info. Such failures may yield
info_linear being freed which then causes use-after-free issues with
the internal bpf_prog_info info struct. Make it so that
perf_env__insert_bpf_prog_info trigger early non-error paths and fix
the use-after-free in perf_event__synthesize_one_bpf_prog. Add proper
return error handling to perf_env__add_bpf_info (that calls
perf_env__insert_bpf_prog_info) and propagate the return value in its
callers.

Closes: https://lore.kernel.org/lkml/CAP-5=fWJQcmUOP7MuCA2ihKnDAHUCOBLkQFEkQES-1ZZTrgf8Q@mail.gmail.com/


Fixes: 03edb702 ("perf bpf: Fix two memory leakages when calling perf_env__insert_bpf_prog_info()")
Reviewed-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Ian Rogers <irogers@google.com>
Link: https://lore.kernel.org/r/20250902181713.309797-2-irogers@google.com


Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 43167766

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 89928190
· Nov 05, 2025

mentioned in commit 89928190

mentioned in commit 89928190f5b0cb4eb2eede797030f8e9e17c3c4f

Toggle commit list

Please to comment