From: Steven Rostedt <rostedt@goodmis.org>
To: linux-kernel@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
stable@vger.kernel.org, Natalia Petrova <n.petrova@fintech.ru>
Subject: [for-linus][PATCH 06/11] trace_events_hist: add check for return value of create_hist_field
Date: Wed, 25 Jan 2023 11:18:30 -0500 [thread overview]
Message-ID: <20230125162010.827695718@goodmis.org> (raw)
In-Reply-To: 20230125161824.332648375@goodmis.org
From: Natalia Petrova <n.petrova@fintech.ru>
Function 'create_hist_field' is called recursively at
trace_events_hist.c:1954 and can return NULL-value that's why we have
to check it to avoid null pointer dereference.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Link: https://lkml.kernel.org/r/20230111120409.4111-1-n.petrova@fintech.ru
Cc: stable@vger.kernel.org
Fixes: 30350d65ac56 ("tracing: Add variable support to hist triggers")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
---
kernel/trace/trace_events_hist.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index fcaf226b7744..5edbf6b1da3f 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1988,6 +1988,8 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data,
hist_field->fn_num = flags & HIST_FIELD_FL_LOG2 ? HIST_FIELD_FN_LOG2 :
HIST_FIELD_FN_BUCKET;
hist_field->operands[0] = create_hist_field(hist_data, field, fl, NULL);
+ if (!hist_field->operands[0])
+ goto free;
hist_field->size = hist_field->operands[0]->size;
hist_field->type = kstrdup_const(hist_field->operands[0]->type, GFP_KERNEL);
if (!hist_field->type)
--
2.39.0
next prev parent reply other threads:[~2023-01-25 16:20 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 16:18 [for-linus][PATCH 00/11] tracing: Updates for 6.2 Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 01/11] ftrace: Export ftrace_free_filter() to modules Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 02/11] tracing: Make sure trace_printk() can output as soon as it can be used Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 03/11] ftrace/scripts: Update the instructions for ftrace-bisect.sh Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 04/11] tracing: Kconfig: Fix spelling/grammar/punctuation Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 05/11] tracing/osnoise: Use built-in RCU list checking Steven Rostedt
2023-01-25 16:18 ` Steven Rostedt [this message]
2023-01-25 16:18 ` [for-linus][PATCH 07/11] lib: Kconfig: fix spellos Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 08/11] tracing/filter: fix kernel-doc warnings Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 09/11] ftrace: Maintain samples/ftrace Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 10/11] rv: remove redundant initialization of pointer ptr Steven Rostedt
2023-01-25 16:18 ` [for-linus][PATCH 11/11] bootconfig: Update MAINTAINERS file to add tree and mailing list Steven Rostedt
2023-01-25 16:22 ` [for-linus][PATCH 00/11] tracing: Updates for 6.2 Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230125162010.827695718@goodmis.org \
--to=rostedt@goodmis.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=n.petrova@fintech.ru \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox