public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 4.19 1/3] tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
@ 2023-03-01 16:30 Sasha Levin
  2023-03-01 16:30 ` [PATCH AUTOSEL 4.19 2/3] efi: efivars: prevent double registration Sasha Levin
  2023-03-01 16:30 ` [PATCH AUTOSEL 4.19 3/3] firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 Sasha Levin
  0 siblings, 2 replies; 4+ messages in thread
From: Sasha Levin @ 2023-03-01 16:30 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jia-Ju Bai, TOTE Robot, Steven Rostedt, Sasha Levin, mhiramat,
	linux-trace-kernel

From: Jia-Ju Bai <baijiaju1990@gmail.com>

[ Upstream commit 3e4272b9954094907f16861199728f14002fcaf6 ]

In a previous commit 7433632c9ff6, buffer, buffer->buffers and
buffer->buffers[cpu] in ring_buffer_wake_waiters() can be NULL,
and thus the related checks are added.

However, in the same call stack, these variables are also used in
ring_buffer_free_read_page():

tracing_buffers_release()
  ring_buffer_wake_waiters(iter->array_buffer->buffer)
    cpu_buffer = buffer->buffers[cpu] -> Add checks by previous commit
  ring_buffer_free_read_page(iter->array_buffer->buffer)
    cpu_buffer = buffer->buffers[cpu] -> No check

Thus, to avod possible null-pointer derefernces, the related checks
should be added.

These results are reported by a static tool designed by myself.

Link: https://lkml.kernel.org/r/20230113125501.760324-1-baijiaju1990@gmail.com

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/trace/ring_buffer.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 5e5b0c067f611..bef3d01b8ff61 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -4685,11 +4685,16 @@ EXPORT_SYMBOL_GPL(ring_buffer_alloc_read_page);
  */
 void ring_buffer_free_read_page(struct ring_buffer *buffer, int cpu, void *data)
 {
-	struct ring_buffer_per_cpu *cpu_buffer = buffer->buffers[cpu];
+	struct ring_buffer_per_cpu *cpu_buffer;
 	struct buffer_data_page *bpage = data;
 	struct page *page = virt_to_page(bpage);
 	unsigned long flags;
 
+	if (!buffer || !buffer->buffers || !buffer->buffers[cpu])
+		return;
+
+	cpu_buffer = buffer->buffers[cpu];
+
 	/* If the page is still in use someplace else, we can't reuse it */
 	if (page_ref_count(page) > 1)
 		goto out;
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-03-01 16:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-01 16:30 [PATCH AUTOSEL 4.19 1/3] tracing: Add NULL checks for buffer in ring_buffer_free_read_page() Sasha Levin
2023-03-01 16:30 ` [PATCH AUTOSEL 4.19 2/3] efi: efivars: prevent double registration Sasha Levin
2023-03-01 16:31   ` Ard Biesheuvel
2023-03-01 16:30 ` [PATCH AUTOSEL 4.19 3/3] firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox