qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/kernel/trace
History
Wang Liang dc3382fffd tracing: kprobe-event: Fix null-ptr-deref in trace_kprobe_create_internal() 
A crash was observed with the following output:

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 UID: 0 PID: 2899 Comm: syz.2.399 Not tainted 6.17.0-rc5+ #5 PREEMPT(none)
RIP: 0010:trace_kprobe_create_internal+0x3fc/0x1440 kernel/trace/trace_kprobe.c:911
Call Trace:
 <TASK>
 trace_kprobe_create_cb+0xa2/0xf0 kernel/trace/trace_kprobe.c:1089
 trace_probe_create+0xf1/0x110 kernel/trace/trace_probe.c:2246
 dyn_event_create+0x45/0x70 kernel/trace/trace_dynevent.c:128
 create_or_delete_trace_kprobe+0x5e/0xc0 kernel/trace/trace_kprobe.c:1107
 trace_parse_run_command+0x1a5/0x330 kernel/trace/trace.c:10785
 vfs_write+0x2b6/0xd00 fs/read_write.c:684
 ksys_write+0x129/0x240 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x5d/0x2d0 arch/x86/entry/syscall_64.c:94
 </TASK>

Function kmemdup() may return NULL in trace_kprobe_create_internal(), add
check for it's return value.

Link: https://lore.kernel.org/all/20250916075816.3181175-1-wangliang74@huawei.com/

Fixes: 33b4e38baa ("tracing: kprobe-event: Allocate string buffers from heap")
Signed-off-by: Wang Liang <wangliang74@huawei.com>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
 		2025-09-18 07:36:41 +09:00
..
rv tracing changes for 6.17 2025-08-01 10:29:36 -07:00
Kconfig tracing changes for 6.17 2025-08-01 10:29:36 -07:00
Makefile tracing: Have eprobes have their own config option 2025-07-30 10:38:43 -04:00
blktrace.c Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
bpf_trace.c bpf: Clean up individual BTF_ID code 2025-07-16 18:34:42 -07:00
bpf_trace.h
error_report-traces.c
fgraph.c trace/fgraph: Fix error handling 2025-09-06 12:12:38 -04:00
fprobe.c Probes updates for v6.17: 2025-07-30 15:38:01 -07:00
ftrace.c ftrace: Also allocate and copy hash for reading of filter files 2025-08-22 19:58:35 -04:00
ftrace_internal.h
kprobe_event_gen_test.c
pid_list.c
pid_list.h
power-traces.c PM: cpufreq: powernv/tracing: Move powernv_throttle trace event 2025-07-21 16:40:56 -04:00
preemptirq_delay_test.c
rethook.c
ring_buffer.c ring-buffer: Remove redundant semicolons 2025-08-20 09:20:30 -04:00
ring_buffer_benchmark.c
rpm-traces.c
synth_event_gen_test.c
trace.c tracing: Silence warning when chunk allocation fails in trace_pid_write 2025-09-08 14:56:43 -04:00
trace.h tracing fixes for v6.17-rc2: 2025-08-23 10:11:34 -04:00
trace_benchmark.c
trace_benchmark.h
trace_boot.c
trace_branch.c
trace_btf.c
trace_btf.h
trace_clock.c
trace_dynevent.c
trace_dynevent.h
trace_entries.h
trace_eprobe.c tracing: Have eprobes handle arrays 2025-07-24 22:57:32 +09:00
trace_event_perf.c
trace_events.c tracing changes for 6.17 2025-08-01 10:29:36 -07:00
trace_events_filter.c tracing changes for 6.17 2025-08-01 10:29:36 -07:00
trace_events_filter_test.h
trace_events_hist.c
trace_events_inject.c
trace_events_synth.c tracing: Add guard(ring_buffer_nest) 2025-08-01 16:49:15 -04:00
trace_events_trigger.c
trace_events_user.c trace: Remove redundant __GFP_NOWARN 2025-09-02 11:48:16 -04:00
trace_export.c
trace_fprobe.c tracing: trace_fprobe: Fix typo of the semicolon 2025-07-29 08:37:52 +09:00
trace_functions.c
trace_functions_graph.c fgraph: Copy args in intermediate storage with entry 2025-08-22 17:32:35 -04:00
trace_hwlat.c
trace_irqsoff.c
trace_kdb.c ring-buffer: Remove ring_buffer_read_prepare_sync() 2025-07-22 20:01:41 -04:00
trace_kprobe.c tracing: kprobe-event: Fix null-ptr-deref in trace_kprobe_create_internal() 2025-09-18 07:36:41 +09:00
trace_kprobe_selftest.c
trace_kprobe_selftest.h
trace_mmiotrace.c
trace_nop.c
trace_osnoise.c tracing/osnoise: Fix null-ptr-deref in bitmap_parselist() 2025-09-06 12:12:38 -04:00
trace_output.c tracing: Have unsigned int function args displayed as hexadecimal 2025-08-01 19:14:51 -04:00
trace_output.h
trace_preemptirq.c
trace_printk.c
trace_probe.c Probes updates for v6.17: 2025-07-30 15:38:01 -07:00
trace_probe.h tracing: probe: Allocate traceprobe_parse_context from heap 2025-07-24 00:21:30 +09:00
trace_probe_kernel.h
trace_probe_tmpl.h
trace_recursion_record.c
trace_sched_switch.c
trace_sched_wakeup.c
trace_selftest.c
trace_selftest_dynamic.c
trace_seq.c
trace_stack.c
trace_stat.c
trace_stat.h
trace_synth.h
trace_syscalls.c
trace_uprobe.c tracing: uprobe-event: Allocate string buffers from heap 2025-07-24 00:21:58 +09:00
tracing_map.c
tracing_map.h