summaryrefslogtreecommitdiff
path: root/drivers/pinctrl/airoha/git@git.tavy.me:linux.git
diff options
context:
space:
mode:
authorSechang Lim <rhkrqnwk98@gmail.com>2026-06-25 08:34:48 +0900
committerMasami Hiramatsu (Google) <mhiramat@kernel.org>2026-06-30 23:58:19 +0900
commit367c49d6e283c17b56a31e7a8d964a079244264c (patch)
tree9a7a03105d01c359d2aedfbbea7414684e0356af /drivers/pinctrl/airoha/git@git.tavy.me:linux.git
parent9a667b7750dda88cbf1cca96a53a2163b2ee71f7 (diff)
tracing/fprobe: Fix NULL pointer dereference in fprobe_fgraph_entry()
fprobe_fgraph_entry() sizes a shadow-stack reservation in one walk of the per-ip fprobe list and fills it in a second walk, both under rcu_read_lock() only. A fprobe registered on an already-live ip can become visible between the two walks, so the fill walk processes an exit_handler the sizing walk did not count and used runs past reserved_words. If the sizing walk counted nothing, fgraph_data is NULL and the first write_fprobe_header() faults: Oops: general protection fault, probably for non-canonical address ... KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:fprobe_fgraph_entry+0xa38/0xf10 kernel/trace/fprobe.c:167 Call Trace: <TASK> function_graph_enter_regs+0x44c/0xa10 kernel/trace/fgraph.c:677 ftrace_graph_func+0xc5/0x140 arch/x86/kernel/ftrace.c:671 __kernel_text_address+0x9/0x40 kernel/extable.c:78 arch_stack_walk+0x117/0x170 arch/x86/kernel/stacktrace.c:26 kmem_cache_free+0x188/0x580 mm/slub.c:6378 tcp_data_queue+0x18d/0x6550 net/ipv4/tcp_input.c:5590 [...] </TASK> The list cannot be frozen across the two walks, so skip a node that does not fit the reservation and count it as missed. Link: https://lore.kernel.org/all/20260619184425.3824774-1-rhkrqnwk98@gmail.com/ Fixes: 4346ba160409 ("fprobe: Rewrite fprobe on function-graph tracer") Signed-off-by: Sechang Lim <rhkrqnwk98@gmail.com> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Diffstat (limited to 'drivers/pinctrl/airoha/git@git.tavy.me:linux.git')
0 files changed, 0 insertions, 0 deletions