This is a note to let you know that I've just added the patch titled trace_events_hist: add check for return value of 'create_hist_field' to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: trace_events_hist-add-check-for-return-value-of-create_hist_field.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 8b152e9150d07a885f95e1fd401fc81af202d9a4 Mon Sep 17 00:00:00 2001 From: Natalia Petrova <n.petrova@xxxxxxxxxx> Date: Wed, 11 Jan 2023 15:04:09 +0300 Subject: trace_events_hist: add check for return value of 'create_hist_field' From: Natalia Petrova <n.petrova@xxxxxxxxxx> commit 8b152e9150d07a885f95e1fd401fc81af202d9a4 upstream. Function 'create_hist_field' is called recursively at trace_events_hist.c:1954 and can return NULL-value that's why we have to check it to avoid null pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. Link: https://lkml.kernel.org/r/20230111120409.4111-1-n.petrova@xxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx Fixes: 30350d65ac56 ("tracing: Add variable support to hist triggers") Signed-off-by: Natalia Petrova <n.petrova@xxxxxxxxxx> Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- kernel/trace/trace_events_hist.c | 2 ++ 1 file changed, 2 insertions(+) --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1699,6 +1699,8 @@ static struct hist_field *create_hist_fi hist_field->fn = flags & HIST_FIELD_FL_LOG2 ? hist_field_log2 : hist_field_bucket; hist_field->operands[0] = create_hist_field(hist_data, field, fl, NULL); + if (!hist_field->operands[0]) + goto free; hist_field->size = hist_field->operands[0]->size; hist_field->type = kstrdup_const(hist_field->operands[0]->type, GFP_KERNEL); if (!hist_field->type) Patches currently in stable-queue which might be from n.petrova@xxxxxxxxxx are queue-5.15/trace_events_hist-add-check-for-return-value-of-create_hist_field.patch