Patch "trace_events_hist: add check for return value of 'create_hist_field'" has been added to the 6.1-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sat, 28 Jan 2023 10:29:02 +0100

This is a note to let you know that I've just added the patch titled

    trace_events_hist: add check for return value of 'create_hist_field'

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     trace_events_hist-add-check-for-return-value-of-create_hist_field.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 8b152e9150d07a885f95e1fd401fc81af202d9a4 Mon Sep 17 00:00:00 2001
From: Natalia Petrova <n.petrova@xxxxxxxxxx>
Date: Wed, 11 Jan 2023 15:04:09 +0300
Subject: trace_events_hist: add check for return value of 'create_hist_field'

From: Natalia Petrova <n.petrova@xxxxxxxxxx>

commit 8b152e9150d07a885f95e1fd401fc81af202d9a4 upstream.

Function 'create_hist_field' is called recursively at
trace_events_hist.c:1954 and can return NULL-value that's why we have
to check it to avoid null pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Link: https://lkml.kernel.org/r/20230111120409.4111-1-n.petrova@xxxxxxxxxx

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 30350d65ac56 ("tracing: Add variable support to hist triggers")
Signed-off-by: Natalia Petrova <n.petrova@xxxxxxxxxx>
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 kernel/trace/trace_events_hist.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1975,6 +1975,8 @@ static struct hist_field *create_hist_fi
 		hist_field->fn_num = flags & HIST_FIELD_FL_LOG2 ? HIST_FIELD_FN_LOG2 :
 			HIST_FIELD_FN_BUCKET;
 		hist_field->operands[0] = create_hist_field(hist_data, field, fl, NULL);
+		if (!hist_field->operands[0])
+			goto free;
 		hist_field->size = hist_field->operands[0]->size;
 		hist_field->type = kstrdup_const(hist_field->operands[0]->type, GFP_KERNEL);
 		if (!hist_field->type)


Patches currently in stable-queue which might be from n.petrova@xxxxxxxxxx are

queue-6.1/trace_events_hist-add-check-for-return-value-of-create_hist_field.patch






