| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jun 2016 10:43:09 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Ingo Molnar <mingo@...hat.com>,
LKML <linux-kernel@...r.kernel.org>,
Tom Zanussi <tom.zanussi@...ux.intel.com>
Subject: Re: trace: use-after-free in hist_unreg_all
On Tue, 28 Jun 2016 14:58:50 +0200
Dmitry Vyukov <dvyukov@...gle.com> wrote:
> Hello,
>
> While running tools/testing/selftests test suite with KASAN I hit the
> following use-after-free report:
>
>
>
> ==================================================================
> BUG: KASAN: use-after-free in hist_unreg_all+0x1a1/0x1d0 at addr
> ffff880031632cc0
> Read of size 8 by task ftracetest/7413
> =============================================================================
> BUG kmalloc-128 (Not tainted): kasan: bad access detected
> -----------------------------------------------------------------------------
Thanks for the report. Can you check if this patch fixes the issue?
-- Steve
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 0c05b8a99806..948adb4b6761 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1699,9 +1699,9 @@ hist_enable_get_trigger_ops(char *cmd, char *param)
static void hist_enable_unreg_all(struct trace_event_file *file)
{
- struct event_trigger_data *test;
+ struct event_trigger_data *test, *n;
- list_for_each_entry_rcu(test, &file->triggers, list) {
+ list_for_each_entry_safe(test, n, &file->triggers, list) {
if (test->cmd_ops->trigger_type == ETT_HIST_ENABLE) {
list_del_rcu(&test->list);
update_cond_flag(file);
Powered by blists - more mailing lists