lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221031145046.2a7f9d32@rorschach.local.home>
Date:   Mon, 31 Oct 2022 14:50:46 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Roland Ruckerbauer <roland.rucky@...il.com>
Cc:     Masami Hiramatsu <mhiramat@...nel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [BUG] NULL pointer dereference probably caused by
 kernel/trace/ring_buffer.c

On Mon, 31 Oct 2022 14:02:12 +0100
Roland Ruckerbauer <roland.rucky@...il.com> wrote:

> For me the crash is easily reproducible. For testing I run 6.0.5
> upstream kernel, but I guess everything since 6.0.3 is affected as
> well.

I'm looking into a path that calls this function without allocating the
buffer (when the file descriptor is released) I'm still looking to find
that path, but in the mean time, could you test this?

-- Steve

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 199759c73519..c1c7ce4c6ddb 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -937,6 +937,9 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu)
 	struct ring_buffer_per_cpu *cpu_buffer;
 	struct rb_irq_work *rbwork;
 
+	if (!buffer)
+		return;
+
 	if (cpu == RING_BUFFER_ALL_CPUS) {
 
 		/* Wake up individual ones too. One level recursion */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ