lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260124151456.350f3464@robin>
Date: Sat, 24 Jan 2026 15:14:56 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>, Masami Hiramatsu
 <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
 Donglin Peng <pengdonglin@...omi.com>, Ian Rogers <irogers@...gle.com>,
 Weigang He <geoffreyhe2@...il.com>
Subject: [GIT PULL] tracing: 1 crash fix and a few minor fixes


Linus,

tracing fixes for v6.19:

- Fix a crash with passing a stacktrace between synthetic events

  A synthetic event is an event that combines two events into a single event
  that can display fields from both events as well as the time delta that
  took place between the events. It can also pass a stacktrace from the
  first event so that it can be displayed by the synthetic event (this is
  useful to get a stacktrace of a task scheduling out when blocked and
  recording the time it was blocked for).

  A synthetic event can also connect an existing synthetic event to another
  event. An issue was found that if the first synthetic event had a stacktrace
  as one of its fields, and that stacktrace field was passed to the new
  synthetic event to be displayed, it would crash the kernel. This was due to
  the stacktrace not being saved as a stacktrace but was still marked as one.
  When the stacktrace was read, it would try to read an array but instead read
  the integer metadata of the stacktrace and dereferenced a bad value.

  Fix this by saving the stacktrace field as a stracktrace.

- Fix possible overflow in cmp_mod_entry() compare function

  A binary search is used to find a module address and if the addresses are
  greater than 2GB apart it could lead to truncation and cause a bad search
  result. Use normal compares instead of a subtraction between addresses to
  calculate the compare value.

- Fix output of entry arguments in function graph tracer

  Depending on the configurations enabled, the entry can be two different
  types that hold the argument array. The macro FGRAPH_ENTRY_ARGS() is used
  to find the correct arguments from the given type. One location was missed
  and still referenced the arguments directly via entry->args and could
  produce the wrong value depending on how the kernel was configured.

- Fix memory leak in scripts/tracepoint-update build tool

  If the array fails to allocate, the memory for the values needs to be
  freed and was not. Free the allocated values if the array failed to
  allocate.


Please pull the latest trace-v6.19-rc6 tree, which can be found at:


  git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace.git
trace-v6.19-rc6

Tag SHA1: 61089d5e2a044cd468c5a375f02c2d4fa441d4c2
Head SHA1: 361eb853c655288f3b5c8020f6cd95d69ffe6479


Donglin Peng (1):
      function_graph: Fix args pointer mismatch in print_graph_retval()

Ian Rogers (1):
      tracing: Avoid possible signed 64-bit truncation

Steven Rostedt (1):
      tracing: Fix crash on synthetic stacktrace field usage

Weigang He (1):
      scripts/tracepoint-update: Fix memory leak in add_string() on failure

----
 kernel/trace/trace.c                 | 8 ++++----
 kernel/trace/trace_events_hist.c     | 9 +++++++++
 kernel/trace/trace_events_synth.c    | 8 +++++++-
 kernel/trace/trace_functions_graph.c | 2 +-
 scripts/tracepoint-update.c          | 2 ++
 5 files changed, 23 insertions(+), 6 deletions(-)
---------------------------
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index baec63134ab6..8bd4ec08fb36 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6115,10 +6115,10 @@ static int cmp_mod_entry(const void *key, const void *pivot)
 	unsigned long addr = (unsigned long)key;
 	const struct trace_mod_entry *ent = pivot;
 
-	if (addr >= ent[0].mod_addr && addr < ent[1].mod_addr)
-		return 0;
-	else
-		return addr - ent->mod_addr;
+	if (addr < ent[0].mod_addr)
+		return -1;
+
+	return addr >= ent[1].mod_addr;
 }
 
 /**
diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 5e6e70540eef..c97bb2fda5c0 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -2057,6 +2057,15 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data,
 			hist_field->fn_num = HIST_FIELD_FN_RELDYNSTRING;
 		else
 			hist_field->fn_num = HIST_FIELD_FN_PSTRING;
+	} else if (field->filter_type == FILTER_STACKTRACE) {
+		flags |= HIST_FIELD_FL_STACKTRACE;
+
+		hist_field->size = MAX_FILTER_STR_VAL;
+		hist_field->type = kstrdup_const(field->type, GFP_KERNEL);
+		if (!hist_field->type)
+			goto free;
+
+		hist_field->fn_num = HIST_FIELD_FN_STACK;
 	} else {
 		hist_field->size = field->size;
 		hist_field->is_signed = field->is_signed;
diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c
index 4554c458b78c..45c187e77e21 100644
--- a/kernel/trace/trace_events_synth.c
+++ b/kernel/trace/trace_events_synth.c
@@ -130,7 +130,9 @@ static int synth_event_define_fields(struct trace_event_call *call)
 	struct synth_event *event = call->data;
 	unsigned int i, size, n_u64;
 	char *name, *type;
+	int filter_type;
 	bool is_signed;
+	bool is_stack;
 	int ret = 0;
 
 	for (i = 0, n_u64 = 0; i < event->n_fields; i++) {
@@ -138,8 +140,12 @@ static int synth_event_define_fields(struct trace_event_call *call)
 		is_signed = event->fields[i]->is_signed;
 		type = event->fields[i]->type;
 		name = event->fields[i]->name;
+		is_stack = event->fields[i]->is_stack;
+
+		filter_type = is_stack ? FILTER_STACKTRACE : FILTER_OTHER;
+
 		ret = trace_define_field(call, type, name, offset, size,
-					 is_signed, FILTER_OTHER);
+					 is_signed, filter_type);
 		if (ret)
 			break;
 
diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index b1e9c9913309..1de6f1573621 100644
--- a/kernel/trace/trace_functions_graph.c
+++ b/kernel/trace/trace_functions_graph.c
@@ -901,7 +901,7 @@ static void print_graph_retval(struct trace_seq *s, struct ftrace_graph_ent_entr
 		trace_seq_printf(s, "%ps", func);
 
 		if (args_size >= FTRACE_REGS_MAX_ARGS * sizeof(long)) {
-			print_function_args(s, entry->args, (unsigned long)func);
+			print_function_args(s, FGRAPH_ENTRY_ARGS(entry), (unsigned long)func);
 			trace_seq_putc(s, ';');
 		} else
 			trace_seq_puts(s, "();");
diff --git a/scripts/tracepoint-update.c b/scripts/tracepoint-update.c
index 90046aedc97b..5cf43c0aac89 100644
--- a/scripts/tracepoint-update.c
+++ b/scripts/tracepoint-update.c
@@ -49,6 +49,8 @@ static int add_string(const char *str, const char ***vals, int *count)
 		array = realloc(array, sizeof(char *) * size);
 		if (!array) {
 			fprintf(stderr, "Failed memory allocation\n");
+			free(*vals);
+			*vals = NULL;
 			return -1;
 		}
 		*vals = array;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ