AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-10 08:35:54 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
ff9d31d0d4
linux_dsm_epyc7002/kernel/trace
History
Tom Zanussi ff9d31d0d4 tracing: Remove unnecessary var_ref destroy in track_data_destroy() 
Commit 656fe2ba85 (tracing: Use hist trigger's var_ref array to
destroy var_refs) centralized the destruction of all the var_refs
in one place so that other code didn't have to do it.

The track_data_destroy() added later ignored that and also destroyed
the track_data var_ref, causing a double-free error flagged by KASAN.

==================================================================
BUG: KASAN: use-after-free in destroy_hist_field+0x30/0x70
Read of size 8 at addr ffff888086df2210 by task bash/1694

CPU: 6 PID: 1694 Comm: bash Not tainted 5.1.0-rc1-test+ #15
Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03
07/14/2016
Call Trace:
 dump_stack+0x71/0xa0
 ? destroy_hist_field+0x30/0x70
 print_address_description.cold.3+0x9/0x1fb
 ? destroy_hist_field+0x30/0x70
 ? destroy_hist_field+0x30/0x70
 kasan_report.cold.4+0x1a/0x33
 ? __kasan_slab_free+0x100/0x150
 ? destroy_hist_field+0x30/0x70
 destroy_hist_field+0x30/0x70
 track_data_destroy+0x55/0xe0
 destroy_hist_data+0x1f0/0x350
 hist_unreg_all+0x203/0x220
 event_trigger_open+0xbb/0x130
 do_dentry_open+0x296/0x700
 ? stacktrace_count_trigger+0x30/0x30
 ? generic_permission+0x56/0x200
 ? __x64_sys_fchdir+0xd0/0xd0
 ? inode_permission+0x55/0x200
 ? security_inode_permission+0x18/0x60
 path_openat+0x633/0x22b0
 ? path_lookupat.isra.50+0x420/0x420
 ? __kasan_kmalloc.constprop.12+0xc1/0xd0
 ? kmem_cache_alloc+0xe5/0x260
 ? getname_flags+0x6c/0x2a0
 ? do_sys_open+0x149/0x2b0
 ? do_syscall_64+0x73/0x1b0
 ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
 ? _raw_write_lock_bh+0xe0/0xe0
 ? __kernel_text_address+0xe/0x30
 ? unwind_get_return_address+0x2f/0x50
 ? __list_add_valid+0x2d/0x70
 ? deactivate_slab.isra.62+0x1f4/0x5a0
 ? getname_flags+0x6c/0x2a0
 ? set_track+0x76/0x120
 do_filp_open+0x11a/0x1a0
 ? may_open_dev+0x50/0x50
 ? _raw_spin_lock+0x7a/0xd0
 ? _raw_write_lock_bh+0xe0/0xe0
 ? __alloc_fd+0x10f/0x200
 do_sys_open+0x1db/0x2b0
 ? filp_open+0x50/0x50
 do_syscall_64+0x73/0x1b0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fa7b24a4ca2
Code: 25 00 00 41 00 3d 00 00 41 00 74 4c 48 8d 05 85 7a 0d 00 8b 00 85 c0
75 6d 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff
0f 87 a2 00 00 00 48 8b 4c 24 28 64 48 33 0c 25
RSP: 002b:00007fffbafb3af0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000055d3648ade30 RCX: 00007fa7b24a4ca2
RDX: 0000000000000241 RSI: 000055d364a55240 RDI: 00000000ffffff9c
RBP: 00007fffbafb3bf0 R08: 0000000000000020 R09: 0000000000000002
R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000003 R14: 0000000000000001 R15: 000055d364a55240
==================================================================

So remove the track_data_destroy() destroy_hist_field() call for that
var_ref.

Link: http://lkml.kernel.org/r/1deffec420f6a16d11dd8647318d34a66d1989a9.camel@linux.intel.com

Fixes: 466f4528fb ("tracing: Generalize hist trigger onmax and save action")
Reported-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2019-03-26 08:34:00 -04:00
..
blktrace.c blkcg: annotate implicit fall through 2019-03-13 14:31:12 -06:00
bpf_trace.c Merge branch 'linus' into perf/core, to pick up fixes 2019-02-28 08:27:17 +01:00
fgraph.c tracing: Fix ftrace_graph_get_ret_stack() to use task and not current 2018-12-22 08:21:03 -05:00
ftrace_internal.h ftrace: Create new ftrace_internal.h header 2018-12-08 20:54:06 -05:00
ftrace.c ftrace: Allow enabling of filters via index of available_filter_functions 2019-02-15 13:10:09 -05:00
Kconfig kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig 2019-02-27 21:43:20 +09:00
Makefile tracing: Add unified dynamic event framework 2018-12-08 20:54:09 -05:00
power-traces.c
preemptirq_delay_test.c
ring_buffer_benchmark.c
ring_buffer.c tracing: kdb: Fix ftdump to not sleep 2019-03-13 09:46:10 -04:00
rpm-traces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_benchmark.c
trace_benchmark.h
trace_branch.c
trace_clock.c
trace_dynevent.c tracing: Add generic event-name based remove event method 2018-12-10 12:22:44 -05:00
trace_dynevent.h tracing: Add unified dynamic event framework 2018-12-08 20:54:09 -05:00
trace_entries.h tracing: Change the function format to display function names by perf 2019-02-11 14:53:43 -05:00
trace_event_perf.c tracing/perf: Use strndup_user() instead of buggy open-coded version 2019-02-21 10:35:10 -05:00
trace_events_filter_test.h
trace_events_filter.c The biggest change for this release is in the histogram code. 2019-03-11 17:01:32 -07:00
trace_events_hist.c tracing: Remove unnecessary var_ref destroy in track_data_destroy() 2019-03-26 08:34:00 -04:00
trace_events_trigger.c tracing: Fix memory leak in set_trigger_filter() 2018-12-11 13:50:19 -05:00
trace_events.c tracing: Use str_has_prefix() instead of using fixed sizes 2018-12-22 22:51:54 -05:00
trace_export.c
trace_functions_graph.c tracing: Put a margin between flags and duration for wakeup tracers 2019-02-06 11:56:19 -05:00
trace_functions.c
trace_hwlat.c
trace_irqsoff.c The biggest change for this release is in the histogram code. 2019-03-11 17:01:32 -07:00
trace_kdb.c tracing: kdb: Fix ftdump to not sleep 2019-03-13 09:46:10 -04:00
trace_kprobe_selftest.c
trace_kprobe_selftest.h
trace_kprobe.c This contains a series of last minute clean ups, small fixes and 2019-03-15 14:47:02 -07:00
trace_mmiotrace.c
trace_nop.c
trace_output.c tracing: Simplify printf'ing in seq_print_sym 2018-12-22 08:21:06 -05:00
trace_output.h
trace_preemptirq.c kprobes: Prohibit probing on hardirq tracers 2019-02-13 08:16:40 +01:00
trace_printk.c
trace_probe_tmpl.h tracing: probeevent: Correctly update remaining space in dynamic area 2019-02-11 15:58:30 -05:00
trace_probe.c tracing/probe: Check event/group naming rule at parsing 2019-03-14 19:54:11 -04:00
trace_probe.h tracing/probe: Check the size of argument name and body 2019-03-14 19:53:57 -04:00
trace_sched_switch.c
trace_sched_wakeup.c tracing: Add conditional snapshot 2019-02-20 13:51:06 -05:00
trace_selftest_dynamic.c
trace_selftest.c fgraph: Add new fgraph_ops structure to enable function graph hooks 2018-12-08 20:54:07 -05:00
trace_seq.c
trace_stack.c tracing: Use the return of str_has_prefix() to remove open coded numbers 2018-12-22 22:52:30 -05:00
trace_stat.c
trace_stat.h
trace_syscalls.c
trace_uprobe.c This contains a series of last minute clean ups, small fixes and 2019-03-15 14:47:02 -07:00
trace.c This contains a series of last minute clean ups, small fixes and 2019-03-15 14:47:02 -07:00
trace.h tracing: Add conditional snapshot 2019-02-20 13:51:06 -05:00
tracing_map.c
tracing_map.h