Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp9359499rwl; Wed, 11 Jan 2023 04:55:18 -0800 (PST) X-Google-Smtp-Source: AMrXdXuNBMYwbtYBSe+SRArnXs9FUYVjd8cwIpDkMZcrcevb/0GpKxCMserqMm0YhjMaQN7havyo X-Received: by 2002:a05:6a20:4660:b0:ad:79bb:a417 with SMTP id eb32-20020a056a20466000b000ad79bba417mr75105878pzb.9.1673441718452; Wed, 11 Jan 2023 04:55:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673441718; cv=none; d=google.com; s=arc-20160816; b=NY8yxWeJ56XEfWet1CLlMfzNzuET8pYIMjWAeQD5zqQ67h06A/+5kGIHn6egN27FJM HauY86Aa2/jNukXyDwHRY/tMLuAugMNRjWbfJeNAdsBwaD8gitBVcO9x1t1dfTwCAokc bsMZQczh6ZHOlV7z0TM9UDe0xDORXrpKX1mh0ob7yJrvfDuLKxGQ2+PEOpX86QdBmU2o KvdbhfcOpwel2utVL8CM5eyrBsnYlIeijZrFfaeleFde9/EnGbmwog5ZG8mGwc+6LK8y daAR3e3F7h/dExdhuPKoBCdMr9n01rj/QjeJDeN9OQFMHJmdBeonrlPYfLnfuAoBkYFp gaJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=eswjVjUBsd8dPqvAkgLliiGbiLEVIjPzwf1Ueh0iKWs=; b=OnQlAtdBA2z2Hec6iJOvEfcBp6zc8apw7LUDjJgqJlYr9ggWY8jVf5ye+LXzaESEqS d5v/+KkPvE7nXsQURslTiIJmLxp+FH3bIM1m4RsS3wZKB2ag/1u9g1BeaLfHS7TtxwYT zt5PQkuKRjicTCyI6LLs3dCPtOC82gi56HMreaYcEawr2WCn4+szcRKkAxL2GcQrUXFe 0PzU+TTcjOdd0cXs5f3Ezdd5IMQb6wss9mlz8z6fggkOAHwRcGVNUmm1eaah3Gotn+1A lEz4rgg+lhYDI7cuoNm3YuCyvldFMKrK/i+mAJnSZqEa0oUs+qWysP2TT1UjX+6VFGWx FNAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h9-20020a655189000000b0048205aae13esi14003155pgq.701.2023.01.11.04.55.11; Wed, 11 Jan 2023 04:55:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233184AbjAKMFt (ORCPT + 53 others); Wed, 11 Jan 2023 07:05:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239294AbjAKMEd (ORCPT ); Wed, 11 Jan 2023 07:04:33 -0500 Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E78A425D3 for ; Wed, 11 Jan 2023 04:04:13 -0800 (PST) Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.159) with Microsoft SMTP Server (TLS) id 14.3.498.0; Wed, 11 Jan 2023 15:04:12 +0300 Received: from KANASHIN1.fintech.ru (10.0.253.125) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 11 Jan 2023 15:04:11 +0300 From: Natalia Petrova To: Steven Rostedt CC: Natalia Petrova , Ingo Molnar , , Subject: [PATCH] trace_events_hist: add check for return value of 'create_hist_field' Date: Wed, 11 Jan 2023 15:04:09 +0300 Message-ID: <20230111120409.4111-1-n.petrova@fintech.ru> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.0.253.125] X-ClientProxiedBy: Ex16-01.fintech.ru (10.0.10.18) To Ex16-01.fintech.ru (10.0.10.18) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Function 'create_hist_field' is called recursively at trace_events_hist.c:1954 and can return NULL-value that's why we have to check it to avoid null pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 30350d65ac56 ("tracing: Add variable support to hist triggers") Signed-off-by: Natalia Petrova --- kernel/trace/trace_events_hist.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index fdf784620c28..9c8c1614a78e 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1952,6 +1952,8 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data, hist_field->fn = flags & HIST_FIELD_FL_LOG2 ? hist_field_log2 : hist_field_bucket; hist_field->operands[0] = create_hist_field(hist_data, field, fl, NULL); + if (!hist_field->operands[0]) + goto free; hist_field->size = hist_field->operands[0]->size; hist_field->type = kstrdup_const(hist_field->operands[0]->type, GFP_KERNEL); if (!hist_field->type) -- 2.34.1