Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp9359499rwl;
        Wed, 11 Jan 2023 04:55:18 -0800 (PST)
X-Google-Smtp-Source: AMrXdXuNBMYwbtYBSe+SRArnXs9FUYVjd8cwIpDkMZcrcevb/0GpKxCMserqMm0YhjMaQN7havyo
X-Received: by 2002:a05:6a20:4660:b0:ad:79bb:a417 with SMTP id eb32-20020a056a20466000b000ad79bba417mr75105878pzb.9.1673441718452;
        Wed, 11 Jan 2023 04:55:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673441718; cv=none;
        d=google.com; s=arc-20160816;
        b=NY8yxWeJ56XEfWet1CLlMfzNzuET8pYIMjWAeQD5zqQ67h06A/+5kGIHn6egN27FJM
         HauY86Aa2/jNukXyDwHRY/tMLuAugMNRjWbfJeNAdsBwaD8gitBVcO9x1t1dfTwCAokc
         bsMZQczh6ZHOlV7z0TM9UDe0xDORXrpKX1mh0ob7yJrvfDuLKxGQ2+PEOpX86QdBmU2o
         KvdbhfcOpwel2utVL8CM5eyrBsnYlIeijZrFfaeleFde9/EnGbmwog5ZG8mGwc+6LK8y
         daAR3e3F7h/dExdhuPKoBCdMr9n01rj/QjeJDeN9OQFMHJmdBeonrlPYfLnfuAoBkYFp
         gaJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=eswjVjUBsd8dPqvAkgLliiGbiLEVIjPzwf1Ueh0iKWs=;
        b=OnQlAtdBA2z2Hec6iJOvEfcBp6zc8apw7LUDjJgqJlYr9ggWY8jVf5ye+LXzaESEqS
         d5v/+KkPvE7nXsQURslTiIJmLxp+FH3bIM1m4RsS3wZKB2ag/1u9g1BeaLfHS7TtxwYT
         zt5PQkuKRjicTCyI6LLs3dCPtOC82gi56HMreaYcEawr2WCn4+szcRKkAxL2GcQrUXFe
         0PzU+TTcjOdd0cXs5f3Ezdd5IMQb6wss9mlz8z6fggkOAHwRcGVNUmm1eaah3Gotn+1A
         lEz4rgg+lhYDI7cuoNm3YuCyvldFMKrK/i+mAJnSZqEa0oUs+qWysP2TT1UjX+6VFGWx
         FNAA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h9-20020a655189000000b0048205aae13esi14003155pgq.701.2023.01.11.04.55.11;
        Wed, 11 Jan 2023 04:55:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233184AbjAKMFt (ORCPT <rfc822;aaronngray.lists@gmail.com>
        + 53 others); Wed, 11 Jan 2023 07:05:49 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55258 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239294AbjAKMEd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Jan 2023 07:04:33 -0500
Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E78A425D3
        for <linux-kernel@vger.kernel.org>; Wed, 11 Jan 2023 04:04:13 -0800 (PST)
Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru
 (195.54.195.159) with Microsoft SMTP Server (TLS) id 14.3.498.0; Wed, 11 Jan
 2023 15:04:12 +0300
Received: from KANASHIN1.fintech.ru (10.0.253.125) by Ex16-01.fintech.ru
 (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 11 Jan
 2023 15:04:11 +0300
From:   Natalia Petrova <n.petrova@fintech.ru>
To:     Steven Rostedt <rostedt@goodmis.org>
CC:     Natalia Petrova <n.petrova@fintech.ru>,
        Ingo Molnar <mingo@redhat.com>, <linux-kernel@vger.kernel.org>,
        <lvc-project@linuxtesting.org>
Subject: [PATCH] trace_events_hist: add check for return value of 'create_hist_field'
Date:   Wed, 11 Jan 2023 15:04:09 +0300
Message-ID: <20230111120409.4111-1-n.petrova@fintech.ru>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.0.253.125]
X-ClientProxiedBy: Ex16-01.fintech.ru (10.0.10.18) To Ex16-01.fintech.ru
 (10.0.10.18)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Function 'create_hist_field' is called recursively at
trace_events_hist.c:1954 and can return NULL-value that's why we have
to check it to avoid null pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 30350d65ac56 ("tracing: Add variable support to hist triggers")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
---
 kernel/trace/trace_events_hist.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index fdf784620c28..9c8c1614a78e 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1952,6 +1952,8 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data,
 		hist_field->fn = flags & HIST_FIELD_FL_LOG2 ? hist_field_log2 :
 			hist_field_bucket;
 		hist_field->operands[0] = create_hist_field(hist_data, field, fl, NULL);
+		if (!hist_field->operands[0])
+			goto free;
 		hist_field->size = hist_field->operands[0]->size;
 		hist_field->type = kstrdup_const(hist_field->operands[0]->type, GFP_KERNEL);
 		if (!hist_field->type)
-- 
2.34.1