iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4ad9a1ccac31a04a32b5e7547b70428830e0218
linux/kernel
History
Steven Rostedt (VMware) d4ad9a1cca ftrace: Reset fgd->hash in ftrace_graph_write() 
fgd->hash is saved and then freed, but is never reset to either
ftrace_graph_hash nor ftrace_graph_notrace_hash. But if multiple writes are
performed, then the freed hash could be accessed again.

 # cd /sys/kernel/debug/tracing
 # head -1000 available_filter_functions > /tmp/funcs
 # cat /tmp/funcs > set_graph_function

Causes:

 general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
 Modules linked in:  [...]
 CPU: 2 PID: 1337 Comm: cat Not tainted 4.10.0-rc2-test-00010-g6b052e9 #32
 Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v02.05 05/07/2012
 task: ffff880113a12200 task.stack: ffffc90001940000
 RIP: 0010:free_ftrace_hash+0x7c/0x160
 RSP: 0018:ffffc90001943db0 EFLAGS: 00010246
 RAX: 6b6b6b6b6b6b6b6b RBX: 6b6b6b6b6b6b6b6b RCX: 6b6b6b6b6b6b6b6b
 RDX: 0000000000000002 RSI: 0000000000000001 RDI: ffff8800ce1e1d40
 RBP: ffff8800ce1e1d50 R08: 0000000000000000 R09: 0000000000006400
 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
 R13: ffff8800ce1e1d40 R14: 0000000000004000 R15: 0000000000000001
 FS:  00007f9408a07740(0000) GS:ffff88011e500000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000aee1f0 CR3: 0000000116bb4000 CR4: 00000000001406e0
 Call Trace:
  ? ftrace_graph_write+0x150/0x190
  ? __vfs_write+0x1f6/0x210
  ? __audit_syscall_entry+0x17f/0x200
  ? rw_verify_area+0xdb/0x210
  ? _cond_resched+0x2b/0x50
  ? __sb_start_write+0xb4/0x130
  ? vfs_write+0x1c8/0x330
  ? SyS_write+0x62/0xf0
  ? do_syscall_64+0xa3/0x1b0
  ? entry_SYSCALL64_slow_path+0x25/0x25
 Code: 01 48 85 db 0f 84 92 00 00 00 b8 01 00 00 00 d3 e0 85 c0 7e 3f 83 e8 01 48 8d 6f 10 45 31 e4 4c 8d 34 c5 08 00 00 00 49 8b 45 08 <4a> 8b 34 20 48 85 f6 74 13 48 8b 1e 48 89 ef e8 20 fa ff ff 48
 RIP: free_ftrace_hash+0x7c/0x160 RSP: ffffc90001943db0
 ---[ end trace 999b48216bf4b393 ]---

Acked-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2017-02-03 10:59:06 -05:00
..
bpf
bpf: fix mark_reg_unknown_value for spilled regs on map value marking
2016-12-17 21:27:44 -05:00
configs
config: android: enable CONFIG_SECCOMP
2016-10-11 15:06:32 -07:00
debug
kdb: call vkdb_printf() from vprintk_default() only when wanted
2016-12-14 16:04:08 -08:00
events
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2016-12-23 16:49:12 -08:00
gcov
gcov: add support for gcc version >= 6
2016-07-15 14:54:27 +09:00
irq
genirq/affinity: Fix node generation from cpumask
2016-12-15 12:32:35 +01:00
livepatch
livepatch/module: make TAINT_LIVEPATCH module-specific
2016-08-26 14:42:08 +02:00
locking
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
power
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
printk
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
rcu
rcu: Don't kick unless grace period or request
2016-11-14 10:46:31 -08:00
sched
ktime: Cleanup ktime_set() usage
2016-12-25 17:21:22 +01:00
time
ktime: Cleanup ktime_set() usage
2016-12-25 17:21:22 +01:00
trace
ftrace: Reset fgd->hash in ftrace_graph_write()
2017-02-03 10:59:06 -05:00
.gitignore
acct.c
async.c
audit_fsnotify.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-12-17 18:44:00 -08:00
audit_tree.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-12-17 18:44:00 -08:00
audit_watch.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-12-17 18:44:00 -08:00
audit.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-12-17 18:44:00 -08:00
audit.h
audit_log_{name,link_denied}: constify struct path
2016-12-05 19:00:38 -05:00
auditfilter.c
audit: add support for session ID user filter
2016-11-29 15:10:12 -05:00
auditsc.c
Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit
2016-12-14 14:06:40 -08:00
backtracetest.c
bounds.c
capability.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
cgroup_freezer.c
cgroup_pids.c
cgroup: Use lld instead of ld when printing pids controller events_limit
2016-06-21 15:03:36 -04:00
cgroup.c
cgroup: add support for eBPF programs
2016-11-25 16:25:52 -05:00
compat.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
configs.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
context_tracking.c
cpu_pm.c
cpu.c
smp/hotplug: Undo tglxs brainfart
2016-12-26 17:30:24 -08:00
cpuset.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
crash_dump.c
cred.c
cred: Reject inodes with invalid ids in set_create_file_as()
2016-06-30 18:05:09 -05:00
delayacct.c
dma.c
elfcore.c
exec_domain.c
exit.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
extable.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
fork.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
freezer.c
freezer, oom: check TIF_MEMDIE on the correct task
2016-07-28 16:07:41 -07:00
futex_compat.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
futex.c
ktime: Get rid of the union
2016-12-25 17:21:22 +01:00
groups.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
hung_task.c
hung_task: decrement sysctl_hung_task_warnings only if it is positive
2016-12-12 18:55:09 -08:00
irq_work.c
jump_label.c
Merge tag 'powerpc-4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
2016-08-05 09:00:54 -04:00
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
locking/mutex: Allow MUTEX_SPIN_ON_OWNER when DEBUG_MUTEXES
2016-10-25 11:31:51 +02:00
Kconfig.preempt
kcov.c
kcov: make kcov work properly with KASLR enabled
2016-12-20 09:48:47 -08:00
kexec_core.c
kexec: add cond_resched into kimage_alloc_crash_control_pages
2016-12-14 16:04:07 -08:00
kexec_file.c
ima: on soft reboot, save the measurement list
2016-12-20 09:48:44 -08:00
kexec_internal.h
kexec_file: Allow arch-specific memory walking for kexec_add_buffer
2016-11-30 23:14:57 +11:00
kexec.c
kexec: allow architectures to override boot mapping
2016-08-02 19:35:27 -04:00
kmod.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
kprobes.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
ksysfs.c
kexec: add a kexec_crash_loaded() function
2016-08-02 19:35:30 -04:00
kthread.c
kthread: add __printf attributes
2016-12-12 18:55:06 -08:00
latencytop.c
Makefile
Merge branch 'akpm' (patches from Andrew)
2016-12-14 17:25:18 -08:00
membarrier.c
memremap.c
mm: fix cache mode of dax pmd mappings
2016-09-09 17:34:46 -07:00
module_signing.c
module-internal.h
module.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
notifier.c
nsproxy.c
padata.c
padata: Remove unused but set variables
2016-10-25 11:08:10 +08:00
panic.c
taint/module: Clean up global and module taint flags handling
2016-11-26 11:18:01 -08:00
params.c
pid_namespace.c
Merge branch 'nsfs-ioctls' into HEAD
2016-09-22 20:00:36 -05:00
pid.c
remove lots of IS_ERR_VALUE abuses
2016-05-27 15:26:11 -07:00
profile.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
ptrace.c
ptrace: Don't allow accessing an undumpable mm
2016-11-22 12:57:38 -06:00
range.c
reboot.c
relay.c
relay: check array offset before using it
2016-12-14 16:04:08 -08:00
resource.c
seccomp.c
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
2016-12-14 13:57:44 -08:00
signal.c
ktime: Get rid of the union
2016-12-25 17:21:22 +01:00
smp.c
kernel/smp: Tell the user we're bringing up secondary CPUs
2016-10-26 12:02:35 +02:00
smpboot.c
kthread/smpboot: do not park in kthread_create_on_cpu()
2016-10-11 15:06:33 -07:00
smpboot.h
softirq.c
softirq: Display IRQ_POLL for irq-poll statistics
2016-10-21 15:45:47 -06:00
stacktrace.c
stop_machine.c
locking/core, stop_machine: Yield the CPU during stop machine()
2016-11-16 10:15:09 +01:00
sys_ni.c
move aio compat to fs/aio.c
2016-12-22 22:58:37 -05:00
sys.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
sysctl_binary.c
sysctl: add KERN_CONT to deprecated_sysctl_warning()
2016-12-14 16:04:07 -08:00
sysctl.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
task_work.c
task_work: use READ_ONCE/lockless_dereference, avoid pi_lock if !task_works
2016-08-02 19:35:02 -04:00
taskstats.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-11-15 10:54:36 -05:00
test_kprobes.c
torture.c
torture: Convert torture_shutdown() to hrtimer
2016-08-22 10:01:49 -07:00
tracepoint.c
tracing: Have the reg function allow to fail
2016-12-09 09:13:30 -05:00
tsacct.c
ucount.c
mntns: Add a limit on the number of mount namespaces.
2016-08-31 07:28:35 -05:00
uid16.c
Replace <asm/uaccess.h> with <linux/uaccess.h> globally
2016-12-24 11:46:01 -08:00
up.c
smp: Add function to execute a function synchronously on a CPU
2016-09-05 13:52:39 +02:00
user_namespace.c
Merge branch 'nsfs-ioctls' into HEAD
2016-09-22 20:00:36 -05:00
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
Merge branch 'nsfs-ioctls' into HEAD
2016-09-22 20:00:36 -05:00
watchdog_hld.c
kernel/watchdog.c: move hardlockup detector to separate file
2016-12-14 16:04:08 -08:00
watchdog.c
kernel/watchdog.c: move hardlockup detector to separate file
2016-12-14 16:04:08 -08:00
workqueue_internal.h
workqueue.c
Merge branch 'for-4.9' into for-4.10
2016-10-19 12:12:40 -04:00