]> git.baikalelectronics.ru Git - kernel.git/commitdiff
trace_events_hist: add check for return value of 'create_hist_field'
authorNatalia Petrova <n.petrova@fintech.ru>
Wed, 11 Jan 2023 12:04:09 +0000 (15:04 +0300)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 1 Feb 2023 07:34:37 +0000 (08:34 +0100)
commit 8b152e9150d07a885f95e1fd401fc81af202d9a4 upstream.

Function 'create_hist_field' is called recursively at
trace_events_hist.c:1954 and can return NULL-value that's why we have
to check it to avoid null pointer dereference.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Link: https://lkml.kernel.org/r/20230111120409.4111-1-n.petrova@fintech.ru
Cc: stable@vger.kernel.org
Fixes: 6ac0075044a9 ("tracing: Add variable support to hist triggers")
Signed-off-by: Natalia Petrova <n.petrova@fintech.ru>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/trace/trace_events_hist.c

index c6e406995c11247c934f31dd5fe21d83b408b1c1..da3bfe8625d9610990d8ae85f2da3cfc35a96e2a 100644 (file)
@@ -1975,6 +1975,8 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data,
                hist_field->fn_num = flags & HIST_FIELD_FL_LOG2 ? HIST_FIELD_FN_LOG2 :
                        HIST_FIELD_FN_BUCKET;
                hist_field->operands[0] = create_hist_field(hist_data, field, fl, NULL);
+               if (!hist_field->operands[0])
+                       goto free;
                hist_field->size = hist_field->operands[0]->size;
                hist_field->type = kstrdup_const(hist_field->operands[0]->type, GFP_KERNEL);
                if (!hist_field->type)