diff mbox series

[v2] tracing/probes: fix traceprobe out-of-bounds argument allocation

Message ID 20240826152454.1990-1-ffmancera@riseup.net (mailing list archive)
State Rejected
Delegated to: Masami Hiramatsu
Headers show
Series [v2] tracing/probes: fix traceprobe out-of-bounds argument allocation | expand

Commit Message

Fernando F. Mancera Aug. 26, 2024, 3:24 p.m. UTC 
When initializing trace_probes::nr_args, make sure the maximum number of
probe arguments is honored. Oherwise, we can hit a NULL pointer
dereferences in multiple situations like on traceprobe_set_print_fmt().

Link: https://bugzilla.redhat.com/2303876

Fixes: 035ba76014c0 ("tracing/probes: cleanup: Set trace_probe::nr_args at trace_probe_init")
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
 kernel/trace/trace_probe.c | 4 ++++
 1 file changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c
index 39877c80d6cb..8d3eb1bcdb9c 100644
--- a/kernel/trace/trace_probe.c
+++ b/kernel/trace/trace_probe.c
@@ -2043,6 +2043,10 @@  int trace_probe_init(struct trace_probe *tp, const char *event,
 		goto error;
 	}
 
+	if (nargs > MAX_TRACE_ARGS) {
+		ret = -E2BIG;
+		goto error;
+	}
 	tp->nr_args = nargs;
 	/* Make sure pointers in args[] are NULL */
 	if (nargs)