diff options
| author | Zilin Guan <zilin@seu.edu.cn> | 2024-12-31 12:37:31 +0100 |
|---|---|---|
| committer | Steven Rostedt (Google) <rostedt@goodmis.org> | 2025-01-02 23:21:18 +0100 |
| commit | d65474033740ded0a4fe9a097fce72328655b41d (patch) | |
| tree | 62fdb79dc1d3ab5293cde6653fcc5685a94b002c /kernel/signal.c | |
| parent | Linux 6.13-rc5 (diff) | |
| download | linux-d65474033740ded0a4fe9a097fce72328655b41d.tar.xz linux-d65474033740ded0a4fe9a097fce72328655b41d.zip | |
fgraph: Add READ_ONCE() when accessing fgraph_array[]
In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]
elements, which are fgraph_ops. The loop checks if an element is a
fgraph_stub to prevent using a fgraph_stub afterward.
However, if the compiler reloads fgraph_array[] after this check, it might
race with an update to fgraph_array[] that introduces a fgraph_stub. This
could result in the stub being processed, but the stub contains a null
"func_hash" field, leading to a NULL pointer dereference.
To ensure that the gops compared against the fgraph_stub matches the gops
processed later, add a READ_ONCE(). A similar patch appears in commit
63a8dfb ("function_graph: Add READ_ONCE() when accessing fgraph_array[]").
Cc: stable@vger.kernel.org
Fixes: 37238abe3cb47 ("ftrace/function_graph: Pass fgraph_ops to function graph callbacks")
Link: https://lore.kernel.org/20241231113731.277668-1-zilin@seu.edu.cn
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Diffstat (limited to 'kernel/signal.c')
0 files changed, 0 insertions, 0 deletions