Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'trace-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fix from Steven Rostedt:

- Do not free "head" variable in filter_free_subsystem_filters()

The first error path jumps to "free_now" label but first frees the
newly allocated "head" variable. But the "free_now" code checks this
variable, and if it is not NULL, it will iterate the list. As this
list variable was already initialized, the "free_now" code will not
do anything as it is empty. But freeing it will cause a UAF bug.

The error path should simply jump to the "free_now" label and leave
the "head" variable alone.

* tag 'trace-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
tracing: Do not free "head" on error path of filter_free_subsystem_filters()

+1 -3
+1 -3
kernel/trace/trace_events_filter.c
··· 1437 1437 INIT_LIST_HEAD(&head->list); 1438 1438 1439 1439 item = kmalloc(sizeof(*item), GFP_KERNEL); 1440 - if (!item) { 1441 - kfree(head); 1440 + if (!item) 1442 1441 goto free_now; 1443 - } 1444 1442 1445 1443 item->filter = filter; 1446 1444 list_add_tail(&item->list, &head->list);