Hi, On Tue, 13 Aug 2024 13:25:40 -0400 Fernando Fernandez Mancera <[email protected]> wrote:
> When initializing trace_probes::nr_args, make sure the maximum number of > probe arguments is honored. Oherwise, we can hit a NULL pointer > dereferences in multiple situations like on traceprobe_set_print_fmt(). > > Link: https://bugzilla.redhat.com/2303876 Sorry for replying later. I'm not sure why but I did not found this in my mbox... Anyway, trace_probe_init() should return -E2BIG in this case because it is actuall wrong value. Can you update your patch? Thank you, > > Fixes: 035ba76014c0 ("tracing/probes: cleanup: Set trace_probe::nr_args at > trace_probe_init") > Signed-off-by: Fernando Fernandez Mancera <[email protected]> > --- > kernel/trace/trace_probe.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c > index 39877c80d6cb..f577b5e71026 100644 > --- a/kernel/trace/trace_probe.c > +++ b/kernel/trace/trace_probe.c > @@ -2043,10 +2043,14 @@ int trace_probe_init(struct trace_probe *tp, const > char *event, > goto error; > } > > - tp->nr_args = nargs; > + if (nargs > MAX_TRACE_ARGS) > + tp->nr_args = MAX_TRACE_ARGS; > + else > + tp->nr_args = nargs; > + > /* Make sure pointers in args[] are NULL */ > if (nargs) > - memset(tp->args, 0, sizeof(tp->args[0]) * nargs); > + memset(tp->args, 0, sizeof(tp->args[0]) * tp->nr_args); > > return 0; > -- Masami Hiramatsu (Google) <[email protected]>
