On Thu, 9 Oct 2025 10:23:45 +0530 Ankit Khushwaha <[email protected]> wrote:
> The return value from __rb_map_vma(), which rejects writable or > executable mappings (VM_WRITE, VM_EXEC, or !VM_MAYSHARE), was being > ignored. As a result the caller of `__rb_map_vma` always returned 0 even > when the > mapping had actually failed, allowing it to proceed with an invalid VMA. > > Reported-by: [email protected] > Closes: > https://syzkaller.appspot.com/bug?id=194151be8eaebd826005329b2e123aecae714bdb > Signed-off-by: Ankit Khushwaha <[email protected]> > --- > > Changes in v3: > https://lore.kernel.org/linux-trace-kernel/[email protected]/ > * Same as v2:) > > Changes in v2: > https://lore.kernel.org/linux-trace-kernel/[email protected]/ > * applied minor cleanup suggested by Steve in v1 > This is good practice, but I already pulled in v2. -- Steve > --- > kernel/trace/ring_buffer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c > index 43460949ad3f..1244d2c5c384 100644 > --- a/kernel/trace/ring_buffer.c > +++ b/kernel/trace/ring_buffer.c > @@ -7273,7 +7273,7 @@ int ring_buffer_map(struct trace_buffer *buffer, int > cpu, > atomic_dec(&cpu_buffer->resize_disabled); > } > > - return 0; > + return err; > } > > int ring_buffer_unmap(struct trace_buffer *buffer, int cpu)
