From nobody Sat Feb 7 19:08:08 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12ACFEB64DA for ; Wed, 5 Jul 2023 14:46:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232642AbjGEOqi (ORCPT ); Wed, 5 Jul 2023 10:46:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232113AbjGEOqf (ORCPT ); Wed, 5 Jul 2023 10:46:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D96F1B6; Wed, 5 Jul 2023 07:46:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 98FB8612B1; Wed, 5 Jul 2023 14:46:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0DA7BC433C9; Wed, 5 Jul 2023 14:46:32 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1qH3m4-003Pgs-0D; Wed, 05 Jul 2023 10:46:32 -0400 Message-ID: <20230705144631.880308757@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 05 Jul 2023 10:40:32 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , stable@vger.kernel.org, Mateusz Stachyra Subject: [for-linus][PATCH 1/3] tracing: Fix null pointer dereference in tracing_err_log_open() References: <20230705144031.702796304@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Mateusz Stachyra Fix an issue in function 'tracing_err_log_open'. The function doesn't call 'seq_open' if the file is opened only with write permissions, which results in 'file->private_data' being left as null. If we then use 'lseek' on that opened file, 'seq_lseek' dereferences 'file->private_data' in 'mutex_lock(&m->lock)', resulting in a kernel panic. Writing to this node requires root privileges, therefore this bug has very little security impact. Tracefs node: /sys/kernel/tracing/error_log Example Kernel panic: Unable to handle kernel NULL pointer dereference at virtual address 0000000= 000000038 Call trace: mutex_lock+0x30/0x110 seq_lseek+0x34/0xb8 __arm64_sys_lseek+0x6c/0xb8 invoke_syscall+0x58/0x13c el0_svc_common+0xc4/0x10c do_el0_svc+0x24/0x98 el0_svc+0x24/0x88 el0t_64_sync_handler+0x84/0xe4 el0t_64_sync+0x1b4/0x1b8 Code: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02) Acked-by: Masami Hiramatsu (Google) Suggested-by: Steven Rostedt ---[ end trace 561d1b49c12cf8a5 ]--- Kernel panic - not syncing: Oops: Fatal exception Link: https://lore.kernel.org/linux-trace-kernel/20230703155237eucms1p4dfb6= a19caa14c79eb6c823d127b39024@eucms1p4 Link: https://lore.kernel.org/linux-trace-kernel/20230704102706eucms1p30d7e= cdcc287f46ad67679fc8491b2e0f@eucms1p3 Cc: stable@vger.kernel.org Fixes: 8a062902be725 ("tracing: Add tracing error log") Signed-off-by: Mateusz Stachyra Suggested-by: Steven Rostedt Acked-by: Masami Hiramatsu (Google) Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 64a4dde073ef..3d34e6fea6b2 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -8135,7 +8135,7 @@ static const struct file_operations tracing_err_log_f= ops =3D { .open =3D tracing_err_log_open, .write =3D tracing_err_log_write, .read =3D seq_read, - .llseek =3D seq_lseek, + .llseek =3D tracing_lseek, .release =3D tracing_err_log_release, }; =20 --=20 2.39.2 From nobody Sat Feb 7 19:08:08 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D55BC001B0 for ; Wed, 5 Jul 2023 14:46:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232696AbjGEOqq (ORCPT ); Wed, 5 Jul 2023 10:46:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232214AbjGEOqg (ORCPT ); Wed, 5 Jul 2023 10:46:36 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A8F610CF for ; Wed, 5 Jul 2023 07:46:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D2090615D5 for ; Wed, 5 Jul 2023 14:46:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40570C433CC; Wed, 5 Jul 2023 14:46:33 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1qH3m4-003Phk-0s; Wed, 05 Jul 2023 10:46:32 -0400 Message-ID: <20230705144632.086008297@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 05 Jul 2023 10:40:33 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Will Deacon , Donglin Peng , Arnd Bergmann , Florent Revest , Randy Dunlap , Catalin Marinas Subject: [for-linus][PATCH 2/3] arm64: ftrace: fix build error with CONFIG_FUNCTION_GRAPH_TRACER=n References: <20230705144031.702796304@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Arnd Bergmann It appears that a merge conflict ended up hiding a newly added constant in some configurations: arch/arm64/kernel/entry-ftrace.S: Assembler messages: arch/arm64/kernel/entry-ftrace.S:59: Error: undefined symbol FTRACE_OPS_DIR= ECT_CALL used as an immediate value FTRACE_OPS_DIRECT_CALL is still used when CONFIG_DYNAMIC_FTRACE_WITH_DIRECT= _CALLS is enabled, even if CONFIG_FUNCTION_GRAPH_TRACER is disabled, so change the ifdef accordingly. Link: https://lkml.kernel.org/r/20230623152204.2216297-1-arnd@kernel.org Cc: Will Deacon Cc: Mark Rutland Cc: Donglin Peng Fixes: 3646970322464 ("arm64: ftrace: Enable HAVE_FUNCTION_GRAPH_RETVAL") Signed-off-by: Arnd Bergmann Acked-by: Florent Revest Reviewed-by: Randy Dunlap Tested-by: Randy Dunlap # build-tested Acked-by: Catalin Marinas Signed-off-by: Steven Rostedt (Google) --- arch/arm64/kernel/asm-offsets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offset= s.c index 757d01a68ffd..5ff1942b04fc 100644 --- a/arch/arm64/kernel/asm-offsets.c +++ b/arch/arm64/kernel/asm-offsets.c @@ -213,9 +213,9 @@ int main(void) DEFINE(FGRET_REGS_X7, offsetof(struct fgraph_ret_regs, regs[7])); DEFINE(FGRET_REGS_FP, offsetof(struct fgraph_ret_regs, fp)); DEFINE(FGRET_REGS_SIZE, sizeof(struct fgraph_ret_regs)); +#endif #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS DEFINE(FTRACE_OPS_DIRECT_CALL, offsetof(struct ftrace_ops, direct_call)); -#endif #endif return 0; } --=20 2.39.2 From nobody Sat Feb 7 19:08:08 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AAED4EB64DD for ; Wed, 5 Jul 2023 14:46:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232686AbjGEOqo (ORCPT ); Wed, 5 Jul 2023 10:46:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232244AbjGEOqg (ORCPT ); Wed, 5 Jul 2023 10:46:36 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BEDF10D5 for ; Wed, 5 Jul 2023 07:46:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EB66F615C9 for ; Wed, 5 Jul 2023 14:46:33 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5D96BC433C8; Wed, 5 Jul 2023 14:46:33 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1qH3m4-003PiJ-1Y; Wed, 05 Jul 2023 10:46:32 -0400 Message-ID: <20230705144632.294731621@goodmis.org> User-Agent: quilt/0.66 Date: Wed, 05 Jul 2023 10:40:34 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Azeem Shaikh , Kees Cook Subject: [for-linus][PATCH 3/3] tracing/boot: Test strscpy() against less than zero for error References: <20230705144031.702796304@goodmis.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Steven Rostedt (Google)" Instead of checking for -E2BIG, it is better to just check for less than zero of strscpy() for error. Testing for -E2BIG is not very robust, and the calling code does not really care about the error code, just that there was an error. One of the updates to convert strlcpy() to strscpy() had a v2 version that changed the test from testing against -E2BIG to less than zero, but I took the v1 version that still tested for -E2BIG. Link: https://lore.kernel.org/linux-trace-kernel/20230615180420.400769-1-az= eemshaikh38@gmail.com/ Link: https://lore.kernel.org/linux-trace-kernel/20230704100807.707d1605@ro= rschach.local.home Cc: Mark Rutland Cc: Azeem Shaikh Cc: Kees Cook Acked-by: Masami Hiramatsu (Google) Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace_boot.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/trace/trace_boot.c b/kernel/trace/trace_boot.c index 5fe525f1b8cc..7ccc7a8e155b 100644 --- a/kernel/trace/trace_boot.c +++ b/kernel/trace/trace_boot.c @@ -31,7 +31,7 @@ trace_boot_set_instance_options(struct trace_array *tr, s= truct xbc_node *node) =20 /* Common ftrace options */ xbc_node_for_each_array_value(node, "options", anode, p) { - if (strscpy(buf, p, ARRAY_SIZE(buf)) =3D=3D -E2BIG) { + if (strscpy(buf, p, ARRAY_SIZE(buf)) < 0) { pr_err("String is too long: %s\n", p); continue; } @@ -87,7 +87,7 @@ trace_boot_enable_events(struct trace_array *tr, struct x= bc_node *node) const char *p; =20 xbc_node_for_each_array_value(node, "events", anode, p) { - if (strscpy(buf, p, ARRAY_SIZE(buf)) =3D=3D -E2BIG) { + if (strscpy(buf, p, ARRAY_SIZE(buf)) < 0) { pr_err("String is too long: %s\n", p); continue; } @@ -486,7 +486,7 @@ trace_boot_init_one_event(struct trace_array *tr, struc= t xbc_node *gnode, =20 p =3D xbc_node_find_value(enode, "filter", NULL); if (p && *p !=3D '\0') { - if (strscpy(buf, p, ARRAY_SIZE(buf)) =3D=3D -E2BIG) + if (strscpy(buf, p, ARRAY_SIZE(buf)) < 0) pr_err("filter string is too long: %s\n", p); else if (apply_event_filter(file, buf) < 0) pr_err("Failed to apply filter: %s\n", buf); @@ -494,7 +494,7 @@ trace_boot_init_one_event(struct trace_array *tr, struc= t xbc_node *gnode, =20 if (IS_ENABLED(CONFIG_HIST_TRIGGERS)) { xbc_node_for_each_array_value(enode, "actions", anode, p) { - if (strscpy(buf, p, ARRAY_SIZE(buf)) =3D=3D -E2BIG) + if (strscpy(buf, p, ARRAY_SIZE(buf)) < 0) pr_err("action string is too long: %s\n", p); else if (trigger_process_regex(file, buf) < 0) pr_err("Failed to apply an action: %s\n", p); --=20 2.39.2