[PATCH 2/2] tracing: Fix use-after-free in hist_register_trigger()

From: Tom Zanussi
Date: Wed Jun 29 2016 - 20:56:38 EST

Next message: Tom Zanussi: "[PATCH 0/2] tracing: hist trigger KASAN fixes"
Previous message: John Stultz: "[PATCH 2/2 v3] arm64: dts: hi6220: Add pl031 RTC support"
In reply to: Tom Zanussi: "[PATCH 1/2] tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This fixes a use-after-free case flagged by KASAN; make sure the test
happens before the potential free in this case.

Signed-off-by: Tom Zanussi <tom.zanussi@xxxxxxxxxxxxxxx>
---
kernel/trace/trace_events_hist.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c
index 19ae135..f3a960e 100644
--- a/kernel/trace/trace_events_hist.c
+++ b/kernel/trace/trace_events_hist.c
@@ -1441,6 +1441,9 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops,
goto out;
}

+ if (hist_data->attrs->pause)
+ data->paused = true;
+
if (named_data) {
destroy_hist_data(data->private_data);
data->private_data = named_data->private_data;
@@ -1448,9 +1451,6 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops,
data->ops = &event_hist_trigger_named_ops;
}

- if (hist_data->attrs->pause)
- data->paused = true;
-
if (data->ops->init) {
ret = data->ops->init(data->ops, data);
if (ret < 0)
--
1.9.3

Next message: Tom Zanussi: "[PATCH 0/2] tracing: hist trigger KASAN fixes"
Previous message: John Stultz: "[PATCH 2/2 v3] arm64: dts: hi6220: Add pl031 RTC support"
In reply to: Tom Zanussi: "[PATCH 1/2] tracing: Fix use-after-free in hist_unreg_all/hist_enable_unreg_all"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]