Fix: kretprobe: null ptr deref on session destroy
authorFrancis Deslauriers <francis.deslauriers@efficios.com>
Wed, 17 Mar 2021 14:40:56 +0000 (10:40 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 17 Mar 2021 17:43:36 +0000 (13:43 -0400)
The `filter_bytecode_runtime_head` list is currently not initialized for
the return event of the kretprobe. This caused a kernel null ptr
dereference when destroying a session. It can reproduced with the
following commands:

  lttng create
  lttng enable-event -k --function=lttng_test_filter_event_write my_event
  lttng start
  lttng stop
  lttng destroy

Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I1162ce8b10dd7237a26331531f048346b984eee7

src/lttng-events.c

index 2bec72847e36760f93fc5d04400b501b50149c34..d819c9e20dac0e28719b61aeb6373da868cc5efc 100644 (file)
@@ -949,6 +949,8 @@ struct lttng_event *_lttng_event_create(struct lttng_channel *chan,
                event_return->enabled = 0;
                event_return->registered = 1;
                event_return->instrumentation = itype;
+               INIT_LIST_HEAD(&event_return->filter_bytecode_runtime_head);
+               INIT_LIST_HEAD(&event_return->enablers_ref_head);
                /*
                 * Populate lttng_event structure before kretprobe registration.
                 */
This page took 0.027476 seconds and 4 git commands to generate.