projects / lttng-modules.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e2aaced)
Fix: kretprobe: null ptr deref on session destroy
authorFrancis Deslauriers <francis.deslauriers@efficios.com>
Wed, 17 Mar 2021 14:40:56 +0000 (10:40 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 17 Mar 2021 17:45:23 +0000 (13:45 -0400)
The `filter_bytecode_runtime_head` list is currently not initialized for
the return event of the kretprobe. This caused a kernel null ptr
dereference when destroying a session. It can reproduced with the
following commands:

  lttng create
  lttng enable-event -k --function=lttng_test_filter_event_write my_event
  lttng start
  lttng stop
  lttng destroy

Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I1162ce8b10dd7237a26331531f048346b984eee7

lttng-events.c patch | blob | blame | history

diff --git a/lttng-events.c b/lttng-events.c
index 0a9b428e0e3b2f9f564db3fa2a148a4d2fe67aa0..d7283e83c9d6b2dc159e9a58e837357e5ab5e695 100644 (file)
--- a/lttng-events.c
+++ b/lttng-events.c
@@ -689,6 +689,8 @@ struct lttng_event *_lttng_event_create(struct lttng_channel *chan,
                event_return->enabled = 0;
                event_return->registered = 1;
                event_return->instrumentation = itype;
+               INIT_LIST_HEAD(&event_return->bytecode_runtime_head);
+               INIT_LIST_HEAD(&event_return->enablers_ref_head);
                /*
                 * Populate lttng_event structure before kretprobe registration.
                 */
LTTng 2.0/0.x modules
This page took 0.028476 seconds and 4 git commands to generate.