Fix: kretprobe: null ptr deref on session destroy
authorFrancis Deslauriers <francis.deslauriers@efficios.com>
Wed, 17 Mar 2021 14:40:56 +0000 (10:40 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 17 Mar 2021 17:46:04 +0000 (13:46 -0400)
The `filter_bytecode_runtime_head` list is currently not initialized for
the return event of the kretprobe. This caused a kernel null ptr
dereference when destroying a session. It can reproduced with the
following commands:

  lttng create
  lttng enable-event -k --function=lttng_test_filter_event_write my_event
  lttng start
  lttng stop
  lttng destroy

Signed-off-by: Francis Deslauriers <francis.deslauriers@efficios.com>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I1162ce8b10dd7237a26331531f048346b984eee7

lttng-events.c

index 984bd341a162d4d76cf8f2a61ab6c9ae5445353c..3450fa40dbcdb2966f9dac8855d3d4cb0cd1a5ed 100644 (file)
@@ -704,6 +704,8 @@ struct lttng_event *_lttng_event_create(struct lttng_channel *chan,
                event_return->enabled = 0;
                event_return->registered = 1;
                event_return->instrumentation = itype;
+               INIT_LIST_HEAD(&event_return->bytecode_runtime_head);
+               INIT_LIST_HEAD(&event_return->enablers_ref_head);
                /*
                 * Populate lttng_event structure before kretprobe registration.
                 */
This page took 0.028288 seconds and 4 git commands to generate.