linux/kernel
Tze-nan Wu d3e4dbc285 tracing: Fix overflow in get_free_elt()
commit bcf86c01ca upstream.

"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.

Once it overflows, new elements can still be inserted into the tracing_map
even though the maximum number of elements (`max_elts`) has been reached.
Continuing to insert elements after the overflow could result in the
tracing_map containing "tracing_map->max_size" elements, leaving no empty
entries.
If any attempt is made to insert an element into a full tracing_map using
`__tracing_map_insert()`, it will cause an infinite loop with preemption
disabled, leading to a CPU hang problem.

Fix this by preventing any further increments to "tracing_map->next_elt"
once it reaches "tracing_map->max_elt".

Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Fixes: 08d43a5fa0 ("tracing: Add lock-free tracing_map")
Co-developed-by: Cheng-Jui Wang <cheng-jui.wang@mediatek.com>
Link: https://lore.kernel.org/20240805055922.6277-1-Tze-nan.Wu@mediatek.com
Signed-off-by: Cheng-Jui Wang <cheng-jui.wang@mediatek.com>
Signed-off-by: Tze-nan Wu <Tze-nan.Wu@mediatek.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-19 05:33:53 +02:00
..
bpf bpf: report RCU QS in cpumap kthread 2024-03-26 18:22:25 -04:00
cgroup sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level 2024-06-16 13:28:41 +02:00
configs
debug kdb: Use the passed prompt in kdb_position_cursor() 2024-08-19 05:33:40 +02:00
dma dma: fix call order in dmam_free_coherent 2024-08-19 05:33:41 +02:00
events perf: Prevent passing zero nr_pages to rb_alloc_aux() 2024-08-19 05:33:29 +02:00
gcov gcov: add support for GCC 14 2024-07-05 09:08:24 +02:00
irq genirq/irqdesc: Honor caller provided affinity in alloc_desc() 2024-08-19 05:33:52 +02:00
livepatch livepatch: fix race between fork and KLP transition 2022-10-26 13:22:18 +02:00
locking locking/ww_mutex/test: Fix potential workqueue corruption 2023-11-28 16:50:13 +00:00
power PM: suspend: Set mem_sleep_current during kernel command line setup 2024-04-13 12:51:24 +02:00
printk printk: Update @console_may_schedule in console_trylock_spinning() 2024-04-13 12:51:29 +02:00
rcu rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment 2024-07-05 09:08:20 +02:00
sched sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level 2024-06-16 13:28:41 +02:00
time ntp: Safeguard against time_constant overflow 2024-08-19 05:33:52 +02:00
trace tracing: Fix overflow in get_free_elt() 2024-08-19 05:33:53 +02:00
.gitignore kbuild: update config_data.gz only when the content of .config is changed 2021-05-11 14:04:16 +02:00
acct.c acct: fix potential integer overflow in encode_comp_t() 2023-01-18 11:41:34 +01:00
async.c treewide: Remove uninitialized_var() usage 2023-06-09 10:29:01 +02:00
audit_fsnotify.c audit: fix potential double free on error path from fsnotify_add_inode_mark 2022-09-05 10:27:38 +02:00
audit_tree.c audit: move put_tree() to avoid trim_trees refcount underflow and UAF 2021-09-03 10:08:16 +02:00
audit_watch.c audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() 2023-11-28 16:50:18 +00:00
audit.c audit: Send netlink ACK before setting connection in auditd_set 2024-02-23 08:24:54 +01:00
audit.h audit: log AUDIT_TIME_* records only from rules 2022-04-15 14:18:04 +02:00
auditfilter.c audit: fix a net reference leak in audit_list_rules_send() 2020-06-22 09:30:59 +02:00
auditsc.c audit: fix possible soft lockup in __audit_inode_child() 2023-09-23 10:59:46 +02:00
backtracetest.c treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() 2023-04-20 12:07:32 +02:00
bounds.c bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS 2024-05-02 16:18:37 +02:00
capability.c
compat.c sched_getaffinity: don't assume 'cpumask_size()' is fully initialized 2023-04-05 11:16:42 +02:00
configs.c kernel/configs: Replace GPL boilerplate code with SPDX identifier 2019-07-30 18:34:15 +02:00
context_tracking.c
cpu_pm.c kernel/cpu_pm: Fix uninitted local in cpu_pm 2020-06-22 09:31:22 +02:00
cpu.c hrtimers: Push pending hrtimers away from outgoing CPU earlier 2023-12-13 18:18:09 +01:00
crash_core.c
crash_dump.c
cred.c cred: switch to using atomic_long_t 2023-12-20 15:41:18 +01:00
delayacct.c
dma.c
exec_domain.c
exit.c mm: optimize the redundant loop of mm_update_owner_next() 2024-07-18 11:40:51 +02:00
extable.c kernel/extable.c: use address-of operator on section symbols 2023-06-09 10:29:01 +02:00
fail_function.c kernel/fail_function: fix memory leak with using debugfs_lookup() 2023-03-11 16:44:15 +01:00
fork.c kernel/fork: beware of __put_task_struct() calling context 2023-09-23 11:00:03 +02:00
freezer.c Revert "libata, freezer: avoid block device removal while system is frozen" 2019-10-06 09:11:37 -06:00
futex.c treewide: Remove uninitialized_var() usage 2023-06-09 10:29:01 +02:00
gen_kheaders.sh kheaders: explicitly define file modes for archived headers 2024-07-05 09:08:25 +02:00
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c jump_label: Don't warn on __exit jump entries 2019-08-29 15:10:10 +01:00
kallsyms.c kallsyms: Refactor kallsyms_show_value() to take cred 2020-07-16 08:16:44 +02:00
kcmp.c exec: Transform exec_update_mutex into a rw_semaphore 2021-01-09 13:44:55 +01:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt sched/rt, Kconfig: Unbreak def/oldconfig with CONFIG_PREEMPT=y 2019-07-22 18:05:11 +02:00
kcov.c
kexec_core.c kexec: fix a memory leak in crash_shrink_memory() 2023-07-27 08:37:10 +02:00
kexec_elf.c kexec_elf: support 32 bit ELF files 2019-09-06 23:58:44 +02:00
kexec_file.c kexec: support purgatories with .text.hot sections 2023-06-21 15:44:10 +02:00
kexec_internal.h
kexec.c kexec_load: Disable at runtime if the kernel is locked down 2019-08-19 21:54:15 -07:00
kheaders.c kheaders: Use array declaration instead of char 2023-05-17 11:35:33 +02:00
kmod.c kmod: make request_module() return an error when autoloading is disabled 2020-04-17 10:50:22 +02:00
kprobes.c kprobes: Fix possible use-after-free issue on kprobe registration 2024-05-02 16:18:30 +02:00
ksysfs.c
kthread.c kthread: Fix PF_KTHREAD vs to_kthread() race 2021-09-12 08:56:39 +02:00
latencytop.c
Makefile kbuild: update config_data.gz only when the content of .config is changed 2021-05-11 14:04:16 +02:00
module_signature.c module: harden ELF info handling 2021-04-07 14:47:38 +02:00
module_signing.c module: harden ELF info handling 2021-04-07 14:47:38 +02:00
module-internal.h
module.c modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules 2023-09-23 10:59:36 +02:00
notifier.c kernel/notifier.c: intercept duplicate registrations to avoid infinite loops 2020-10-01 13:17:23 +02:00
nsproxy.c
padata.c crypto: pcrypt - Fix hungtask for PADATA_RESET 2023-11-28 16:50:14 +00:00
panic.c panic: Flush kernel log buffer at the end 2024-04-13 12:51:37 +02:00
params.c params: lift param_set_uint_minmax to common code 2024-06-16 13:28:45 +02:00
pid_namespace.c memcg: enable accounting for pids in nested pid namespaces 2021-09-22 12:26:37 +02:00
pid.c kernel/pid.c: convert struct pid count to refcount_t 2019-07-16 19:23:24 -07:00
profile.c profiling: fix shift too large makes kernel panic 2022-08-25 11:18:02 +02:00
ptrace.c ptrace: Reimplement PTRACE_KILL by always sending SIGKILL 2022-06-14 18:11:24 +02:00
range.c
reboot.c kernel/reboot: emergency_restart: Set correct system_state 2023-11-28 16:50:19 +00:00
relay.c relayfs: fix out-of-bounds access in relay_file_read 2023-05-17 11:35:58 +02:00
resource.c /dev/mem: Revoke mappings when a driver claims the region 2020-06-24 17:50:35 +02:00
rseq.c
seccomp.c seccomp: Invalidate seccomp mode to catch death failures 2022-02-16 12:52:53 +01:00
signal.c signal handling: don't use BUG_ON() for debugging 2022-07-21 20:59:27 +02:00
smp.c smp: Fix offline cpu check in flush_smp_call_function_queue() 2022-04-20 09:19:39 +02:00
smpboot.c kthread: Extract KTHREAD_IS_PER_CPU 2021-02-07 15:35:49 +01:00
smpboot.h
softirq.c
stackleak.c
stacktrace.c stacktrace: Don't skip first entry on noncurrent tasks 2019-11-04 21:19:25 +01:00
stop_machine.c stop_machine: Avoid potential race behaviour 2019-10-17 12:47:12 +02:00
sys_ni.c kernel/sys_ni: add compat entry for fadvise64_64 2022-09-05 10:27:38 +02:00
sys.c getrusage: use sig->stats_lock rather than lock_task_sighand() 2024-03-15 10:48:19 -04:00
sysctl_binary.c
sysctl-test.c kernel/sysctl-test: Add null pointer test for sysctl.c:proc_dointvec() 2020-10-01 13:17:10 +02:00
sysctl.c sched/rt: Disallow writing invalid values to sched_rt_period_us 2024-03-01 13:13:33 +01:00
task_work.c
taskstats.c taskstats: fix data-race 2020-01-09 10:19:54 +01:00
test_kprobes.c
torture.c torture: Remove exporting of internal functions 2019-08-01 14:30:22 -07:00
tracepoint.c tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing 2021-07-14 16:53:08 +02:00
tsacct.c taskstats: Cleanup the use of task->exit_code 2022-02-23 11:59:57 +01:00
ucount.c proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
uid16.c
uid16.h
umh.c usermodehelper: reset umask to default before executing user process 2020-10-14 10:32:58 +02:00
up.c smp: Fix smp_call_function_single_async prototype 2021-05-14 09:44:33 +02:00
user_namespace.c
user-return-notifier.c
user.c
utsname_sysctl.c
utsname.c
watchdog_hld.c watchdog/perf: properly initialize the turbo mode timestamp and rearm counter 2024-08-19 05:33:39 +02:00
watchdog.c watchdog: export lockup_detector_reconfigure 2022-08-25 11:18:37 +02:00
workqueue_internal.h
workqueue.c workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() 2023-10-25 11:53:18 +02:00