torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
8629eea901
linux/kernel/trace/rv
History
Nam Cao 8d7861ac50 rv: Fix out-of-bound memory access in rv_is_container_monitor() 
When rv_is_container_monitor() is called on the last monitor in
rv_monitors_list, KASAN yells:

  BUG: KASAN: global-out-of-bounds in rv_is_container_monitor+0x101/0x110
  Read of size 8 at addr ffffffff97c7c798 by task setup/221

  The buggy address belongs to the variable:
   rv_monitors_list+0x18/0x40

This is due to list_next_entry() is called on the last entry in the list.
It wraps around to the first list_head, and the first list_head is not
embedded in struct rv_monitor_def.

Fix it by checking if the monitor is last in the list.

Cc: stable@vger.kernel.org
Cc: Gabriele Monaco <gmonaco@redhat.com>
Fixes: cb85c660fc ("rv: Add option for nested monitors and include sched")
Link: https://lore.kernel.org/e85b5eeb7228bfc23b8d7d4ab5411472c54ae91b.1744355018.git.namcao@linutronix.de
Signed-off-by: Nam Cao <namcao@linutronix.de>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2025-04-12 12:13:30 -04:00
..
monitors rv: Add scpd, snep and sncid per-cpu monitors 2025-03-24 17:27:39 -04:00
Kconfig rv: Add scpd, snep and sncid per-cpu monitors 2025-03-24 17:27:39 -04:00
Makefile rv: Add scpd, snep and sncid per-cpu monitors 2025-03-24 17:27:39 -04:00
reactor_panic.c rv/reactor: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:53 -07:00
reactor_printk.c rv/reactor: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:53 -07:00
rv_reactors.c rv: Add option for nested monitors and include sched 2025-03-24 17:27:39 -04:00
rv_trace.h rv: Add scpd, snep and sncid per-cpu monitors 2025-03-24 17:27:39 -04:00
rv.c rv: Fix out-of-bound memory access in rv_is_container_monitor() 2025-04-12 12:13:30 -04:00
rv.h rv: Add option for nested monitors and include sched 2025-03-24 17:27:39 -04:00