| From a29054d9478d0435ab01b7544da4f674ab13f533 Mon Sep 17 00:00:00 2001 |
| From: "Steven Rostedt (Red Hat)" <rostedt@goodmis.org> |
| Date: Fri, 18 Mar 2016 15:46:48 -0400 |
| Subject: tracing: Fix crash from reading trace_pipe with sendfile |
| |
| From: Steven Rostedt (Red Hat) <rostedt@goodmis.org> |
| |
| commit a29054d9478d0435ab01b7544da4f674ab13f533 upstream. |
| |
| If tracing contains data and the trace_pipe file is read with sendfile(), |
| then it can trigger a NULL pointer dereference and various BUG_ON within the |
| VM code. |
| |
| There's a patch to fix this in the splice_to_pipe() code, but it's also a |
| good idea to not let that happen from trace_pipe either. |
| |
| Link: http://lkml.kernel.org/r/1457641146-9068-1-git-send-email-rabin@rab.in |
| |
| Reported-by: Rabin Vincent <rabin.vincent@gmail.com> |
| Signed-off-by: Steven Rostedt <rostedt@goodmis.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| kernel/trace/trace.c | 5 ++++- |
| 1 file changed, 4 insertions(+), 1 deletion(-) |
| |
| --- a/kernel/trace/trace.c |
| +++ b/kernel/trace/trace.c |
| @@ -4949,7 +4949,10 @@ static ssize_t tracing_splice_read_pipe( |
| |
| spd.nr_pages = i; |
| |
| - ret = splice_to_pipe(pipe, &spd); |
| + if (i) |
| + ret = splice_to_pipe(pipe, &spd); |
| + else |
| + ret = 0; |
| out: |
| splice_shrink_spd(&spd); |
| return ret; |
