Steven Rostedt a40c69f4f1 ftrace: Also allocate and copy hash for reading of filter files ... commit bfb336cf97df7b37b2b2edec0f69773e06d11955 upstream. Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds the pointer to the global tracer hash to its iterator. Unlike the writer that allocates a copy of the hash, the reader keeps the pointer to the filter hashes. This is problematic because this pointer is static across function calls that release the locks that can update the global tracer hashes. This can cause UAF and similar bugs. Allocate and copy the hash for reading the filter files like it is done for the writers. This not only fixes UAF bugs, but also makes the code a bit simpler as it doesn't have to differentiate when to free the iterator's hash between writers and readers. Cc: stable@vger.kernel.org Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: https://lore.kernel.org/20250822183606.12962cc3@batman.local.home Fixes: c20489dad1 ("ftrace: Assign iter->hash to filter or notrace hashes on seq read") Closes: https://lore.kernel.org/all/20250813023044.2121943-1-wutengda@huaweicloud.com/ Closes: https://lore.kernel.org/all/20250822192437.GA458494@ax162/ Reported-by: Tengda Wu <wutengda@huaweicloud.com> Tested-by: Tengda Wu <wutengda@huaweicloud.com> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2025-08-28 16:26:14 +02:00
..
bpf	bpf/preload: Don't select USERMODE_DRIVER	2025-08-15 12:05:00 +02:00
cgroup	Revert "cgroup_freezer: cgroup_freezing: Check if not frozen"	2025-07-24 08:51:53 +02:00
configs	Kbuild: add Rust support	2022-09-28 09:02:20 +02:00
debug	kdb: Do not assume write() callback available	2025-02-21 13:50:09 +01:00
dma	dma/contiguous: avoid warning about unused size_bytes	2025-05-02 07:46:53 +02:00
entry	entry: Respect changes to system call number by trace_sys_enter()	2024-04-03 15:19:44 +02:00
events	perf/core: Prevent VMA split of buffer mappings	2025-08-15 12:05:11 +02:00
futex	futex: Don't include process MM in futex key on no-MMU	2023-11-20 11:51:50 +01:00
gcov	gcov: add support for GCC 14	2024-06-27 13:46:22 +02:00
irq	genirq: Make handle_enforce_irqctx() unconditionally available	2025-02-21 13:48:57 +01:00
kcsan	kcsan: test: Initialize dummy variable	2025-08-15 12:04:59 +02:00
livepatch	livepatch: Fix missing newline character in klp_resolve_symbols()	2023-11-20 11:52:10 +01:00
locking	locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()	2025-04-25 10:43:41 +02:00
module	module: Prevent silent truncation of module name in delete_module(2)	2025-08-28 16:26:01 +02:00
power	PM: sleep: console: Fix the black screen issue	2025-08-28 16:25:53 +02:00
printk	printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX	2025-02-21 13:49:30 +01:00
rcu	rcu: Protect ->defer_qs_iw_pending from data race	2025-08-28 16:25:55 +02:00
sched	sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails	2025-08-28 16:25:56 +02:00
time	clocksource: Fix the CPUs' choice in the watchdog per CPU verification	2025-06-27 11:07:31 +01:00
trace	ftrace: Also allocate and copy hash for reading of filter files	2025-08-28 16:26:14 +02:00
.gitignore
acct.c	acct: block access to kernel internal filesystems	2025-03-07 16:56:39 +01:00
async.c	async: Introduce async_schedule_dev_nocall()	2024-01-31 16:17:00 -08:00
audit_fsnotify.c
audit_tree.c
audit_watch.c	audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()	2023-11-28 17:07:08 +00:00
audit.c	audit: Send netlink ACK before setting connection in auditd_set	2024-02-05 20:12:47 +00:00
audit.h	audit: remove selinux_audit_rule_update() declaration	2022-09-07 11:30:15 -04:00
auditfilter.c	ima: Avoid blocking in RCU read-side critical section	2024-07-11 12:47:16 +02:00
auditsc.c	audit,io_uring: io_uring openat triggers audit reference count underflow	2023-10-25 12:03:04 +02:00
backtracetest.c
bounds.c	bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS	2024-05-02 16:29:32 +02:00
capability.c
cfi.c	cfi: Switch to -fsanitize=kcfi	2022-09-26 10:13:13 -07:00
compat.c	sched_getaffinity: don't assume 'cpumask_size()' is fully initialized	2023-04-06 12:10:40 +02:00
configs.c
context_tracking.c	context_tracking: Fix noinstr vs KASAN	2023-03-10 09:33:45 +01:00
cpu_pm.c
cpu.c	hrtimers: Handle CPU state correctly on hotplug	2025-01-23 17:17:15 +01:00
crash_core.c
crash_dump.c
cred.c	cred: switch to using atomic_long_t	2023-12-20 17:00:20 +01:00
delayacct.c	delayacct: support re-entrance detection of thrashing accounting	2022-09-26 19:46:07 -07:00
dma.c
exec_domain.c
exit.c	perf: Fix sample vs do_exit()	2025-06-27 11:07:41 +01:00
extable.c
fail_function.c	kernel/fail_function: fix memory leak with using debugfs_lookup()	2023-03-11 13:55:39 +01:00
fork.c	mm: drop the assumption that VM_SHARED always implies writable	2025-08-28 16:26:12 +02:00
freezer.c	freezer,sched: Rewrite core freezer logic	2022-09-07 21:53:50 +02:00
gen_kheaders.sh	kheaders: Ignore silly-rename files	2025-01-23 17:17:11 +01:00
groups.c
hung_task.c	sched: Fix more TASK_state comparisons	2022-09-30 16:50:39 +02:00
iomem.c
irq_work.c
jump_label.c	jump_label: Fix static_key_slow_dec() yet again	2024-10-17 15:21:29 +02:00
kallsyms_internal.h	kallsyms: Reduce the memory occupied by kallsyms_seqs_of_names[]	2023-10-25 12:03:16 +02:00
kallsyms.c	kallsyms: Add helper kallsyms_on_each_match_symbol()	2023-10-25 12:03:16 +02:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c	kcov: mark in_softirq_really() as __always_inline	2025-01-09 13:30:05 +01:00
kexec_core.c	kexec: fix a memory leak in crash_shrink_memory()	2023-07-19 16:21:08 +02:00
kexec_elf.c	kexec: initialize ELF lowest address to ULONG_MAX	2025-04-10 14:33:36 +02:00
kexec_file.c	kexec: support purgatories with .text.hot sections	2023-06-21 16:00:55 +02:00
kexec_internal.h	panic, kexec: make __crash_kexec() NMI safe	2022-09-11 21:55:06 -07:00
kexec.c	kernel: kexec: copy user-array safely	2023-11-28 17:06:57 +00:00
kheaders.c	kheaders: Use array declaration instead of char	2023-05-11 23:03:02 +09:00
kmod.c
kprobes.c	kprobes: Fix to check symbol prefixes correctly	2024-08-14 13:52:54 +02:00
ksysfs.c	kexec: turn all kexec_mutex acquisitions into trylocks	2022-09-11 21:55:06 -07:00
kthread.c	kthread: unpark only parked kthread	2024-10-17 15:22:28 +02:00
latencytop.c	latencytop: use the last element of latency_record of system	2022-09-11 21:55:12 -07:00
Makefile	kernel/numa.c: Move logging out of numa.h	2024-06-12 11:03:16 +02:00
module_signature.c
notifier.c
nsproxy.c	Revert "fs/exec: allow to unshare a time namespace on vfork+exec"	2022-09-13 10:38:43 -07:00
numa.c	kernel/numa.c: Move logging out of numa.h	2024-06-12 11:03:16 +02:00
padata.c	padata: do not leak refcount in reorder_work	2025-06-04 14:40:20 +02:00
panic.c	panic: Flush kernel log buffer at the end	2024-04-13 13:04:54 +02:00
params.c	module: ensure that kobject_put() is safe for module type kobjects	2025-05-18 08:21:23 +02:00
pid_namespace.c	pid: Replace struct pid 1-element array with flex-array	2024-08-29 17:30:18 +02:00
pid.c	pid: add pidfd_prepare()	2025-06-04 14:40:25 +02:00
profile.c	profiling: remove profile=sleep support	2024-08-14 13:52:50 +02:00
ptrace.c	freezer,sched: Rewrite core freezer logic	2022-09-07 21:53:50 +02:00
range.c
reboot.c	kernel/reboot: emergency_restart: Set correct system_state	2023-11-28 17:07:13 +00:00
regset.c
relay.c	relayfs: fix out-of-bounds access in relay_file_read	2023-05-11 23:03:03 +09:00
resource_kunit.c
resource.c	resource: fix region_intersects() vs add_memory_driver_managed()	2024-10-17 15:21:55 +02:00
rseq.c	rseq: Fix segfault on registration when rseq_cs is non-zero	2025-07-17 18:32:15 +02:00
scftorture.c	scftorture: Forgive memory-allocation failure if KASAN	2023-09-23 11:11:00 +02:00
scs.c
seccomp.c
signal.c	signal: restore the override_rlimit logic	2024-11-14 13:15:18 +01:00
smp.c	smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()	2024-09-12 11:10:24 +02:00
smpboot.c	smpboot: use atomic_try_cmpxchg in cpu_wait_death and cpu_report_death	2022-09-11 21:55:10 -07:00
smpboot.h
softirq.c	lockdep: Fix wait context check on softirq for PREEMPT_RT	2025-06-04 14:40:03 +02:00
stackleak.c
stacktrace.c
static_call_inline.c	x86/static-call: provide a way to do very early static-call updates	2024-12-19 18:08:58 +01:00
static_call.c
stop_machine.c
sys_ni.c	syscalls: fix compat_sys_io_pgetevents_time64 usage	2024-07-05 09:31:59 +02:00
sys.c	hrtimer: Use and report correct timerslack values for realtime tasks	2025-03-28 21:58:48 +01:00
sysctl-test.c	kernel/sysctl-test: use SYSCTL_{ZERO/ONE_HUNDRED} instead of i_{zero/one_hundred}	2022-09-08 16:56:45 -07:00
sysctl.c	proc: proc_skip_spaces() shouldn't think it is working on C strings	2022-12-05 12:09:06 -08:00
task_work.c	task_work: Introduce task_work_cancel() again	2024-08-03 08:49:34 +02:00
taskstats.c
torture.c	torture: Fix hang during kthread shutdown phase	2023-03-10 09:34:07 +01:00
tracepoint.c	tracepoint: Optimize the critical region of mutex_lock in tracepoint_module_coming()	2022-09-26 13:01:18 -04:00
tsacct.c
ucount.c	ucount: fix atomic_long_inc_below() argument type	2025-08-15 12:05:05 +02:00
uid16.c
uid16.h
umh.c	freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL	2023-02-22 12:59:50 +01:00
up.c
user_namespace.c	ucounts: Split rlimit and ucount values and max values	2022-10-09 16:24:05 -07:00
user-return-notifier.c
user.c
usermode_driver.c
utsname_sysctl.c	kernel/utsname_sysctl.c: Fix hostname polling	2022-10-23 12:01:01 -07:00
utsname.c
watch_queue.c	watch_queue: fix pipe accounting mismatch	2025-04-10 14:33:30 +02:00
watchdog_hld.c	watchdog/perf: properly initialize the turbo mode timestamp and rearm counter	2024-08-03 08:49:42 +02:00
watchdog.c	watchdog: move softlockup_panic back to early_param	2023-11-28 17:07:09 +00:00
workqueue_internal.h
workqueue.c	workqueue: Improve scalability of workqueue watchdog touch	2024-09-12 11:10:27 +02:00