From: Jason Baron <jbaron@redhat.com> Date: Thu, 26 Mar 2009 22:10:28 -0400 Subject: [trace] fix null pointer dereference Message-id: 200903270210.n2R2ASGb029844@ns3.rdu.redhat.com O-Subject: [RHEL 5.4 PATCH 06/10] - fix null pointer dereference Bugzilla: 465543 commit e08614a103a7539aa4962e8d1c61effa2539b77f tracepoint-check-if-the-probe-has-been-registered If we try to remove a probe that has not been already registered, the tracepoint_entry_remove_probe() function will dereference a NULL pointer. Check the probe before removing it to avoid crashes. Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com> Acked-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca> CC: Ingo Molnar <mingo@elte.hu> diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c index f2b7c28..af8c856 100644 --- a/kernel/tracepoint.c +++ b/kernel/tracepoint.c @@ -131,6 +131,9 @@ tracepoint_entry_remove_probe(struct tracepoint_entry *entry, void *probe) old = entry->funcs; + if (!old) + return NULL; + debug_print_probes(entry); /* (N -> M), (N > 1, M >= 0) probes */ for (nr_probes = 0; old[nr_probes]; nr_probes++) { @@ -388,6 +391,11 @@ int tracepoint_probe_unregister(const char *name, void *probe) if (entry->rcu_pending) rcu_barrier_sched(); old = tracepoint_entry_remove_probe(entry, probe); + if (!old) { + printk(KERN_WARNING "Warning: Trying to unregister a probe" + "that doesn't exist\n"); + goto end; + } mutex_unlock(&tracepoints_mutex); tracepoint_update_probes(); /* may update entry */ mutex_lock(&tracepoints_mutex);