Re: CVE-2024-26920: tracing/trigger: Fix to return error if failed to alloc snapshot

From: Siddh Raman Pant
Date: Thu Apr 18 2024 - 08:01:37 EST


Hi Greg,

> In the Linux kernel, the following vulnerability has been resolved:
>
> tracing/trigger: Fix to return error if failed to alloc snapshot
>
> Fix register_snapshot_trigger() to return error code if it failed to
> allocate a snapshot instead of 0 (success). Unless that, it will register
> snapshot trigger without an error.

This commit is problematic on 4.19.y, 5.4.y, 5.10.y, and 5.15.y,
and should be reversed, and this CVE should be rejected for those
versions.

The return value should be 0 on failure, because in the functions
event_trigger_callback() and event_enable_trigger_func(), we have:

ret = cmd_ops->reg(glob, trigger_ops, trigger_data, file);
/*
* The above returns on success the # of functions enabled,
* but if it didn't find any functions it returns zero.
* Consider no functions a failure too.
*/
if (!ret) {
ret = -ENOENT;

Thus, the commit breaks this assumption.

This commit needs b8cc44a4d3c1 ("tracing: Remove logic for registering
multiple event triggers at a time") as a prerequisite, as it removes
the above.

Thanks,
Siddh

Attachment: signature.asc
Description: This is a digitally signed message part