Re: [PATCH v3] ring buffer: Propagate __rb_map_vma return value to caller

From: Steven Rostedt <rostedt@goodmis.org>
Date: 2025-10-09 14:06:08
Also in: linux-kernel-mentees, lkml

On Thu,  9 Oct 2025 10:23:45 +0530
Ankit Khushwaha [off-list ref] wrote:

The return value from __rb_map_vma(), which rejects writable or
executable mappings (VM_WRITE, VM_EXEC, or !VM_MAYSHARE), was being
ignored.  As a result the caller of `__rb_map_vma` always returned 0 even when the
mapping had actually failed, allowing it to proceed with an invalid VMA.

Reported-by: syzbot+ddc001b92c083dbf2b97@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=194151be8eaebd826005329b2e123aecae714bdb
Signed-off-by: Ankit Khushwaha <redacted>
---

Changes in v3: https://lore.kernel.org/linux-trace-kernel/20251008172516.20697-1-ankitkhushwaha.linux@gmail.com/ (local)
* Same as v2:)

Changes in v2: https://lore.kernel.org/linux-trace-kernel/20251007171256.20884-1-ankitkhushwaha.linux@gmail.com/ (local)
* applied minor cleanup suggested by Steve in v1

This is good practice, but I already pulled in v2.

-- Steve

quoted hunk ↗ jump to hunk

---
 kernel/trace/ring_buffer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 43460949ad3f..1244d2c5c384 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c

@@ -7273,7 +7273,7 @@ int ring_buffer_map(struct trace_buffer *buffer, int cpu,
 		atomic_dec(&cpu_buffer->resize_disabled);
 	}
 
-	return 0;
+	return err;
 }
 
 int ring_buffer_unmap(struct trace_buffer *buffer, int cpu)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help