kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/tracing-Fix-out-of-bounds-write-in-get_trace_buf.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   b3ff9f627d17916075b7b49ecaae2912d475244e
  2.   patches.suse
  3.   tracing-Fix-out-of-bounds-write-in-get_trace_buf.patch
Blob History Raw
Petr Mladek e8c1fc 
From c1acb4ac1a892cf08d27efcb964ad281728b0545 Mon Sep 17 00:00:00 2001
Petr Mladek e8c1fc 
From: Qiujun Huang <hqjagain@gmail.com>
Petr Mladek e8c1fc 
Date: Fri, 30 Oct 2020 00:19:05 +0800
Petr Mladek e8c1fc 
Subject: [PATCH] tracing: Fix out of bounds write in get_trace_buf
Petr Mladek e8c1fc 
Git-commit: c1acb4ac1a892cf08d27efcb964ad281728b0545
Petr Mladek e8c1fc 
Patch-mainline: v5.10-rc3
Petr Mladek e8c1fc 
References: bsc#1179403
Petr Mladek e8c1fc
Petr Mladek e8c1fc 
The nesting count of trace_printk allows for 4 levels of nesting. The
Petr Mladek e8c1fc 
nesting counter starts at zero and is incremented before being used to
Petr Mladek e8c1fc 
retrieve the current context's buffer. But the index to the buffer uses the
Petr Mladek e8c1fc 
nesting counter after it was incremented, and not its original number,
Petr Mladek e8c1fc 
which in needs to do.
Petr Mladek e8c1fc
Petr Mladek e8c1fc 
Link: https://lkml.kernel.org/r/20201029161905.4269-1-hqjagain@gmail.com
Petr Mladek e8c1fc
Petr Mladek e8c1fc 
Cc: stable@vger.kernel.org
Petr Mladek e8c1fc 
Fixes: 3d9622c12c887 ("tracing: Add barrier to trace_printk() buffer nesting modification")
Petr Mladek e8c1fc 
Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
Petr Mladek e8c1fc 
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Petr Mladek e8c1fc 
Acked-by: Petr Mladek <pmladek@suse.com>
Petr Mladek e8c1fc
Petr Mladek e8c1fc 
---
Petr Mladek e8c1fc 
 kernel/trace/trace.c | 2 +-
Petr Mladek e8c1fc 
 1 file changed, 1 insertion(+), 1 deletion(-)
Petr Mladek e8c1fc
Petr Mladek e8c1fc 
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
Petr Mladek e8c1fc 
index 528971714fc6..daa96215e294 100644
Petr Mladek e8c1fc 
--- a/kernel/trace/trace.c
Petr Mladek e8c1fc 
+++ b/kernel/trace/trace.c
Petr Mladek e8c1fc 
@@ -3132,7 +3132,7 @@ static char *get_trace_buf(void)
Petr Mladek e8c1fc
Petr Mladek e8c1fc 
 	/* Interrupts must see nesting incremented before we use the buffer */
Petr Mladek e8c1fc 
 	barrier();
Petr Mladek e8c1fc 
-	return &buffer->buffer[buffer->nesting][0];
Petr Mladek e8c1fc 
+	return &buffer->buffer[buffer->nesting - 1][0];
Petr Mladek e8c1fc 
 }
Petr Mladek e8c1fc
Petr Mladek e8c1fc 
 static void put_trace_buf(void)
Petr Mladek e8c1fc 
--
Petr Mladek e8c1fc 
2.26.2
Petr Mladek e8c1fc
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.