diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-12 11:16:17 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-02-12 11:16:17 -0800 |
commit | e77a6817d413589be35461d0cd5a431a6794b3b9 (patch) | |
tree | 7c7b9a465f358d465fe51b5dd911148781ea22e6 /kernel | |
parent | 2dbbaae5f7b3855697e2decc5de79c7574403254 (diff) | |
parent | b220c049d5196dd94d992dd2dc8cba1a5e6123bf (diff) |
Merge tag 'trace-v5.11-rc7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fix from Steven Rostedt:
"Fix buffer overflow in trace event filter.
It was reported that if an trace event was larger than a page and was
filtered, that it caused memory corruption. The reason is that
filtered events first go into a buffer to test the filter before being
written into the ring buffer. Unfortunately, this write did not check
the size"
* tag 'trace-v5.11-rc7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Check length before giving out the filter buffer
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/trace/trace.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index b8a2d786b503..b5815a022ecc 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2745,7 +2745,7 @@ trace_event_buffer_lock_reserve(struct trace_buffer **current_rb, (entry = this_cpu_read(trace_buffered_event))) { /* Try to use the per cpu buffer first */ val = this_cpu_inc_return(trace_buffered_event_cnt); - if (val == 1) { + if ((len < (PAGE_SIZE - sizeof(*entry))) && val == 1) { trace_event_setup(entry, type, flags, pc); entry->array[0] = len; return entry; |