Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 12:11:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tracing fix for v6.8:

Browse Source 
- While working on the ring buffer I noticed that the counter used
   for knowing where the end of the data is on a sub-buffer was not
   a full "int" but just 20 bits. It was masked out to 0xfffff.
   With the new code that allows the user to change the size of the
   sub-buffer, it is theoretically possible to ask for a size
   bigger than 2^20. If that happens, unexpected results may
   occur as there's no code checking if the counter overflowed the
   20 bits of the write mask. There are other checks to make sure
   events fit in the sub-buffer, but if the sub-buffer itself is
   too big, that is not checked.
 
   Add a check in the resize of the sub-buffer to make sure that it
   never goes beyond the size of the counter that holds how much
   data is on it.
 -----BEGIN PGP SIGNATURE-----
 
 iIoEABYIADIWIQRRSw7ePDh/lE+zeZMp5XQQmuv6qgUCZdaf+RQccm9zdGVkdEBn
 b29kbWlzLm9yZwAKCRAp5XQQmuv6qjEIAQDpsvHqUFNoG5fkRlWr2U0hNl5M6zLI
 xTf2mWoG/h8bwQD+NfiRC2UrD5EaubO15z0z6MxScOl1H9X+iI7WVwZkqQ8=
 =txOr
 -----END PGP SIGNATURE-----

Merge tag 'trace-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fix from Steven Rostedt:

 - While working on the ring buffer I noticed that the counter used for
   knowing where the end of the data is on a sub-buffer was not a full
   "int" but just 20 bits. It was masked out to 0xfffff.

   With the new code that allows the user to change the size of the
   sub-buffer, it is theoretically possible to ask for a size bigger
   than 2^20. If that happens, unexpected results may occur as there's
   no code checking if the counter overflowed the 20 bits of the write
   mask. There are other checks to make sure events fit in the
   sub-buffer, but if the sub-buffer itself is too big, that is not
   checked.

   Add a check in the resize of the sub-buffer to make sure that it
   never goes beyond the size of the counter that holds how much data is
   on it.

* tag 'trace-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  ring-buffer: Do not let subbuf be bigger than write mask
This commit is contained in:
Linus Torvalds 2024-02-22 09:23:22 -08:00
commit efa80dcbb7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kernel/trace/ring_buffer.c
View File

@ -5877,6 +5877,10 @@ int ring_buffer_subbuf_order_set(struct trace_buffer *buffer, int order)
if (psize <= BUF_PAGE_HDR_SIZE)
return -EINVAL;
/* Size of a subbuf cannot be greater than the write counter */
if (psize > RB_WRITE_MASK + 1)
return -EINVAL;
old_order = buffer->subbuf_order;
old_size = buffer->subbuf_size;