tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'trace-v5.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fix from Steven Rostedt:
"Update to tracing histogram variable string copy

A fix to only copy the size of the field to the histogram string did
not take into account that the size can be larger than the storage"

* tag 'trace-v5.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Add length protection to histogram string copies

Linus Torvalds 8ab77458 158ea2d2

+8 -3
+1 -1
include/linux/trace_events.h
··· 673 673 674 674 #define PERF_MAX_TRACE_SIZE 8192 675 675 676 - #define MAX_FILTER_STR_VAL 256 /* Should handle KSYM_SYMBOL_LEN */ 676 + #define MAX_FILTER_STR_VAL 256U /* Should handle KSYM_SYMBOL_LEN */ 677 677 678 678 enum event_trigger_type { 679 679 ETT_NONE = (0),
+7 -2
kernel/trace/trace_events_hist.c
··· 3026 3026 if (val->flags & HIST_FIELD_FL_STRING) { 3027 3027 char *str = elt_data->field_var_str[j++]; 3028 3028 char *val_str = (char *)(uintptr_t)var_val; 3029 + unsigned int size; 3029 3030 3030 - strscpy(str, val_str, val->size); 3031 + size = min(val->size, STR_VAR_LEN_MAX); 3032 + strscpy(str, val_str, size); 3031 3033 var_val = (u64)(uintptr_t)str; 3032 3034 } 3033 3035 tracing_map_set_var(elt, var_idx, var_val); ··· 4916 4914 if (hist_field->flags & HIST_FIELD_FL_STRING) { 4917 4915 unsigned int str_start, var_str_idx, idx; 4918 4916 char *str, *val_str; 4917 + unsigned int size; 4919 4918 4920 4919 str_start = hist_data->n_field_var_str + 4921 4920 hist_data->n_save_var_str; ··· 4925 4922 4926 4923 str = elt_data->field_var_str[idx]; 4927 4924 val_str = (char *)(uintptr_t)hist_val; 4928 - strscpy(str, val_str, hist_field->size); 4925 + 4926 + size = min(hist_field->size, STR_VAR_LEN_MAX); 4927 + strscpy(str, val_str, size); 4929 4928 4930 4929 hist_val = (u64)(uintptr_t)str; 4931 4930 }