[for-linus][PATCH] ring-buffer: Do not let subbuf be bigger than write mask

From: Steven Rostedt
Date: Wed Feb 21 2024 - 20:07:19 EST

Next message: Tommy Huang: "RE: [PATCH] i2c: aspeed: Fix the dummy irq expected print"
Previous message: Karthikeyan Ramasubramanian: "[PATCH v2] drivers/i915/intel_bios: Fix parsing backlight BDB data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Steven Rostedt (Google)" <rostedt@xxxxxxxxxxx>

The data on the subbuffer is measured by a write variable that also
contains status flags. The counter is just 20 bits in length. If the
subbuffer is bigger than then counter, it will fail.

Make sure that the subbuffer can not be set to greater than the counter
that keeps track of the data on the subbuffer.

Link: https://lore.kernel.org/linux-trace-kernel/20240220095112.77e9cb81@xxxxxxxxxxxxxxxxxx

Cc: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
Fixes: 2808e31ec12e5 ("ring-buffer: Add interface for configuring trace sub buffer size")
Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
---
kernel/trace/ring_buffer.c | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index fd4bfe3ecf01..0699027b4f4c 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -5877,6 +5877,10 @@ int ring_buffer_subbuf_order_set(struct trace_buffer *buffer, int order)
if (psize <= BUF_PAGE_HDR_SIZE)
return -EINVAL;

+ /* Size of a subbuf cannot be greater than the write counter */
+ if (psize > RB_WRITE_MASK + 1)
+ return -EINVAL;
+
old_order = buffer->subbuf_order;
old_size = buffer->subbuf_size;

--
2.43.0

Next message: Tommy Huang: "RE: [PATCH] i2c: aspeed: Fix the dummy irq expected print"
Previous message: Karthikeyan Ramasubramanian: "[PATCH v2] drivers/i915/intel_bios: Fix parsing backlight BDB data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]