tracing: Add paranoid size check in trace_printk_seq()
authorSteven Rostedt (Red Hat) <rostedt@goodmis.org>
Wed, 19 Nov 2014 15:56:41 +0000 (10:56 -0500)
committerSteven Rostedt <rostedt@goodmis.org>
Thu, 20 Nov 2014 03:01:16 +0000 (22:01 -0500)
To be really paranoid about writing out of bound data in
trace_printk_seq(), add another check of len compared to size.

Link: http://lkml.kernel.org/r/20141119144004.GB2332@dhcp128.suse.cz
Suggested-by: Petr Mladek <pmladek@suse.cz>
Reviewed-by: Petr Mladek <pmladek@suse.cz>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
kernel/trace/trace.c

index 9023446b2c2bc1f37aacc6a4e47a71bbf7c66866..26facec4625e205ce2cbed6dbc1bad13e3ec9a40 100644 (file)
@@ -6656,6 +6656,14 @@ trace_printk_seq(struct trace_seq *s)
        if (s->seq.len >= TRACE_MAX_PRINT)
                s->seq.len = TRACE_MAX_PRINT;
 
+       /*
+        * More paranoid code. Although the buffer size is set to
+        * PAGE_SIZE, and TRACE_MAX_PRINT is 1000, this is just
+        * an extra layer of protection.
+        */
+       if (WARN_ON_ONCE(s->seq.len >= s->seq.size))
+               s->seq.len = s->seq.size - 1;
+
        /* should be zero ended, but we are paranoid. */
        s->buffer[s->seq.len] = 0;