iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Steven Rostedt (Google) 95a404bd60 ring-buffer: Do not attempt to read past "commit" 
When iterating over the ring buffer while the ring buffer is active, the
writer can corrupt the reader. There's barriers to help detect this and
handle it, but that code missed the case where the last event was at the
very end of the page and has only 4 bytes left.

The checks to detect the corruption by the writer to reads needs to see the
length of the event. If the length in the first 4 bytes is zero then the
length is stored in the second 4 bytes. But if the writer is in the process
of updating that code, there's a small window where the length in the first
4 bytes could be zero even though the length is only 4 bytes. That will
cause rb_event_length() to read the next 4 bytes which could happen to be off the
allocated page.

To protect against this, fail immediately if the next event pointer is
less than 8 bytes from the end of the commit (last byte of data), as all
events must be a minimum of 8 bytes anyway.

Link: https://lore.kernel.org/all/20230905141245.26470-1-Tze-nan.Wu@mediatek.com/
Link: https://lore.kernel.org/linux-trace-kernel/20230907122820.0899019c@gandalf.local.home

Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Reported-by: Tze-nan Wu <Tze-nan.Wu@mediatek.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2023-09-08 23:12:19 -04:00
..
bpf
Networking changes for 6.6.
2023-08-29 11:33:01 -07:00
cgroup
cgroup: Changes for v6.6
2023-09-01 15:58:21 -07:00
configs
treewide: drop CONFIG_EMBEDDED
2023-08-21 13:46:25 -07:00
debug
tty: sysrq: switch sysrq handlers from int to u8
2023-07-25 19:21:03 +02:00
dma
swiotlb: optimize get_max_slots()
2023-08-08 10:29:21 -07:00
entry
entry: Remove empty addr_limit_user_check()
2023-08-23 10:32:39 +02:00
events
powerpc updates for 6.6
2023-08-31 12:43:10 -07:00
futex
mm/mm_init.c: remove obsolete macro HASH_SMALL
2023-08-18 10:12:07 -07:00
gcov
gcov: shut up missing prototype warnings for internal stubs
2023-08-18 10:18:58 -07:00
irq
Boring updates for the interrupt subsystem:
2023-08-28 14:33:11 -07:00
kcsan
kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures
2023-06-09 23:29:50 +10:00
livepatch
livepatch: Make 'klp_stack_entries' static
2023-06-05 13:56:52 +02:00
locking
- An extensive rework of kexec and crash Kconfig from Eric DeVolder
2023-08-29 14:53:51 -07:00
module
module/decompress: use vmalloc() for zstd decompression workspace
2023-08-29 09:39:08 -07:00
power
TTY/Serial driver changes for 6.6-rc1
2023-09-01 09:38:00 -07:00
printk
seqlock/latch: Provide raw_read_seqcount_latch_retry()
2023-06-05 21:11:03 +02:00
rcu
TTY/Serial driver changes for 6.6-rc1
2023-09-01 09:38:00 -07:00
sched
Misc x86 cleanups.
2023-08-28 17:05:58 -07:00
time
Documentation work keeps chugging along; stuff for 6.6 includes:
2023-08-30 20:05:42 -07:00
trace
ring-buffer: Do not attempt to read past "commit"
2023-09-08 23:12:19 -04:00
.gitignore
acct.c
audit/stable-6.6 PR 20230829
2023-08-30 08:17:35 -07:00
async.c
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit_init_parent(): constify path
2022-09-01 17:39:30 -04:00
audit.c
audit: move trailing statements to next line
2023-08-15 18:16:14 -04:00
audit.h
audit: correct audit_filter_inodes() definition
2023-07-21 12:17:25 -04:00
auditfilter.c
audit: move trailing statements to next line
2023-08-15 18:16:14 -04:00
auditsc.c
audit: cleanup function braces and assignment-in-if-condition
2023-08-15 18:10:56 -04:00
backtracetest.c
bounds.c
mm: multi-gen LRU: minimal implementation
2022-09-26 19:46:09 -07:00
capability.c
lsm: constify the 'target' parameter in security_capget()
2023-08-08 16:48:47 -04:00
cfi.c
cfi: Switch to -fsanitize=kcfi
2022-09-26 10:13:13 -07:00
compat.c
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
2023-03-14 19:32:38 -07:00
configs.c
context_tracking.c
locking/atomic: treewide: use raw_atomic*_<op>()
2023-06-05 09:57:20 +02:00
cpu_pm.c
cpuidle, cpu_pm: Remove RCU fiddling from cpu_pm_{enter,exit}()
2023-01-13 11:48:15 +01:00
cpu.c
cpu/SMT: Fix cpu_smt_possible() comment
2023-07-31 17:32:44 +02:00
crash_core.c
- An extensive rework of kexec and crash Kconfig from Eric DeVolder
2023-08-29 14:53:51 -07:00
crash_dump.c
cred.c
cred: convert printks to pr_<level>
2023-08-18 10:18:49 -07:00
delayacct.c
delayacct: track delays from IRQ/SOFTIRQ
2023-04-18 16:39:34 -07:00
dma.c
exec_domain.c
exit.c
fork, vhost: Use CLONE_THREAD to fix freezer/ps regression
2023-06-01 17:15:33 -04:00
extable.c
fail_function.c
kernel/fail_function: fix memory leak with using debugfs_lookup()
2023-02-08 13:36:22 +01:00
fork.c
percpu: changes for v6.6
2023-09-01 15:44:45 -07:00
freezer.c
freezer,sched: Rewrite core freezer logic
2022-09-07 21:53:50 +02:00
gen_kheaders.sh
Revert "kheaders: substituting --sort in archive creation"
2023-05-28 16:20:21 +09:00
groups.c
hung_task.c
kernel/hung_task.c: set some hung_task.c variables storage-class-specifier to static
2023-04-08 13:45:37 -07:00
iomem.c
kernel/iomem.c: remove __weak ioremap_cache helper
2023-08-21 13:37:28 -07:00
irq_work.c
trace: Add trace_ipi_send_cpu()
2023-03-24 11:01:29 +01:00
jump_label.c
jump_label: Prevent key->enabled int overflow
2022-12-01 15:53:05 -08:00
kallsyms_internal.h
kallsyms: Reduce the memory occupied by kallsyms_seqs_of_names[]
2022-11-12 18:47:36 -08:00
kallsyms_selftest.c
Modules changes for v6.6-rc1
2023-08-29 17:32:32 -07:00
kallsyms_selftest.h
kallsyms: Add self-test facility
2022-11-15 00:42:02 -08:00
kallsyms.c
kallsyms: Change func signature for cleanup_symbol_name()
2023-08-25 15:00:36 -07:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.kexec
crash: hotplug support for kexec_load()
2023-08-24 16:25:14 -07:00
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: add prototypes for helper functions
2023-06-09 17:44:17 -07:00
kexec_core.c
crash: add generic infrastructure for crash hotplug support
2023-08-24 16:25:13 -07:00
kexec_elf.c
kexec_file.c
integrity-v6.6
2023-08-30 09:16:56 -07:00
kexec_internal.h
panic, kexec: make __crash_kexec() NMI safe
2022-09-11 21:55:06 -07:00
kexec.c
crash: hotplug support for kexec_load()
2023-08-24 16:25:14 -07:00
kheaders.c
kheaders: Use array declaration instead of char
2023-03-24 20:10:59 -07:00
kprobes.c
kprobes: Prohibit probing on CFI preamble symbol
2023-07-29 23:32:26 +09:00
ksyms_common.c
kallsyms: make kallsyms_show_value() as generic function
2023-06-08 12:27:20 -07:00
ksysfs.c
crash: hotplug support for kexec_load()
2023-08-24 16:25:14 -07:00
kthread.c
kthread: unexport __kthread_should_park()
2023-08-18 10:18:59 -07:00
latencytop.c
latencytop: use the last element of latency_record of system
2022-09-11 21:55:12 -07:00
Makefile
v6.5-rc1-modules-next
2023-06-28 15:51:08 -07:00
module_signature.c
notifier.c
notifiers: add tracepoints to the notifiers infrastructure
2023-04-08 13:45:38 -07:00
nsproxy.c
nsproxy: Convert nsproxy.count to refcount_t
2023-08-21 11:29:12 -07:00
padata.c
padata: use alignment when calculating the number of worker threads
2023-03-14 17:06:44 +08:00
panic.c
mm: remove arguments of show_mem()
2023-08-18 10:12:02 -07:00
params.c
kernel: params: Remove unnecessary ‘0’ values from err
2023-07-10 12:47:01 -07:00
pid_namespace.c
memfd: replace ratcheting feature from vm.memfd_noexec with hierarchy
2023-08-21 13:37:59 -07:00
pid_sysctl.h
memfd: replace ratcheting feature from vm.memfd_noexec with hierarchy
2023-08-21 13:37:59 -07:00
pid.c
memfd: replace ratcheting feature from vm.memfd_noexec with hierarchy
2023-08-21 13:37:59 -07:00
profile.c
kernel/profile.c: simplify duplicated code in profile_setup()
2022-09-11 21:55:12 -07:00
ptrace.c
ptrace: Provide set/get interface for syscall user dispatch
2023-04-16 14:23:07 +02:00
range.c
reboot.c
kernel/reboot: Add SYS_OFF_MODE_RESTART_PREPARE mode
2022-10-04 15:59:36 +02:00
regset.c
relay.c
kernel: relay: remove unnecessary NULL values from relay_open_buf
2023-08-18 10:18:55 -07:00
resource_kunit.c
resource.c
dax/kmem: Fix leak of memory-hotplug resources
2023-02-17 14:58:01 -08:00
rseq.c
rseq: Extend struct rseq with per-memory-map concurrency ID
2022-12-27 12:52:12 +01:00
scftorture.c
scftorture: Pause testing after memory-allocation failure
2023-07-14 15:02:57 -07:00
scs.c
scs: add support for dynamic shadow call stacks
2022-11-09 18:06:35 +00:00
seccomp.c
seccomp: Add missing kerndoc notations
2023-08-17 12:32:15 -07:00
signal.c
signal: print comm and exe name on fatal signals
2023-08-18 10:18:50 -07:00
smp.c
smp: Reduce NMI traffic from CSD waiters to CSD destination
2023-07-10 14:19:04 -07:00
smpboot.c
cpu/hotplug: Remove unused state functions
2023-05-15 13:45:00 +02:00
smpboot.h
softirq.c
sched/core: introduce sched_core_idle_cpu()
2023-07-13 15:21:50 +02:00
stackleak.c
stackleak: allow to specify arch specific stackleak poison function
2023-04-20 11:36:35 +02:00
stacktrace.c
static_call_inline.c
static_call: Add call depth tracking support
2022-10-17 16:41:16 +02:00
static_call.c
stop_machine.c
sys_ni.c
x86/shstk: Introduce map_shadow_stack syscall
2023-08-02 15:01:51 -07:00
sys.c
prctl: move PR_GET_AUXV out of PR_MCE_KILL
2023-07-17 12:53:21 -07:00
sysctl-test.c
kernel/sysctl-test: use SYSCTL_{ZERO/ONE_HUNDRED} instead of i_{zero/one_hundred}
2022-09-08 16:56:45 -07:00
sysctl.c
v6.5-rc1-sysctl-next
2023-06-28 16:05:21 -07:00
task_work.c
task_work: use try_cmpxchg in task_work_add, task_work_cancel_match and task_work_run
2022-09-11 21:55:10 -07:00
taskstats.c
torture.c
torture: Stop right-shifting torture_random() return values
2023-08-14 15:01:08 -07:00
tracepoint.c
tracepoint: Allow livepatch module add trace event
2023-02-18 14:34:36 -05:00
tsacct.c
ucount.c
sysctl: Add size to register_sysctl
2023-08-15 15:26:17 -07:00
uid16.c
uid16.h
umh.c
sysctl: fix unused proc_cap_handler() function warning
2023-06-29 15:19:43 -07:00
up.c
user_namespace.c
userns: fix a struct's kernel-doc notation
2023-02-02 22:50:04 -08:00
user-return-notifier.c
user.c
kernel/user: Allow user_struct::locked_vm to be usable for iommufd
2022-11-30 20:16:49 -04:00
usermode_driver.c
utsname_sysctl.c
utsname: simplify one-level sysctl registration for uts_kern_table
2023-04-13 11:49:35 -07:00
utsname.c
vhost_task.c
vhost: Fix worker hangs due to missed wake up calls
2023-06-08 15:43:09 -04:00
watch_queue.c
watch_queue: prevent dangling pipe pointer
2023-06-06 10:47:04 +02:00
watchdog_buddy.c
watchdog/hardlockup: move SMP barriers from common code to buddy code
2023-06-19 16:25:28 -07:00
watchdog_perf.c
watchdog/perf: add a weak function for an arch to detect if perf can use NMIs
2023-06-09 17:44:21 -07:00
watchdog.c
watchdog/hardlockup: avoid large stack frames in watchdog_hardlockup_check()
2023-08-18 10:19:00 -07:00
workqueue_internal.h
workqueue: Drop the special locking rule for worker->flags and worker_pool->flags
2023-08-07 15:57:22 -10:00
workqueue.c
workqueue: fix data race with the pwq->stats[] increment
2023-08-29 09:52:16 -10:00